本文整理汇总了Golang中github.com/tsuru/tsuru/permission.FindRole函数的典型用法代码示例。如果您正苦于以下问题:Golang FindRole函数的具体用法?Golang FindRole怎么用?Golang FindRole使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了FindRole函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestAddDefaultRole
func (s *S) TestAddDefaultRole(c *check.C) {
_, err := permission.NewRole("r1", "team")
c.Assert(err, check.IsNil)
_, err = permission.NewRole("r2", "team")
c.Assert(err, check.IsNil)
_, err = permission.NewRole("r3", "global")
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
body := bytes.NewBufferString("team-create=r1&team-create=r2&user-create=r3")
req, err := http.NewRequest("POST", "/role/default", body)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleDefaultCreate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r1, err := permission.FindRole("r1")
c.Assert(err, check.IsNil)
c.Assert(r1.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
r2, err := permission.FindRole("r2")
c.Assert(err, check.IsNil)
c.Assert(r2.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
r3, err := permission.FindRole("r3")
c.Assert(err, check.IsNil)
c.Assert(r3.Events, check.DeepEquals, []string{permission.RoleEventUserCreate.String()})
}示例2: TestAddDefaultRole
func (s *S) TestAddDefaultRole(c *check.C) {
_, err := permission.NewRole("r1", "team", "")
c.Assert(err, check.IsNil)
_, err = permission.NewRole("r2", "team", "")
c.Assert(err, check.IsNil)
_, err = permission.NewRole("r3", "global", "")
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
body := bytes.NewBufferString("team-create=r1&team-create=r2&user-create=r3")
req, err := http.NewRequest("POST", "/role/default", body)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleDefaultCreate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r1, err := permission.FindRole("r1")
c.Assert(err, check.IsNil)
c.Assert(r1.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
r2, err := permission.FindRole("r2")
c.Assert(err, check.IsNil)
c.Assert(r2.Events, check.DeepEquals, []string{permission.RoleEventTeamCreate.String()})
r3, err := permission.FindRole("r3")
c.Assert(err, check.IsNil)
c.Assert(r3.Events, check.DeepEquals, []string{permission.RoleEventUserCreate.String()})
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "r1"},
Owner: token.GetUserName(),
Kind: "role.default.create",
StartCustomData: []map[string]interface{}{
{"name": "team-create", "value": []string{"r1", "r2"}},
{"name": "user-create", "value": "r3"},
},
}, eventtest.HasEvent)
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "r2"},
Owner: token.GetUserName(),
Kind: "role.default.create",
StartCustomData: []map[string]interface{}{
{"name": "team-create", "value": []string{"r1", "r2"}},
{"name": "user-create", "value": "r3"},
},
}, eventtest.HasEvent)
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "r3"},
Owner: token.GetUserName(),
Kind: "role.default.create",
StartCustomData: []map[string]interface{}{
{"name": "team-create", "value": []string{"r1", "r2"}},
{"name": "user-create", "value": "r3"},
},
}, eventtest.HasEvent)
}示例3: addDefaultRole
func addDefaultRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleDefaultCreate) {
return permission.ErrUnauthorized
}
err := r.ParseForm()
if err != nil {
return err
}
for evtName := range permission.RoleEventMap {
roles := r.Form[evtName]
for _, roleName := range roles {
role, err := permission.FindRole(roleName)
if err != nil {
if err == permission.ErrRoleNotFound {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
return err
}
err = role.AddEvent(evtName)
if err != nil {
if _, ok := err.(permission.ErrRoleEventWrongContext); ok {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
return err
}
}
}
return nil
}示例4: addPermissions
func addPermissions(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleUpdate) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
role, err := permission.FindRole(roleName)
if err != nil {
return err
}
err = r.ParseForm()
if err != nil {
return err
}
users, err := auth.ListUsersWithRole(roleName)
if err != nil {
return err
}
err = runWithPermSync(users, func() error {
return role.AddPermissions(r.Form["permission"]...)
})
if err == nil {
w.WriteHeader(http.StatusOK)
}
return err
}示例5: deployableApps
func deployableApps(u *auth.User, rolesCache map[string]*permission.Role) ([]string, error) {
var perms []permission.Permission
for _, roleData := range u.Roles {
role := rolesCache[roleData.Name]
if role == nil {
foundRole, err := permission.FindRole(roleData.Name)
if err != nil {
return nil, err
}
role = &foundRole
rolesCache[roleData.Name] = role
}
perms = append(perms, role.PermissionsFor(roleData.ContextValue)...)
}
contexts := permission.ContextsFromListForPermission(perms, permission.PermAppDeploy)
if len(contexts) == 0 {
return nil, nil
}
filter := appFilterByContext(contexts, nil)
apps, err := app.List(filter)
if err != nil {
return nil, err
}
appNames := make([]string, len(apps))
for i := range apps {
appNames[i] = apps[i].GetName()
}
return appNames, nil
}示例6: createRole
func createRole(name, contextType string) (permission.Role, error) {
role, err := permission.NewRole(name, contextType, "")
if err == permission.ErrRoleAlreadyExists {
role, err = permission.FindRole(name)
}
return role, err
}示例7: roleInfo
// title: role info
// path: /roles/{name}
// method: GET
// produce: application/json
// responses:
// 200: OK
// 401: Unauthorized
// 404: Role not found
func roleInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !(permission.Check(t, permission.PermRoleUpdate) ||
permission.Check(t, permission.PermRoleUpdateAssign) ||
permission.Check(t, permission.PermRoleUpdateDissociate) ||
permission.Check(t, permission.PermRoleCreate) ||
permission.Check(t, permission.PermRoleDelete)) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
role, err := permission.FindRole(roleName)
if err == permission.ErrRoleNotFound {
return &errors.HTTP{
Code: http.StatusNotFound,
Message: err.Error(),
}
}
if err != nil {
return err
}
b, err := json.Marshal(role)
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")
_, err = w.Write(b)
return err
}示例8: AddRole
func (u *User) AddRole(roleName string, contextValue string) error {
_, err := permission.FindRole(roleName)
if err != nil {
return err
}
conn, err := db.Conn()
if err != nil {
return err
}
defer conn.Close()
err = conn.Users().Update(bson.M{"email": u.Email}, bson.M{
"$addToSet": bson.M{
// Order matters in $addToSet, that's why bson.D is used instead
// of bson.M.
"roles": bson.D([]bson.DocElem{
{Name: "name", Value: roleName},
{Name: "contextvalue", Value: contextValue},
}),
},
})
if err != nil {
return err
}
return u.Reload()
}示例9: canUseRole
func canUseRole(t auth.Token, roleName, contextValue string) error {
role, err := permission.FindRole(roleName)
if err != nil {
if err == permission.ErrRoleNotFound {
return &errors.HTTP{
Code: http.StatusNotFound,
Message: err.Error(),
}
}
return err
}
userPerms, err := t.Permissions()
if err != nil {
return err
}
perms := role.PermissionsFor(contextValue)
for _, p := range perms {
if !permission.CheckFromPermList(userPerms, p.Scheme, p.Context) {
return &errors.HTTP{
Code: http.StatusForbidden,
Message: fmt.Sprintf("User not authorized to use permission %s", p.String()),
}
}
}
return nil
}示例10: TestRemoveDefaultRole
func (s *S) TestRemoveDefaultRole(c *check.C) {
r1, err := permission.NewRole("r1", "team", "")
c.Assert(err, check.IsNil)
err = r1.AddEvent(permission.RoleEventTeamCreate.String())
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
req, err := http.NewRequest("DELETE", "/role/default?team-create=r1", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleDefaultDelete,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r1, err = permission.FindRole("r1")
c.Assert(err, check.IsNil)
c.Assert(r1.Events, check.DeepEquals, []string{})
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "r1"},
Owner: token.GetUserName(),
Kind: "role.default.delete",
StartCustomData: []map[string]interface{}{
{"name": "team-create", "value": "r1"},
},
}, eventtest.HasEvent)
}示例11: TestAddPermissionsToARole
func (s *S) TestAddPermissionsToARole(c *check.C) {
_, err := permission.NewRole("test", "team", "")
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
b := bytes.NewBufferString(`permission=app.update&permission=app.deploy`)
req, err := http.NewRequest("POST", "/roles/test/permissions", b)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleUpdate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r, err := permission.FindRole("test")
c.Assert(err, check.IsNil)
sort.Strings(r.SchemeNames)
c.Assert(r.SchemeNames, check.DeepEquals, []string{"app.deploy", "app.update"})
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
Owner: token.GetUserName(),
Kind: "role.update.permission.add",
StartCustomData: []map[string]interface{}{
{"name": "permission", "value": []string{"app.update", "app.deploy"}},
},
}, eventtest.HasEvent)
}示例12: TestRemovePermissionsFromRole
func (s *S) TestRemovePermissionsFromRole(c *check.C) {
r, err := permission.NewRole("test", "team", "")
c.Assert(err, check.IsNil)
defer permission.DestroyRole(r.Name)
err = r.AddPermissions("app.update")
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.update", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleUpdate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r, err = permission.FindRole("test")
c.Assert(err, check.IsNil)
c.Assert(r.SchemeNames, check.DeepEquals, []string{})
c.Assert(eventtest.EventDesc{
Target: event.Target{Type: event.TargetTypeRole, Value: "test"},
Owner: token.GetUserName(),
Kind: "role.update.permission.remove",
StartCustomData: []map[string]interface{}{
{"name": ":name", "value": "test"},
{"name": ":permission", "value": "app.update"},
},
}, eventtest.HasEvent)
}示例13: removeDefaultRole
func removeDefaultRole(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleDefaultDelete) {
return permission.ErrUnauthorized
}
err := r.ParseForm()
if err != nil {
return err
}
for evtName := range permission.RoleEventMap {
roles := r.Form[evtName]
for _, roleName := range roles {
role, err := permission.FindRole(roleName)
if err != nil {
if err == permission.ErrRoleNotFound {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
return err
}
err = role.RemoveEvent(evtName)
if err != nil {
return err
}
}
}
w.WriteHeader(http.StatusOK)
return nil
}示例14: TestRemovePermissionsFromRoleSyncGitRepository
func (s *S) TestRemovePermissionsFromRoleSyncGitRepository(c *check.C) {
r, err := permission.NewRole("test", "team")
c.Assert(err, check.IsNil)
defer permission.DestroyRole(r.Name)
err = r.AddPermissions("app.deploy")
c.Assert(err, check.IsNil)
user := &auth.User{Email: "[email protected]", Password: "123456"}
_, err = nativeScheme.Create(user)
c.Assert(err, check.IsNil)
err = user.AddRole("test", s.team.Name)
c.Assert(err, check.IsNil)
a := app.App{Name: "myapp", TeamOwner: s.team.Name}
err = app.CreateApp(&a, s.user)
err = repository.Manager().GrantAccess(a.Name, user.Email)
c.Assert(err, check.IsNil)
rec := httptest.NewRecorder()
req, err := http.NewRequest("DELETE", "/roles/test/permissions/app.deploy", nil)
c.Assert(err, check.IsNil)
token := userWithPermission(c, permission.Permission{
Scheme: permission.PermRoleUpdate,
Context: permission.Context(permission.CtxGlobal, ""),
})
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Authorization", "bearer "+token.GetValue())
server := RunServer(true)
server.ServeHTTP(rec, req)
c.Assert(rec.Code, check.Equals, http.StatusOK)
r, err = permission.FindRole("test")
c.Assert(err, check.IsNil)
c.Assert(r.SchemeNames, check.DeepEquals, []string{})
users, err := repositorytest.Granted(a.Name)
c.Assert(err, check.IsNil)
c.Assert(users, check.DeepEquals, []string{s.user.Email})
}示例15: createApiUser
func createApiUser(t auth.Token, user *auth.User) (*apiUser, error) {
permissions, err := user.Permissions()
if err != nil {
return nil, err
}
permData := make([]rolePermissionData, len(permissions))
for i, p := range permissions {
if !permission.Check(t, p.Scheme, p.Context) {
return nil, nil
}
permData[i] = rolePermissionData{
Name: p.Scheme.FullName(),
ContextType: string(p.Context.CtxType),
ContextValue: p.Context.Value,
}
}
roleData := make([]rolePermissionData, len(user.Roles))
for i, userRole := range user.Roles {
r, err := permission.FindRole(userRole.Name)
if err != nil {
return nil, err
}
roleData[i] = rolePermissionData{
Name: userRole.Name,
ContextType: string(r.ContextType),
ContextValue: userRole.ContextValue,
}
}
return &apiUser{
Email: user.Email,
Roles: roleData,
Permissions: permData,
}, nil
}