Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -474,7 +474,7 @@ func TestDeletePermissionHandler(t *testing.T) {
}

func newPermissionsUseCase(permissionsRepo *accesscontroltests.MockPermissionsRepository, rolePermissionsRepo *accesscontroltests.MockRolePermissionsRepository) *usecases.PermissionsUseCase {
return usecases.NewPermissionsUseCase(services.NewPermissionsService(permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{}))
return usecases.NewPermissionsUseCase(services.NewPermissionsService(permissionsRepo, rolePermissionsRepo), &internaltests.NoopAuthorizer{})
}

func assertPermissionsEqual(t *testing.T, got []types.Permission, want []types.Permission) {
Expand Down
2 changes: 1 addition & 1 deletion plugins/access-control/handlers/role_handlers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -627,7 +627,7 @@ func TestDeleteRoleHandler(t *testing.T) {
}

func newRolesUseCase(rolesRepo *accesscontroltests.MockRolesRepository, rolePermissionsRepo *accesscontroltests.MockRolePermissionsRepository, userRolesRepo *accesscontroltests.MockUserRolesRepository) *usecases.RolesUseCase {
return usecases.NewRolesUseCase(services.NewRolesService(rolesRepo, rolePermissionsRepo, userRolesRepo, &internaltests.NoopAuthorizer{}))
return usecases.NewRolesUseCase(services.NewRolesService(rolesRepo, rolePermissionsRepo, userRolesRepo), &internaltests.NoopAuthorizer{})
}

func assertRolesEqual(t *testing.T, got []types.Role, want []types.Role) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -394,7 +394,7 @@ func TestRemoveRolePermissionHandler(t *testing.T) {
}

func newRolePermissionsUseCase(rolesRepo *accesscontroltests.MockRolesRepository, permissionsRepo *accesscontroltests.MockPermissionsRepository, rolePermissionsRepo *accesscontroltests.MockRolePermissionsRepository) *usecases.RolePermissionsUseCase {
return usecases.NewRolePermissionsUseCase(services.NewRolePermissionsService(rolesRepo, permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{}))
return usecases.NewRolePermissionsUseCase(services.NewRolePermissionsService(rolesRepo, permissionsRepo, rolePermissionsRepo), &internaltests.NoopAuthorizer{})
}

func assertUserPermissionInfosEqual(t *testing.T, got []types.UserPermissionInfo, want []types.UserPermissionInfo) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -157,5 +157,5 @@ func TestCheckUserPermissionsHandler(t *testing.T) {
}

func newUserPermissionsUseCase(repo *accesscontroltests.MockUserPermissionsRepository) *usecases.UserPermissionsUseCase {
return usecases.NewUserPermissionsUseCase(services.NewUserPermissionsService(repo, &internaltests.NoopAuthorizer{}))
return usecases.NewUserPermissionsUseCase(services.NewUserPermissionsService(repo), &internaltests.NoopAuthorizer{})
}
Original file line number Diff line number Diff line change
Expand Up @@ -387,7 +387,7 @@ func TestRemoveUserRoleHandler(t *testing.T) {
}

func newUserRolesUseCase(rolesRepo *accesscontroltests.MockRolesRepository, userRolesRepo *accesscontroltests.MockUserRolesRepository) *usecases.UserRolesUseCase {
return usecases.NewUserRolesUseCase(services.NewUserRolesService(userRolesRepo, rolesRepo, &internaltests.NoopAuthorizer{}))
return usecases.NewUserRolesUseCase(services.NewUserRolesService(userRolesRepo, rolesRepo), &internaltests.NoopAuthorizer{})
}

func assertUserRoleInfosEqual(t *testing.T, got []types.UserRoleInfo, want []types.UserRoleInfo) {
Expand Down
19 changes: 11 additions & 8 deletions plugins/access-control/hooks_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,16 +30,16 @@ func (a *noopAuthorizer) AuthorizeOrganizationAccess(_ context.Context, _ *authm

func newAccessControlHookTestPlugin(logger authmodels.Logger, rolesRepo *accesscontroltests.MockRolesRepository, userRolesRepo *accesscontroltests.MockUserRolesRepository) *AccessControlPlugin {
authorizer := &noopAuthorizer{}
rolesService := services.NewRolesService(rolesRepo, nil, userRolesRepo, authorizer)
userRolesService := services.NewUserRolesService(userRolesRepo, rolesRepo, authorizer)
rolesService := services.NewRolesService(rolesRepo, nil, userRolesRepo)
userRolesService := services.NewUserRolesService(userRolesRepo, rolesRepo)
accessControlService := services.NewAccessControlService(rolesService, userRolesService, nil)
rolePermissionsService := services.NewRolePermissionsService(nil, nil, nil, authorizer)
rolePermissionsService := services.NewRolePermissionsService(nil, nil, nil)
useCases := usecases.NewAccessControlUseCases(
usecases.NewRolesUseCase(rolesService),
usecases.NewPermissionsUseCase(nil),
usecases.NewRolePermissionsUseCase(rolePermissionsService),
usecases.NewUserRolesUseCase(userRolesService),
usecases.NewUserPermissionsUseCase(nil),
usecases.NewRolesUseCase(rolesService, authorizer),
usecases.NewPermissionsUseCase(nil, authorizer),
usecases.NewRolePermissionsUseCase(rolePermissionsService, authorizer),
usecases.NewUserRolesUseCase(userRolesService, authorizer),
usecases.NewUserPermissionsUseCase(nil, authorizer),
)

return &AccessControlPlugin{
Expand Down Expand Up @@ -154,6 +154,8 @@ func TestAccessControlPluginAssignRoleFromContextHook(t *testing.T) {
setup: func(rolesRepo *accesscontroltests.MockRolesRepository, userRolesRepo *accesscontroltests.MockUserRolesRepository) {
rolesRepo.On("GetRoleByName", mock.Anything, "Editor").Return(&types.Role{ID: "role-1", Name: "Editor", Weight: 10}, nil).Once()
userRolesRepo.On("GetUserRoles", mock.Anything, "user-1").Return([]types.UserRoleInfo{}, nil).Once()
rolesRepo.On("GetRoleByID", mock.Anything, "role-1").Return(&types.Role{ID: "role-1", Name: "Editor", Weight: 10}, nil).Once()
userRolesRepo.On("GetUserRoles", mock.Anything, "assigner-1").Return([]types.UserRoleInfo{{RoleID: "role-admin", RoleName: "admin", RoleWeight: 50}}, nil).Once()
userRolesRepo.On("AssignUserRole", mock.Anything, "user-1", "role-1", mock.MatchedBy(func(userID *string) bool {
return userID != nil && *userID == "assigner-1"
}), (*time.Time)(nil)).Return(nil).Once()
Expand All @@ -172,6 +174,7 @@ func TestAccessControlPluginAssignRoleFromContextHook(t *testing.T) {
setup: func(rolesRepo *accesscontroltests.MockRolesRepository, userRolesRepo *accesscontroltests.MockUserRolesRepository) {
rolesRepo.On("GetRoleByName", mock.Anything, "Editor").Return(&types.Role{ID: "role-1", Name: "Editor", Weight: 10}, nil).Once()
userRolesRepo.On("GetUserRoles", mock.Anything, "user-1").Return([]types.UserRoleInfo{}, nil).Once()
rolesRepo.On("GetRoleByID", mock.Anything, "role-1").Return(&types.Role{ID: "role-1", Name: "Editor", Weight: 10}, nil).Once()
userRolesRepo.On("AssignUserRole", mock.Anything, "user-1", "role-1", (*string)(nil), (*time.Time)(nil)).Return(errors.New("assign failed")).Once()
},
},
Expand Down
24 changes: 12 additions & 12 deletions plugins/access-control/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,26 +54,26 @@ func (p *AccessControlPlugin) Init(ctx *models.PluginContext) error {
userRolesRepo := repositories.NewBunUserRolesRepository(ctx.DB)
userPermissionsRepo := repositories.NewBunUserPermissionsRepository(ctx.DB)

authorizer := rootservices.NewDefaultAuthorizer()

rolesService := services.NewRolesService(rolesRepo, rolePermissionsRepo, userRolesRepo, authorizer)
permissionsService := services.NewPermissionsService(permissionsRepo, rolePermissionsRepo, authorizer)
rolePermissionsService := services.NewRolePermissionsService(rolesRepo, permissionsRepo, rolePermissionsRepo, authorizer)
userRolesService := services.NewUserRolesService(userRolesRepo, rolesRepo, authorizer)
userPermissionsService := services.NewUserPermissionsService(userPermissionsRepo, authorizer)
rolesService := services.NewRolesService(rolesRepo, rolePermissionsRepo, userRolesRepo)
permissionsService := services.NewPermissionsService(permissionsRepo, rolePermissionsRepo)
rolePermissionsService := services.NewRolePermissionsService(rolesRepo, permissionsRepo, rolePermissionsRepo)
userRolesService := services.NewUserRolesService(userRolesRepo, rolesRepo)
userPermissionsService := services.NewUserPermissionsService(userPermissionsRepo)

accessControlService := services.NewAccessControlService(rolesService, userRolesService, permissionsRepo)
p.accessControlService = accessControlService
if err := p.ensurePermissions(); err != nil {
return err
}

authorizer := rootservices.NewDefaultAuthorizer()

useCases := usecases.NewAccessControlUseCases(
usecases.NewRolesUseCase(rolesService),
usecases.NewPermissionsUseCase(permissionsService),
usecases.NewRolePermissionsUseCase(rolePermissionsService),
usecases.NewUserRolesUseCase(userRolesService),
usecases.NewUserPermissionsUseCase(userPermissionsService),
usecases.NewRolesUseCase(rolesService, authorizer),
usecases.NewPermissionsUseCase(permissionsService, authorizer),
usecases.NewRolePermissionsUseCase(rolePermissionsService, authorizer),
usecases.NewUserRolesUseCase(userRolesService, authorizer),
usecases.NewUserPermissionsUseCase(userPermissionsService, authorizer),
)
p.Api = NewAPI(useCases)

Expand Down
12 changes: 6 additions & 6 deletions plugins/access-control/services/access_control_service.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ func NewAccessControlService(rolesService *RolesService, userRolesService *UserR
}

func (s *AccessControlService) RoleExists(ctx context.Context, roleName string) (bool, error) {
role, err := s.rolesService.getRoleByNameInternal(ctx, roleName)
role, err := s.rolesService.GetRoleByName(ctx, nil, roleName)
if err != nil {
return false, err
}
Expand All @@ -31,7 +31,7 @@ func (s *AccessControlService) RoleExists(ctx context.Context, roleName string)
}

func (s *AccessControlService) ValidateRoleAssignment(ctx context.Context, roleName string, assignerUserID *string) (bool, error) {
role, err := s.rolesService.getRoleByNameInternal(ctx, roleName)
role, err := s.rolesService.GetRoleByName(ctx, nil, roleName)
if err != nil {
return false, err
}
Expand All @@ -43,7 +43,7 @@ func (s *AccessControlService) ValidateRoleAssignment(ctx context.Context, roleN
return false, nil
}

assignerRoles, err := s.userRolesService.getUserRolesInternal(ctx, *assignerUserID)
assignerRoles, err := s.userRolesService.GetUserRoles(ctx, nil, *assignerUserID)
if err != nil {
return false, err
}
Expand Down Expand Up @@ -74,12 +74,12 @@ func (s *AccessControlService) ValidatePermissionKeys(ctx context.Context, permi
}

func (s *AccessControlService) AssignRoleToUserIfMissing(ctx context.Context, userID string, roleName string, assignedByUserID *string) error {
role, err := s.rolesService.getRoleByNameInternal(ctx, roleName)
role, err := s.rolesService.GetRoleByName(ctx, nil, roleName)
if err != nil {
return err
}

userRoles, err := s.userRolesService.getUserRolesInternal(ctx, userID)
userRoles, err := s.userRolesService.GetUserRoles(ctx, nil, userID)
if err != nil {
return err
}
Expand All @@ -90,7 +90,7 @@ func (s *AccessControlService) AssignRoleToUserIfMissing(ctx context.Context, us
}
}

return s.userRolesService.assignRoleToUserInternal(ctx, userID, role.ID, assignedByUserID)
return s.userRolesService.AssignRoleToUser(ctx, nil, userID, types.AssignUserRoleRequest{RoleID: role.ID}, assignedByUserID)
}

func (s *AccessControlService) EnsurePermissions(ctx context.Context, permissions []rootservices.PermissionDefinition) error {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
"github.com/stretchr/testify/mock"

internalerrors "github.com/Authula/authula/internal/errors"
internaltests "github.com/Authula/authula/internal/tests"
accesscontroltests "github.com/Authula/authula/plugins/access-control/tests"
"github.com/Authula/authula/plugins/access-control/types"
)
Expand Down Expand Up @@ -59,7 +58,7 @@ func TestAccessControlServiceRoleExists(t *testing.T) {
tc.setup(rolesRepo)
}

service := NewAccessControlService(NewRolesService(rolesRepo, nil, nil, &internaltests.NoopAuthorizer{}), NewUserRolesService(nil, nil, &internaltests.NoopAuthorizer{}), nil)
service := NewAccessControlService(NewRolesService(rolesRepo, nil, nil), NewUserRolesService(nil, nil), nil)
ok, err := service.RoleExists(context.Background(), tc.roleName)
if err != tc.wantErr {
t.Fatalf("expected err %v, got %v", tc.wantErr, err)
Expand Down Expand Up @@ -129,8 +128,8 @@ func TestAccessControlServiceValidatePermissionKeys(t *testing.T) {
}

service := NewAccessControlService(
NewRolesService(nil, nil, nil, &internaltests.NoopAuthorizer{}),
NewUserRolesService(nil, nil, &internaltests.NoopAuthorizer{}),
NewRolesService(nil, nil, nil),
NewUserRolesService(nil, nil),
permissionsRepo,
)
err := service.ValidatePermissionKeys(context.Background(), tc.permissionKeys)
Expand Down Expand Up @@ -218,7 +217,7 @@ func TestAccessControlServiceValidateRoleAssignment(t *testing.T) {
tc.setup(rolesRepo, userRolesRepo)
}

service := NewAccessControlService(NewRolesService(rolesRepo, nil, userRolesRepo, &internaltests.NoopAuthorizer{}), NewUserRolesService(userRolesRepo, rolesRepo, &internaltests.NoopAuthorizer{}), nil)
service := NewAccessControlService(NewRolesService(rolesRepo, nil, userRolesRepo), NewUserRolesService(userRolesRepo, rolesRepo), nil)
ok, err := service.ValidateRoleAssignment(context.Background(), tc.roleName, tc.assigner)
if err != tc.wantErr {
t.Fatalf("expected err %v, got %v", tc.wantErr, err)
Expand Down
31 changes: 2 additions & 29 deletions plugins/access-control/services/permissions_service.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,20 @@ import (
internalerrors "github.com/Authula/authula/internal/errors"
"github.com/Authula/authula/internal/util"
"github.com/Authula/authula/models"
"github.com/Authula/authula/plugins/access-control/constants"
"github.com/Authula/authula/plugins/access-control/repositories"
"github.com/Authula/authula/plugins/access-control/types"
rootservices "github.com/Authula/authula/services"
)

type PermissionsService struct {
permissionsRepo repositories.PermissionsRepository
rolePermissionsRepo repositories.RolePermissionsRepository
authorizer rootservices.Authorizer
}

func NewPermissionsService(permissionsRepo repositories.PermissionsRepository, rolePermissionsRepo repositories.RolePermissionsRepository, authorizer rootservices.Authorizer) *PermissionsService {
return &PermissionsService{permissionsRepo: permissionsRepo, rolePermissionsRepo: rolePermissionsRepo, authorizer: authorizer}
func NewPermissionsService(permissionsRepo repositories.PermissionsRepository, rolePermissionsRepo repositories.RolePermissionsRepository) *PermissionsService {
return &PermissionsService{permissionsRepo: permissionsRepo, rolePermissionsRepo: rolePermissionsRepo}
}

func (s *PermissionsService) CreatePermission(ctx context.Context, actor *models.Actor, req types.CreatePermissionRequest) (*types.Permission, error) {
if err := s.authorizer.AuthorizeScope(ctx, actor, constants.PermissionsCreatePermission); err != nil {
return nil, err
}

if req.Key == "" {
return nil, internalerrors.ErrBadRequest
}
Expand All @@ -51,18 +44,10 @@ func (s *PermissionsService) CreatePermission(ctx context.Context, actor *models
}

func (s *PermissionsService) GetAllPermissions(ctx context.Context, actor *models.Actor) ([]types.Permission, error) {
if err := s.authorizer.AuthorizeScope(ctx, actor, constants.PermissionsListPermission); err != nil {
return nil, err
}

return s.permissionsRepo.GetAllPermissions(ctx)
}

func (s *PermissionsService) GetPermissionByID(ctx context.Context, actor *models.Actor, permissionID string) (*types.Permission, error) {
if err := s.authorizer.AuthorizeScope(ctx, actor, constants.PermissionsReadPermission); err != nil {
return nil, err
}

if permissionID == "" {
return nil, internalerrors.ErrBadRequest
}
Expand All @@ -79,10 +64,6 @@ func (s *PermissionsService) GetPermissionByID(ctx context.Context, actor *model
}

func (s *PermissionsService) GetPermissionByKey(ctx context.Context, actor *models.Actor, permissionKey string) (*types.Permission, error) {
if err := s.authorizer.AuthorizeScope(ctx, actor, constants.PermissionsReadPermission); err != nil {
return nil, err
}

if permissionKey == "" {
return nil, internalerrors.ErrBadRequest
}
Expand All @@ -99,10 +80,6 @@ func (s *PermissionsService) GetPermissionByKey(ctx context.Context, actor *mode
}

func (s *PermissionsService) UpdatePermission(ctx context.Context, actor *models.Actor, permissionID string, req types.UpdatePermissionRequest) (*types.Permission, error) {
if err := s.authorizer.AuthorizeScope(ctx, actor, constants.PermissionsUpdatePermission); err != nil {
return nil, err
}

if permissionID == "" {
return nil, internalerrors.ErrUnprocessableEntity
}
Expand Down Expand Up @@ -146,10 +123,6 @@ func (s *PermissionsService) UpdatePermission(ctx context.Context, actor *models
}

func (s *PermissionsService) DeletePermission(ctx context.Context, actor *models.Actor, permissionID string) error {
if err := s.authorizer.AuthorizeScope(ctx, actor, constants.PermissionsDeletePermission); err != nil {
return err
}

if permissionID == "" {
return internalerrors.ErrBadRequest
}
Expand Down
10 changes: 5 additions & 5 deletions plugins/access-control/services/permissions_service_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func TestPermissionsServiceCreatePermission(t *testing.T) {
tc.setup(permissionsRepo)
}

service := NewPermissionsService(permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{})
service := NewPermissionsService(permissionsRepo, rolePermissionsRepo)
permission, err := service.CreatePermission(context.Background(), internaltests.TestActor(), tc.req)
if tc.wantErr == nil {
if err != nil {
Expand Down Expand Up @@ -137,7 +137,7 @@ func TestPermissionsServiceGetAllPermissions(t *testing.T) {
tc.setup(permissionsRepo)
}

service := NewPermissionsService(permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{})
service := NewPermissionsService(permissionsRepo, rolePermissionsRepo)
permissions, err := service.GetAllPermissions(context.Background(), internaltests.TestActor())
if tc.wantErr == nil {
if err != nil {
Expand Down Expand Up @@ -199,7 +199,7 @@ func TestPermissionsServiceGetPermissionByID(t *testing.T) {
tc.setup(permissionsRepo)
}

service := NewPermissionsService(permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{})
service := NewPermissionsService(permissionsRepo, rolePermissionsRepo)
permission, err := service.GetPermissionByID(context.Background(), internaltests.TestActor(), tc.id)
if tc.wantErr == nil {
if err != nil {
Expand Down Expand Up @@ -299,7 +299,7 @@ func TestPermissionsServiceUpdatePermission(t *testing.T) {
tc.setup(permissionsRepo)
}

service := NewPermissionsService(permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{})
service := NewPermissionsService(permissionsRepo, rolePermissionsRepo)
permission, err := service.UpdatePermission(context.Background(), internaltests.TestActor(), tc.id, tc.req)
if tc.wantErr == nil {
if err != nil {
Expand Down Expand Up @@ -387,7 +387,7 @@ func TestPermissionsServiceDeletePermission(t *testing.T) {
tc.setup(permissionsRepo, rolePermissionsRepo)
}

service := NewPermissionsService(permissionsRepo, rolePermissionsRepo, &internaltests.NoopAuthorizer{})
service := NewPermissionsService(permissionsRepo, rolePermissionsRepo)
err := service.DeletePermission(context.Background(), internaltests.TestActor(), tc.id)
if tc.wantErr == nil {
if err != nil {
Expand Down
Loading