diff --git a/controller/share.go b/controller/share.go index ec506820..421b0072 100644 --- a/controller/share.go +++ b/controller/share.go @@ -54,6 +54,19 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr return share.NewShareUnauthorized() } + var accessGrantAcctIds []int + if store.PermissionMode(params.Body.PermissionMode) == store.ClosedPermissionMode { + for _, email := range params.Body.AccessGrants { + acct, err := str.FindAccountWithEmail(email, trx) + if err != nil { + logrus.Errorf("unable to find account '%v' for share request from '%v'", email, principal.Email) + return share.NewShareNotFound() + } + logrus.Debugf("found id '%d' for '%v'", acct.Id, acct.Email) + accessGrantAcctIds = append(accessGrantAcctIds, acct.Id) + } + } + edge, err := zrokEdgeSdk.Client(cfg.Ziti) if err != nil { logrus.Error(err) @@ -126,6 +139,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr } logrus.Debugf("allocated share '%v'", shrToken) + logrus.Infof("permission mode '%v'", params.Body.PermissionMode) sshr := &store.Share{ ZId: shrZId, @@ -136,6 +150,9 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr Reserved: reserved, PermissionMode: store.OpenPermissionMode, } + if params.Body.PermissionMode != "" { + sshr.PermissionMode = store.PermissionMode(params.Body.PermissionMode) + } if len(params.Body.FrontendSelection) > 0 { sshr.FrontendSelection = ¶ms.Body.FrontendSelection[0] } @@ -151,6 +168,16 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr return share.NewShareInternalServerError() } + if sshr.PermissionMode == store.ClosedPermissionMode { + for _, acctId := range accessGrantAcctIds { + _, err := str.CreateAccessGrant(sid, acctId, trx) + if err != nil { + logrus.Errorf("error creating access grant for '%v': %v", principal.Email, err) + return share.NewShareInternalServerError() + } + } + } + if err := trx.Commit(); err != nil { logrus.Errorf("error committing share record: %v", err) return share.NewShareInternalServerError() diff --git a/controller/store/accessGrant.go b/controller/store/accessGrant.go index 022c93e3..4b9ca855 100644 --- a/controller/store/accessGrant.go +++ b/controller/store/accessGrant.go @@ -11,7 +11,7 @@ type AccessGrant struct { AccountId int } -func (str *Store) CreateAccessGrant(shareId, accountId, tx *sqlx.Tx) (int, error) { +func (str *Store) CreateAccessGrant(shareId, accountId int, tx *sqlx.Tx) (int, error) { stmt, err := tx.Prepare("insert into access_grants (share_id, account_id) values ($1, $2) returning id") if err != nil { return 0, errors.Wrap(err, "error preparing access_grant insert statement")