From e1305bb8f8e19c3e8530c84d8dd40d603d10adb0 Mon Sep 17 00:00:00 2001 From: Siqi Date: Mon, 29 Aug 2022 16:18:05 -0500 Subject: [PATCH 1/3] Added getAllPermissions system API --- core/apis.go | 4 ++ core/app_system.go | 12 +++++ core/interfaces.go | 2 + core/mocks/Storage.go | 46 +++++++++++++++++++ driven/storage/adapter.go | 12 +++++ driver/web/adapter.go | 1 + driver/web/apis_system.go | 15 ++++++ driver/web/docs/gen/def.yaml | 25 ++++++++++ .../docs/resources/system/permissions.yaml | 25 ++++++++++ 9 files changed, 142 insertions(+) diff --git a/core/apis.go b/core/apis.go index b66647996..6859921ad 100644 --- a/core/apis.go +++ b/core/apis.go @@ -501,6 +501,10 @@ func (s *systemImpl) SysGetApplications() ([]model.Application, error) { return s.app.sysGetApplications() } +func (s *systemImpl) SysGetAllPermissions() ([]model.Permission, error) { + return s.app.sysGetAllPermissions() +} + func (s *systemImpl) SysCreatePermission(name string, description *string, serviceID *string, assigners *[]string) (*model.Permission, error) { return s.app.sysCreatePermission(name, description, serviceID, assigners) } diff --git a/core/app_system.go b/core/app_system.go index cbf2b134e..3a28c80a9 100644 --- a/core/app_system.go +++ b/core/app_system.go @@ -213,6 +213,18 @@ func (app *application) sysUpdatePermission(name string, description *string, se return &permission, nil } +func (app *application) sysGetAllPermissions() ([]model.Permission, error) { + permissions, err := app.storage.FindAllPermissions(nil) + if err != nil { + return nil, err + } + if permissions == nil || len(permissions) < 1 { + return nil, errors.WrapErrorAction(logutils.ActionFind, model.TypePermission, nil, err) + } + + return permissions, nil +} + func (app *application) sysGetAppConfigs(appTypeID string, orgID *string, versionNumbers *model.VersionNumbers) ([]model.ApplicationConfig, error) { //get the app type applicationType, err := app.storage.FindApplicationType(appTypeID) diff --git a/core/interfaces.go b/core/interfaces.go index b15e9f8be..e2193d9d3 100644 --- a/core/interfaces.go +++ b/core/interfaces.go @@ -107,6 +107,7 @@ type System interface { SysCreatePermission(name string, description *string, serviceID *string, assigners *[]string) (*model.Permission, error) SysUpdatePermission(name string, description *string, serviceID *string, assigners *[]string) (*model.Permission, error) + SysGetAllPermissions() ([]model.Permission, error) SysGetAppConfigs(appTypeID string, orgID *string, versionNumbers *model.VersionNumbers) ([]model.ApplicationConfig, error) SysGetAppConfig(id string) (*model.ApplicationConfig, error) @@ -157,6 +158,7 @@ type Storage interface { GetGlobalConfig() (*model.GlobalConfig, error) DeleteGlobalConfig(context storage.TransactionContext) error + FindAllPermissions(context storage.TransactionContext) ([]model.Permission, error) FindPermissionsByName(context storage.TransactionContext, names []string) ([]model.Permission, error) FindPermissionsByServiceIDs(serviceIDs []string) ([]model.Permission, error) InsertPermission(context storage.TransactionContext, item model.Permission) error diff --git a/core/mocks/Storage.go b/core/mocks/Storage.go index b93ac7827..af411e876 100644 --- a/core/mocks/Storage.go +++ b/core/mocks/Storage.go @@ -307,6 +307,29 @@ func (_m *Storage) FindAccountsByAccountID(appID string, orgID string, accountID return r0, r1 } +// FindAllPermissions provides a mock function with given fields: context +func (_m *Storage) FindAllPermissions(context storage.TransactionContext) ([]model.Permission, error) { + ret := _m.Called(context) + + var r0 []model.Permission + if rf, ok := ret.Get(0).(func(storage.TransactionContext) []model.Permission); ok { + r0 = rf(context) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]model.Permission) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(storage.TransactionContext) error); ok { + r1 = rf(context) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // FindAppConfigByID provides a mock function with given fields: ID func (_m *Storage) FindAppConfigByID(ID string) (*model.ApplicationConfig, error) { ret := _m.Called(ID) @@ -744,6 +767,29 @@ func (_m *Storage) FindOrganizations() ([]model.Organization, error) { return r0, r1 } +// FindPermissions provides a mock function with given fields: context, ids +func (_m *Storage) FindPermissions(context storage.TransactionContext, ids []string) ([]model.Permission, error) { + ret := _m.Called(context, ids) + + var r0 []model.Permission + if rf, ok := ret.Get(0).(func(storage.TransactionContext, []string) []model.Permission); ok { + r0 = rf(context, ids) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]model.Permission) + } + } + + var r1 error + if rf, ok := ret.Get(1).(func(storage.TransactionContext, []string) error); ok { + r1 = rf(context, ids) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // FindPermissionsByName provides a mock function with given fields: context, names func (_m *Storage) FindPermissionsByName(context storage.TransactionContext, names []string) ([]model.Permission, error) { ret := _m.Called(context, names) diff --git a/driven/storage/adapter.go b/driven/storage/adapter.go index b56c1cfdc..56afa8966 100644 --- a/driven/storage/adapter.go +++ b/driven/storage/adapter.go @@ -2170,6 +2170,18 @@ func (sa *Adapter) DeleteMFAType(context TransactionContext, accountID string, i return nil } +// FindAllPermissions finds all permissions +func (sa *Adapter) FindAllPermissions(context TransactionContext) ([]model.Permission, error) { + permissionsFilter := bson.D{} + var permissionsResult []model.Permission + err := sa.db.permissions.FindWithContext(context, permissionsFilter, &permissionsResult, nil) + if err != nil { + return nil, err + } + + return permissionsResult, nil +} + // FindPermissions finds a set of permissions func (sa *Adapter) FindPermissions(context TransactionContext, ids []string) ([]model.Permission, error) { if len(ids) == 0 { diff --git a/driver/web/adapter.go b/driver/web/adapter.go index 9297dec0d..9c2a99b0f 100644 --- a/driver/web/adapter.go +++ b/driver/web/adapter.go @@ -216,6 +216,7 @@ func (we Adapter) Start() { systemSubrouter.HandleFunc("/permissions", we.wrapFunc(we.systemApisHandler.createPermission, we.auth.system.permissions)).Methods("POST") systemSubrouter.HandleFunc("/permissions", we.wrapFunc(we.systemApisHandler.updatePermission, we.auth.system.permissions)).Methods("PUT") + systemSubrouter.HandleFunc("/permissions", we.wrapFunc(we.systemApisHandler.getAllPermissions, we.auth.system.permissions)).Methods("GET") systemSubrouter.HandleFunc("/application/configs", we.wrapFunc(we.systemApisHandler.getApplicationConfigs, we.auth.system.permissions)).Methods("GET") systemSubrouter.HandleFunc("/application/configs", we.wrapFunc(we.systemApisHandler.createApplicationConfig, we.auth.system.permissions)).Methods("POST") diff --git a/driver/web/apis_system.go b/driver/web/apis_system.go index 713f56141..7971bda7c 100644 --- a/driver/web/apis_system.go +++ b/driver/web/apis_system.go @@ -746,6 +746,21 @@ func (h SystemApisHandler) updatePermission(l *logs.Log, r *http.Request, claims return l.HttpResponseSuccess() } +// getAllPermissions returns all permissions +func (h SystemApisHandler) getAllPermissions(l *logs.Log, r *http.Request, claims *tokenauth.Claims) logs.HttpResponse { + permissions, err := h.coreAPIs.System.SysGetAllPermissions() + if err != nil { + return l.HttpResponseErrorAction(logutils.ActionFind, model.TypePermission, nil, err, http.StatusInternalServerError, true) + } + + data, err := json.Marshal(permissions) + if err != nil { + return l.HttpResponseErrorAction(logutils.ActionMarshal, model.TypePermission, nil, err, http.StatusInternalServerError, false) + } + + return l.HttpResponseSuccessJSON(data) +} + func (h SystemApisHandler) getApplicationConfigs(l *logs.Log, r *http.Request, claims *tokenauth.Claims) logs.HttpResponse { appTypeIdentifier := r.URL.Query().Get("app_type_id") if appTypeIdentifier == "" { diff --git a/driver/web/docs/gen/def.yaml b/driver/web/docs/gen/def.yaml index da6736bb1..946f2c18c 100644 --- a/driver/web/docs/gen/def.yaml +++ b/driver/web/docs/gen/def.yaml @@ -4004,6 +4004,31 @@ paths: '500': description: Internal error /system/permissions: + get: + tags: + - System + summary: Get all permissions + description: | + Get all permissions + + **Auth:** Requires system access token with `get_permissions` or `all_permissions` permission + security: + - bearerAuth: [] + responses: + '200': + description: Success + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/Permission' + '400': + description: Bad request + '401': + description: Unauthorized + '500': + description: Internal error post: tags: - System diff --git a/driver/web/docs/resources/system/permissions.yaml b/driver/web/docs/resources/system/permissions.yaml index 6af9daa2e..7eac0614c 100644 --- a/driver/web/docs/resources/system/permissions.yaml +++ b/driver/web/docs/resources/system/permissions.yaml @@ -1,3 +1,28 @@ +get: + tags: + - System + summary: Get all permissions + description: | + Get all permissions + + **Auth:** Requires system access token with `get_permissions` or `all_permissions` permission + security: + - bearerAuth: [] + responses: + 200: + description: Success + content: + application/json: + schema: + type: array + items: + $ref: "../../schemas/application/Permission.yaml" + 400: + description: Bad request + 401: + description: Unauthorized + 500: + description: Internal error post: tags: - System From 28e3de4feeb2eb386e3fe99fc906468d840d2e3d Mon Sep 17 00:00:00 2001 From: Siqi Date: Mon, 29 Aug 2022 19:01:36 -0500 Subject: [PATCH 2/3] Updated permission policy file --- driver/web/authorization_system_policy.csv | 1 + 1 file changed, 1 insertion(+) diff --git a/driver/web/authorization_system_policy.csv b/driver/web/authorization_system_policy.csv index 440980aef..c3ce488f8 100644 --- a/driver/web/authorization_system_policy.csv +++ b/driver/web/authorization_system_policy.csv @@ -18,6 +18,7 @@ p, get_applications, /core/system/applications/*, (GET), p, update_applications, /core/system/applications, (GET)|(POST), Create applications p, all_permissions, /core/system/permissions, (GET)|(POST)|(DELETE)|(PUT), All permission actions +p, get_permissions, /core/system/permissions, (GET), Get permission actions p, update_permissions, /core/system/permissions, (POST)|(PUT), Update and create permissions p, all_app-configs, /core/system/application/configs, (GET)|(POST)|(PUT)|(DELETE), All app config actions From b33886a11e38f4f2109d41cf4216e3a5f1f24695 Mon Sep 17 00:00:00 2001 From: Siqi Date: Mon, 29 Aug 2022 19:05:37 -0500 Subject: [PATCH 3/3] Updated changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1940d7343..b56ac79d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Added +- Get all permissions system api [#540](https://github.com/rokwire/core-building-block/issues/540) - Use signature Key ID to check specific key for service account auth [#481](https://github.com/rokwire/core-building-block/issues/481) - Include account ID in request logs [#562](https://github.com/rokwire/core-building-block/issues/562) - Add system flag to login response [#552](https://github.com/rokwire/core-building-block/issues/552)