Skip to content

Commit

Permalink
warden: Use roles in warden decision
Browse files Browse the repository at this point in the history
Closes #21
Closes #19
  • Loading branch information
arekkas authored and arekkas committed Jun 11, 2018
1 parent 2de80d4 commit c785187
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
25 changes: 25 additions & 0 deletions warden/helper_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,24 @@ var (
},
expectErr: false,
},
{
req: &warden.AccessRequest{
Subject: "ken",
Resource: "forbidden_matrix",
Action: "create",
Context: ladon.Context{},
},
expectErr: true,
},
{
req: &warden.AccessRequest{
Subject: "ken",
Resource: "allowed_matrix",
Action: "create",
Context: ladon.Context{},
},
expectErr: false,
},
}
wardens = map[string]warden.Firewall{}
ladonWarden = &ladon.Ladon{
Expand All @@ -89,6 +107,13 @@ var (
Actions: []string{"create", "decide"},
Effect: ladon.DenyAccess,
},
"4": &ladon.DefaultPolicy{
ID: "4",
Subjects: []string{"group1"},
Resources: []string{"allowed_matrix", "rn:hydra:token<.*>"},
Actions: []string{"create", "decide"},
Effect: ladon.AllowAccess,
},
},
},
}
Expand Down
8 changes: 4 additions & 4 deletions warden/warden_local.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,20 +71,20 @@ func (w *Warden) IsAllowed(ctx context.Context, a *AccessRequest) error {
}

func (w *Warden) isAllowed(ctx context.Context, a *ladon.Request) error {
groups, err := w.Roles.FindRolesByMember(a.Subject, 10000, 0)
roles, err := w.Roles.FindRolesByMember(a.Subject, 10000, 0)
if err != nil {
return err
}

errs := make([]error, len(groups)+1)
return w.Warden.IsAllowed(&ladon.Request{
errs := make([]error, len(roles)+1)
errs[0] = w.Warden.IsAllowed(&ladon.Request{
Resource: a.Resource,
Action: a.Action,
Subject: a.Subject,
Context: a.Context,
})

for k, g := range groups {
for k, g := range roles {
errs[k+1] = w.Warden.IsAllowed(&ladon.Request{
Resource: a.Resource,
Action: a.Action,
Expand Down

0 comments on commit c785187

Please sign in to comment.