This commit is contained in:
@@ -108,4 +108,4 @@ custom classes must fully style the input
|
||||
- **Always** invoke `mix ecto.gen.migration migration_name_using_underscores` when generating migration files, so the correct timestamp and conventions are applied
|
||||
<!-- phoenix:ecto-end -->
|
||||
|
||||
<!-- usage-rules-end -->
|
||||
<!-- usage-rules-end -->
|
||||
|
||||
@@ -18,10 +18,14 @@ defmodule PolicyServiceWeb.Plugs.AuthorizationPlug do
|
||||
- :resource_owner_check - Function to check if user owns the resource (optional)
|
||||
"""
|
||||
def init(opts) do
|
||||
required_permission = Keyword.get(opts, :required_permission, nil)
|
||||
required_scopes = Keyword.get(opts, :required_scopes, [])
|
||||
resource_owner_check = Keyword.get(opts, :resource_owner_check, nil)
|
||||
|
||||
%{
|
||||
required_roles: Keyword.get(opts, :required_roles, []),
|
||||
required_scopes: Keyword.get(opts, :required_scopes, []),
|
||||
resource_owner_check: Keyword.get(opts, :resource_owner_check, nil)
|
||||
required_permission: required_permission,
|
||||
required_scopes: required_scopes,
|
||||
resource_owner_check: resource_owner_check
|
||||
}
|
||||
end
|
||||
|
||||
@@ -57,12 +61,12 @@ defmodule PolicyServiceWeb.Plugs.AuthorizationPlug do
|
||||
:ok
|
||||
end
|
||||
|
||||
defp check_roles(user_roles, required_roles) do
|
||||
if has_any_role?(user_roles, required_roles) do
|
||||
defp check_roles(user_roles, required_permission) do
|
||||
if has_any_role?(user_roles, required_permission) do
|
||||
:ok
|
||||
else
|
||||
Logger.warning(
|
||||
"User with roles #{inspect(user_roles)} lacks required roles: #{inspect(required_roles)}"
|
||||
"User with roles #{inspect(user_roles)} lacks required permission: #{inspect(required_permission)}"
|
||||
)
|
||||
|
||||
{:error, :insufficient_role}
|
||||
|
||||
@@ -28,10 +28,12 @@ defmodule PolicyServiceWeb.Router do
|
||||
scope "/v1" do
|
||||
pipe_through [:authenticated, :authorized]
|
||||
|
||||
get "/policies", PolicyController, :index
|
||||
get "/policies/:application_id", PolicyController, :show
|
||||
post "/policies", PolicyController, :create
|
||||
post "/policies/:application_id/accept", PolicyController, :accept
|
||||
get "/policies", PolicyController, :index, required_permission: "policy:read"
|
||||
get "/policies/:application_id", PolicyController, :show, required_permission: "policy:read"
|
||||
post "/policies", PolicyController, :create, required_permission: "policy:create_request"
|
||||
|
||||
post "/policies/:application_id/accept", PolicyController, :accept,
|
||||
required_permission: "policy:submit_solicitation"
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user