wire up permission mode and access grant list in share handler (#432)

2025-01-09 07:28:15 +01:00 · 2024-03-04 12:55:04 -05:00 · 2024-03-04 12:55:04 -05:00 · d2f747db27
commit d2f747db27
parent dce32b58d2
2 changed files with 28 additions and 1 deletions
--- a/controller/share.go
+++ b/controller/share.go
@ -54,6 +54,19 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 		return share.NewShareUnauthorized()
 	}

+	var accessGrantAcctIds []int
+	if store.PermissionMode(params.Body.PermissionMode) == store.ClosedPermissionMode {
+		for _, email := range params.Body.AccessGrants {
+			acct, err := str.FindAccountWithEmail(email, trx)
+			if err != nil {
+				logrus.Errorf("unable to find account '%v' for share request from '%v'", email, principal.Email)
+				return share.NewShareNotFound()
+			}
+			logrus.Debugf("found id '%d' for '%v'", acct.Id, acct.Email)
+			accessGrantAcctIds = append(accessGrantAcctIds, acct.Id)
+		}
+	}
+
 	edge, err := zrokEdgeSdk.Client(cfg.Ziti)
 	if err != nil {
 		logrus.Error(err)
@ -126,6 +139,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 	}

 	logrus.Debugf("allocated share '%v'", shrToken)
+	logrus.Infof("permission mode '%v'", params.Body.PermissionMode)

 	sshr := &store.Share{
 		ZId:                  shrZId,
@ -136,6 +150,9 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 		Reserved:             reserved,
 		PermissionMode:       store.OpenPermissionMode,
 	}
+	if params.Body.PermissionMode != "" {
+		sshr.PermissionMode = store.PermissionMode(params.Body.PermissionMode)
+	}
 	if len(params.Body.FrontendSelection) > 0 {
 		sshr.FrontendSelection = &params.Body.FrontendSelection[0]
 	}
@ -151,6 +168,16 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 		return share.NewShareInternalServerError()
 	}

+	if sshr.PermissionMode == store.ClosedPermissionMode {
+		for _, acctId := range accessGrantAcctIds {
+			_, err := str.CreateAccessGrant(sid, acctId, trx)
+			if err != nil {
+				logrus.Errorf("error creating access grant for '%v': %v", principal.Email, err)
+				return share.NewShareInternalServerError()
+			}
+		}
+	}
+
 	if err := trx.Commit(); err != nil {
 		logrus.Errorf("error committing share record: %v", err)
 		return share.NewShareInternalServerError()
--- a/controller/store/accessGrant.go
+++ b/controller/store/accessGrant.go
@ -11,7 +11,7 @@ type AccessGrant struct {
 	AccountId int
 }

-func (str *Store) CreateAccessGrant(shareId, accountId, tx *sqlx.Tx) (int, error) {
+func (str *Store) CreateAccessGrant(shareId, accountId int, tx *sqlx.Tx) (int, error) {
 	stmt, err := tx.Prepare("insert into access_grants (share_id, account_id) values ($1, $2) returning id")
 	if err != nil {
 		return 0, errors.Wrap(err, "error preparing access_grant insert statement")