IsReadOpAuthorised checks if the crud operation is authorised
(ctx context.Context, project, dbAlias, col, token string, req *model.ReadRequest, stub model.ReturnWhereStub)
| 63 | |
| 64 | // IsReadOpAuthorised checks if the crud operation is authorised |
| 65 | func (m *Module) IsReadOpAuthorised(ctx context.Context, project, dbAlias, col, token string, req *model.ReadRequest, stub model.ReturnWhereStub) (*model.PostProcess, model.RequestParams, error) { |
| 66 | m.RLock() |
| 67 | defer m.RUnlock() |
| 68 | |
| 69 | rule, auth, err := m.authenticateCrudRequest(ctx, project, dbAlias, col, token, model.Read) |
| 70 | if err != nil { |
| 71 | return nil, model.RequestParams{}, err |
| 72 | } |
| 73 | |
| 74 | // Check if internal token |
| 75 | if auth != nil { |
| 76 | if id, p := auth["id"]; p && id == utils.InternalUserID { |
| 77 | hookOp := "db-read" |
| 78 | if col == "event_logs" || col == "invocation_logs" { |
| 79 | hookOp = "eventing-logs" |
| 80 | } |
| 81 | hookResponse := m.integrationMan.InvokeHook(ctx, model.RequestParams{ |
| 82 | Claims: auth, |
| 83 | Resource: "internal-api-access", |
| 84 | Op: hookOp, |
| 85 | Attributes: map[string]string{"project": project}, |
| 86 | }) |
| 87 | if hookResponse.CheckResponse() { |
| 88 | attr := map[string]string{"project": project, "db": dbAlias, "col": col} |
| 89 | return nil, model.RequestParams{Claims: auth, Resource: "db-read", Op: "access", Attributes: attr}, hookResponse.Error() |
| 90 | } |
| 91 | } |
| 92 | } |
| 93 | |
| 94 | opts := map[string]interface{}{} |
| 95 | if req.Options != nil { |
| 96 | if req.Options.Limit != nil { |
| 97 | opts["limit"] = *req.Options.Limit |
| 98 | } |
| 99 | if req.Options.Skip != nil { |
| 100 | opts["skip"] = *req.Options.Skip |
| 101 | } |
| 102 | } |
| 103 | args := map[string]interface{}{"op": req.Operation, "auth": auth, "find": req.Find, "token": token, "opts": opts} |
| 104 | actions, err := m.matchRule(ctx, project, rule, map[string]interface{}{"args": args}, auth, stub) |
| 105 | if err != nil { |
| 106 | return nil, model.RequestParams{}, err |
| 107 | } |
| 108 | |
| 109 | attr := map[string]string{"project": project, "db": dbAlias, "col": col} |
| 110 | return actions, model.RequestParams{Claims: auth, Resource: "db-read", Op: "access", Attributes: attr}, nil |
| 111 | } |
| 112 | |
| 113 | // IsUpdateOpAuthorised checks if the crud operation is authorised |
| 114 | func (m *Module) IsUpdateOpAuthorised(ctx context.Context, project, dbAlias, col, token string, req *model.UpdateRequest) (model.RequestParams, error) { |
no test coverage detected