mirror of
https://github.com/openziti/zrok.git
synced 2025-01-09 15:38:21 +01:00
wire up permission mode and access grant list in share handler (#432)
This commit is contained in:
Michael Quigley
parent
dce32b58d2
commit
d2f747db27
@ -54,6 +54,19 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
|||||||
return share.NewShareUnauthorized()
|
return share.NewShareUnauthorized()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var accessGrantAcctIds []int
|
||||||
|
if store.PermissionMode(params.Body.PermissionMode) == store.ClosedPermissionMode {
|
||||||
|
for _, email := range params.Body.AccessGrants {
|
||||||
|
acct, err := str.FindAccountWithEmail(email, trx)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Errorf("unable to find account '%v' for share request from '%v'", email, principal.Email)
|
||||||
|
return share.NewShareNotFound()
|
||||||
|
}
|
||||||
|
logrus.Debugf("found id '%d' for '%v'", acct.Id, acct.Email)
|
||||||
|
accessGrantAcctIds = append(accessGrantAcctIds, acct.Id)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
edge, err := zrokEdgeSdk.Client(cfg.Ziti)
|
edge, err := zrokEdgeSdk.Client(cfg.Ziti)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Error(err)
|
logrus.Error(err)
|
||||||
@ -126,6 +139,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
|||||||
}
|
}
|
||||||
|
|
||||||
logrus.Debugf("allocated share '%v'", shrToken)
|
logrus.Debugf("allocated share '%v'", shrToken)
|
||||||
|
logrus.Infof("permission mode '%v'", params.Body.PermissionMode)
|
||||||
|
|
||||||
sshr := &store.Share{
|
sshr := &store.Share{
|
||||||
ZId: shrZId,
|
ZId: shrZId,
|
||||||
@ -136,6 +150,9 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
|||||||
Reserved: reserved,
|
Reserved: reserved,
|
||||||
PermissionMode: store.OpenPermissionMode,
|
PermissionMode: store.OpenPermissionMode,
|
||||||
}
|
}
|
||||||
|
if params.Body.PermissionMode != "" {
|
||||||
|
sshr.PermissionMode = store.PermissionMode(params.Body.PermissionMode)
|
||||||
|
}
|
||||||
if len(params.Body.FrontendSelection) > 0 {
|
if len(params.Body.FrontendSelection) > 0 {
|
||||||
sshr.FrontendSelection = ¶ms.Body.FrontendSelection[0]
|
sshr.FrontendSelection = ¶ms.Body.FrontendSelection[0]
|
||||||
}
|
}
|
||||||
@ -151,6 +168,16 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
|||||||
return share.NewShareInternalServerError()
|
return share.NewShareInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if sshr.PermissionMode == store.ClosedPermissionMode {
|
||||||
|
for _, acctId := range accessGrantAcctIds {
|
||||||
|
_, err := str.CreateAccessGrant(sid, acctId, trx)
|
||||||
|
if err != nil {
|
||||||
|
logrus.Errorf("error creating access grant for '%v': %v", principal.Email, err)
|
||||||
|
return share.NewShareInternalServerError()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if err := trx.Commit(); err != nil {
|
if err := trx.Commit(); err != nil {
|
||||||
logrus.Errorf("error committing share record: %v", err)
|
logrus.Errorf("error committing share record: %v", err)
|
||||||
return share.NewShareInternalServerError()
|
return share.NewShareInternalServerError()
|
||||||
|
|||||||
@ -11,7 +11,7 @@ type AccessGrant struct {
|
|||||||
AccountId int
|
AccountId int
|
||||||
}
|
}
|
||||||
|
|
||||||
func (str *Store) CreateAccessGrant(shareId, accountId, tx *sqlx.Tx) (int, error) {
|
func (str *Store) CreateAccessGrant(shareId, accountId int, tx *sqlx.Tx) (int, error) {
|
||||||
stmt, err := tx.Prepare("insert into access_grants (share_id, account_id) values ($1, $2) returning id")
|
stmt, err := tx.Prepare("insert into access_grants (share_id, account_id) values ($1, $2) returning id")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, errors.Wrap(err, "error preparing access_grant insert statement")
|
return 0, errors.Wrap(err, "error preparing access_grant insert statement")
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user