elaborating the grants handler (#744)

2025-08-19 04:06:18 +02:00 · 2024-09-05 13:34:07 -04:00
parent a37009249a
commit e5aac2358b
7 changed files with 309 additions and 0 deletions
--- a/controller/grants.go
+++ b/controller/grants.go
@@ -2,8 +2,10 @@ package controller

 import (
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti/zrok/controller/zrokEdgeSdk"
 	"github.com/openziti/zrok/rest_model_zrok"
 	"github.com/openziti/zrok/rest_server_zrok/operations/admin"
+	"github.com/openziti/zrok/sdk/golang/sdk"
 	"github.com/sirupsen/logrus"
 )

@@ -18,5 +20,67 @@ func (h *grantsHandler) Handle(params admin.GrantsParams, principal *rest_model_
 		logrus.Errorf("invalid admin principal")
 		return admin.NewGrantsUnauthorized()
 	}
+
+	edge, err := zrokEdgeSdk.Client(cfg.Ziti)
+	if err != nil {
+		logrus.Errorf("error connecting to ziti: %v", err)
+		return admin.NewGrantsInternalServerError()
+	}
+
+	trx, err := str.Begin()
+	if err != nil {
+		logrus.Errorf("error starting transaction: %v", err)
+		return admin.NewGrantsInternalServerError()
+	}
+	defer func() { _ = trx.Rollback() }()
+
+	acct, err := str.FindAccountWithEmail(params.Body.Email, trx)
+	if err != nil {
+		logrus.Errorf("error finding account with email '%v': %v", params.Body.Email, err)
+		return admin.NewGrantsNotFound()
+	}
+
+	acctSkipInterstitial, err := str.IsAccountGrantedSkipInterstitial(acct.Id, trx)
+	if err != nil {
+		logrus.Errorf("error checking account '%v' granted skip interstitial: %v", acct.Email, err)
+	}
+
+	envs, err := str.FindEnvironmentsForAccount(acct.Id, trx)
+	if err != nil {
+		logrus.Errorf("error finding environments for '%v': %v", acct.Email, err)
+		return admin.NewGrantsInternalServerError()
+	}
+
+	for _, env := range envs {
+		shrs, err := str.FindSharesForEnvironment(env.Id, trx)
+		if err != nil {
+			logrus.Errorf("error finding shares for '%v': %v", acct.Email, err)
+			return admin.NewGrantsInternalServerError()
+		}
+
+		for _, shr := range shrs {
+			if shr.ShareMode == string(sdk.PublicShareMode) && shr.BackendMode != string(sdk.DriveBackendMode) {
+				cfgZId, shrCfg, err := zrokEdgeSdk.GetConfig(shr.Token, edge)
+				if err != nil {
+					logrus.Errorf("error getting config for share '%v': %v", shr.Token, err)
+					return admin.NewGrantsInternalServerError()
+				}
+
+				if shrCfg.Interstitial != !acctSkipInterstitial {
+					logrus.Infof("updating config for '%v'", shr.Token)
+					err := zrokEdgeSdk.UpdateConfig(cfgZId, shrCfg, edge)
+					if err != nil {
+						logrus.Errorf("error updating config for '%v': %v", shr.Token, err)
+						return admin.NewGrantsInternalServerError()
+					}
+				} else {
+					logrus.Infof("skipping config update for '%v'", shr.Token)
+				}
+			} else {
+				logrus.Debugf("skipping share mode %v, backend mode %v", shr.ShareMode, shr.BackendMode)
+			}
+		}
+	}
+
 	return admin.NewGrantsOK()
 }