This commit is contained in:
@@ -8,7 +8,7 @@ defmodule PolicyServiceWeb.Router do
|
||||
plug OpenApiSpex.Plug.PutApiSpec, module: PolicyServiceWeb.ApiSpec
|
||||
end
|
||||
|
||||
pipeline :authorize do
|
||||
pipeline :auth do
|
||||
plug Oidcc.Plug.ExtractAuthorization
|
||||
plug Oidcc.Plug.RequireAuthorization
|
||||
|
||||
@@ -16,36 +16,53 @@ defmodule PolicyServiceWeb.Router do
|
||||
plug PolicyServiceWeb.Plugs.ExtractOrganizationId
|
||||
|
||||
plug :introspect
|
||||
plug :authorize_roles
|
||||
end
|
||||
|
||||
pipeline :read do
|
||||
plug :authorize_roles, required_permission: ["policy:read"]
|
||||
end
|
||||
|
||||
pipeline :submit_solicitation do
|
||||
plug :authorize_roles, required_permission: ["policy:submit_solicitation"]
|
||||
end
|
||||
|
||||
pipeline :create_request do
|
||||
plug :authorize_roles, required_permission: ["policy:create_request"]
|
||||
end
|
||||
|
||||
get "/health", HealthController, :health
|
||||
get "/health/ready", HealthController, :ready
|
||||
|
||||
scope "/swaggerui" do
|
||||
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
|
||||
end
|
||||
|
||||
scope "/api" do
|
||||
pipe_through [:api]
|
||||
|
||||
get "/openapi", OpenApiSpex.Plug.RenderSpec, []
|
||||
|
||||
scope "/v1" do
|
||||
pipe_through [:authorize]
|
||||
pipe_through [:auth]
|
||||
|
||||
get "/policies", PolicyController, :index, required_permission: ["policy:read"]
|
||||
scope "/" do
|
||||
pipe_through [:read]
|
||||
get "/policies", PolicyController, :index
|
||||
get "/policies/:application_id", PolicyController, :show
|
||||
end
|
||||
|
||||
get "/policies/:application_id", PolicyController, :show,
|
||||
required_permissions: ["policy:read"]
|
||||
scope "/" do
|
||||
pipe_through [:create_request]
|
||||
post "/policies", PolicyController, :create
|
||||
end
|
||||
|
||||
post "/policies", PolicyController, :create, required_permissions: ["policy:create_request"]
|
||||
|
||||
post "/policies/:application_id/accept", PolicyController, :accept,
|
||||
required_permission: ["policy:submit_solicitation"]
|
||||
scope "/" do
|
||||
pipe_through [:submit_solicitation]
|
||||
post "/policies/:application_id/accept", PolicyController, :accept
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
scope "/swaggerui" do
|
||||
get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
|
||||
end
|
||||
|
||||
def introspect(conn, _opts) do
|
||||
zitadel = Application.get_env(:policy_service, :zitadel)
|
||||
|
||||
@@ -63,9 +80,15 @@ defmodule PolicyServiceWeb.Router do
|
||||
)
|
||||
end
|
||||
|
||||
def authorize_roles(conn, _opts) do
|
||||
def authorize_roles(conn, opts) do
|
||||
zitadel = Application.get_env(:policy_service, :zitadel)
|
||||
opts = PolicyServiceWeb.Plugs.AuthorizeRoles.init(roles_claim: zitadel[:roles_claim])
|
||||
|
||||
opts =
|
||||
PolicyServiceWeb.Plugs.AuthorizeRoles.init(
|
||||
roles_claim: zitadel[:roles_claim],
|
||||
required_permissions: opts.required_permissions
|
||||
)
|
||||
|
||||
PolicyServiceWeb.Plugs.AuthorizeRoles.call(conn, opts)
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user