This commit is contained in:
@@ -18,10 +18,14 @@ defmodule PolicyServiceWeb.Plugs.AuthorizationPlug do
|
|||||||
- :resource_owner_check - Function to check if user owns the resource (optional)
|
- :resource_owner_check - Function to check if user owns the resource (optional)
|
||||||
"""
|
"""
|
||||||
def init(opts) do
|
def init(opts) do
|
||||||
|
required_permission = Keyword.get(opts, :required_permission, nil)
|
||||||
|
required_scopes = Keyword.get(opts, :required_scopes, [])
|
||||||
|
resource_owner_check = Keyword.get(opts, :resource_owner_check, nil)
|
||||||
|
|
||||||
%{
|
%{
|
||||||
required_roles: Keyword.get(opts, :required_roles, []),
|
required_permission: required_permission,
|
||||||
required_scopes: Keyword.get(opts, :required_scopes, []),
|
required_scopes: required_scopes,
|
||||||
resource_owner_check: Keyword.get(opts, :resource_owner_check, nil)
|
resource_owner_check: resource_owner_check
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -57,12 +61,12 @@ defmodule PolicyServiceWeb.Plugs.AuthorizationPlug do
|
|||||||
:ok
|
:ok
|
||||||
end
|
end
|
||||||
|
|
||||||
defp check_roles(user_roles, required_roles) do
|
defp check_roles(user_roles, required_permission) do
|
||||||
if has_any_role?(user_roles, required_roles) do
|
if has_any_role?(user_roles, required_permission) do
|
||||||
:ok
|
:ok
|
||||||
else
|
else
|
||||||
Logger.warning(
|
Logger.warning(
|
||||||
"User with roles #{inspect(user_roles)} lacks required roles: #{inspect(required_roles)}"
|
"User with roles #{inspect(user_roles)} lacks required permission: #{inspect(required_permission)}"
|
||||||
)
|
)
|
||||||
|
|
||||||
{:error, :insufficient_role}
|
{:error, :insufficient_role}
|
||||||
|
|||||||
@@ -28,10 +28,12 @@ defmodule PolicyServiceWeb.Router do
|
|||||||
scope "/v1" do
|
scope "/v1" do
|
||||||
pipe_through [:authenticated, :authorized]
|
pipe_through [:authenticated, :authorized]
|
||||||
|
|
||||||
get "/policies", PolicyController, :index
|
get "/policies", PolicyController, :index, required_permission: "policy:read"
|
||||||
get "/policies/:application_id", PolicyController, :show
|
get "/policies/:application_id", PolicyController, :show, required_permission: "policy:read"
|
||||||
post "/policies", PolicyController, :create
|
post "/policies", PolicyController, :create, required_permission: "policy:create_request"
|
||||||
post "/policies/:application_id/accept", PolicyController, :accept
|
|
||||||
|
post "/policies/:application_id/accept", PolicyController, :accept,
|
||||||
|
required_permission: "policy:submit_solicitation"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user