mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-01 18:01:28 -06:00
97 lines
3.0 KiB
Go
97 lines
3.0 KiB
Go
package userroles
|
|
|
|
import (
|
|
"context"
|
|
|
|
gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
|
|
cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
|
|
"github.com/opencloud-eu/opencloud/pkg/log"
|
|
settingssvc "github.com/opencloud-eu/opencloud/protogen/gen/opencloud/services/settings/v0"
|
|
"github.com/opencloud-eu/opencloud/services/proxy/pkg/config"
|
|
"github.com/opencloud-eu/reva/v2/pkg/rgrpc/todo/pool"
|
|
)
|
|
|
|
// UserRoleAssigner allows providing different implementations for how users get their default roles
|
|
// assigned by the proxy during authentication
|
|
type UserRoleAssigner interface {
|
|
// UpdateUserRoleAssignment is called by the account resolver middleware. It updates the user's role assignment
|
|
// based on the user's (OIDC) claims. It adds the user's roles to the opaque data of the cs3.User struct
|
|
UpdateUserRoleAssignment(ctx context.Context, user *cs3.User, claims map[string]interface{}) (*cs3.User, error)
|
|
// ApplyUserRole can be called by proxy middlewares, it looks up the user's roles and adds them
|
|
// the users "roles" key in the user's opaque data
|
|
ApplyUserRole(ctx context.Context, user *cs3.User) (*cs3.User, error)
|
|
}
|
|
|
|
// Options defines the available options for this package.
|
|
type Options struct {
|
|
gatewaySelector pool.Selectable[gateway.GatewayAPIClient]
|
|
roleService settingssvc.RoleService
|
|
rolesClaim string
|
|
roleMapping []config.RoleMapping
|
|
serviceAccount config.ServiceAccount
|
|
logger log.Logger
|
|
}
|
|
|
|
// Option defines a single option function.
|
|
type Option func(o *Options)
|
|
|
|
// WithLogger configure the logger
|
|
func WithLogger(l log.Logger) Option {
|
|
return func(o *Options) {
|
|
o.logger = l
|
|
}
|
|
}
|
|
|
|
// WithRoleService sets the roleservice instance to use
|
|
func WithRoleService(rs settingssvc.RoleService) Option {
|
|
return func(o *Options) {
|
|
o.roleService = rs
|
|
}
|
|
}
|
|
|
|
// WithRolesClaim sets the OIDC claim for looking up role names
|
|
func WithRolesClaim(claim string) Option {
|
|
return func(o *Options) {
|
|
o.rolesClaim = claim
|
|
}
|
|
}
|
|
|
|
// WithRoleMapping configures the map of OpenCloud role names to claims values
|
|
func WithRoleMapping(roleMap []config.RoleMapping) Option {
|
|
return func(o *Options) {
|
|
o.roleMapping = roleMap
|
|
}
|
|
}
|
|
|
|
// WithRevaGatewaySelector set the gatewaySelector option
|
|
func WithRevaGatewaySelector(selectable pool.Selectable[gateway.GatewayAPIClient]) Option {
|
|
return func(o *Options) {
|
|
o.gatewaySelector = selectable
|
|
}
|
|
}
|
|
|
|
// WithServiceAccount configures the service account creator to use
|
|
func WithServiceAccount(c config.ServiceAccount) Option {
|
|
return func(o *Options) {
|
|
o.serviceAccount = c
|
|
}
|
|
}
|
|
|
|
// loadRolesIDs returns the role-ids assigned to an user
|
|
func loadRolesIDs(ctx context.Context, opaqueUserID string, rs settingssvc.RoleService) ([]string, error) {
|
|
req := &settingssvc.ListRoleAssignmentsRequest{AccountUuid: opaqueUserID}
|
|
assignmentResponse, err := rs.ListRoleAssignments(ctx, req)
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
roleIDs := make([]string, 0)
|
|
|
|
for _, assignment := range assignmentResponse.Assignments {
|
|
roleIDs = append(roleIDs, assignment.RoleId)
|
|
}
|
|
|
|
return roleIDs, nil
|
|
}
|