mirror of
https://github.com/openziti/zrok.git
synced 2025-01-24 14:59:08 +01:00
wire up permission mode and access grant list in share handler (#432)
This commit is contained in:
parent
dce32b58d2
commit
d2f747db27
@ -54,6 +54,19 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
||||
return share.NewShareUnauthorized()
|
||||
}
|
||||
|
||||
var accessGrantAcctIds []int
|
||||
if store.PermissionMode(params.Body.PermissionMode) == store.ClosedPermissionMode {
|
||||
for _, email := range params.Body.AccessGrants {
|
||||
acct, err := str.FindAccountWithEmail(email, trx)
|
||||
if err != nil {
|
||||
logrus.Errorf("unable to find account '%v' for share request from '%v'", email, principal.Email)
|
||||
return share.NewShareNotFound()
|
||||
}
|
||||
logrus.Debugf("found id '%d' for '%v'", acct.Id, acct.Email)
|
||||
accessGrantAcctIds = append(accessGrantAcctIds, acct.Id)
|
||||
}
|
||||
}
|
||||
|
||||
edge, err := zrokEdgeSdk.Client(cfg.Ziti)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
@ -126,6 +139,7 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
||||
}
|
||||
|
||||
logrus.Debugf("allocated share '%v'", shrToken)
|
||||
logrus.Infof("permission mode '%v'", params.Body.PermissionMode)
|
||||
|
||||
sshr := &store.Share{
|
||||
ZId: shrZId,
|
||||
@ -136,6 +150,9 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
||||
Reserved: reserved,
|
||||
PermissionMode: store.OpenPermissionMode,
|
||||
}
|
||||
if params.Body.PermissionMode != "" {
|
||||
sshr.PermissionMode = store.PermissionMode(params.Body.PermissionMode)
|
||||
}
|
||||
if len(params.Body.FrontendSelection) > 0 {
|
||||
sshr.FrontendSelection = ¶ms.Body.FrontendSelection[0]
|
||||
}
|
||||
@ -151,6 +168,16 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
||||
return share.NewShareInternalServerError()
|
||||
}
|
||||
|
||||
if sshr.PermissionMode == store.ClosedPermissionMode {
|
||||
for _, acctId := range accessGrantAcctIds {
|
||||
_, err := str.CreateAccessGrant(sid, acctId, trx)
|
||||
if err != nil {
|
||||
logrus.Errorf("error creating access grant for '%v': %v", principal.Email, err)
|
||||
return share.NewShareInternalServerError()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if err := trx.Commit(); err != nil {
|
||||
logrus.Errorf("error committing share record: %v", err)
|
||||
return share.NewShareInternalServerError()
|
||||
|
@ -11,7 +11,7 @@ type AccessGrant struct {
|
||||
AccountId int
|
||||
}
|
||||
|
||||
func (str *Store) CreateAccessGrant(shareId, accountId, tx *sqlx.Tx) (int, error) {
|
||||
func (str *Store) CreateAccessGrant(shareId, accountId int, tx *sqlx.Tx) (int, error) {
|
||||
stmt, err := tx.Prepare("insert into access_grants (share_id, account_id) values ($1, $2) returning id")
|
||||
if err != nil {
|
||||
return 0, errors.Wrap(err, "error preparing access_grant insert statement")
|
||||
|
Loading…
Reference in New Issue
Block a user