Home Explore Help
Register Sign In
zhouyuhuan
/
Cloudpods
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: feature/cloudpods
Branches Tags
Cloudpods
/
backend
/
pkg
/
cloudcommon
/
policy
/
token.go

token.go 2.1 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. // Copyright 2019 Yunion
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package policy
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 

  20. 	"yunion.io/x/pkg/gotypes"
    21. 

  21. 	"yunion.io/x/pkg/util/rbacscope"
    22. 

  22. 

  23. 	"yunion.io/x/onecloud/pkg/mcclient"
    24. 

  24. 	"yunion.io/x/onecloud/pkg/mcclient/auth"
    25. 

  25. )
    26. 

  26. 

  27. type SPolicyTokenCredential struct {
    28. 

  28. 	// usage embedded interface
    29. 

  29. 	mcclient.TokenCredential
    30. 

  30. }
    31. 

  31. 

  32. func (self *SPolicyTokenCredential) HasSystemAdminPrivilege() bool {
    33. 

  33. 	return PolicyManager.IsScopeCapable(self.TokenCredential, rbacscope.ScopeSystem)
    34. 

  34. }
    35. 

  35. 

  36. /*func (self *SPolicyTokenCredential) IsAllow(targetScope rbacscope.TRbacScope, service string, resource string, action string, extra ...string) rbacutils.SPolicyResult {
    37. 

  37. 	allowScope, result := PolicyManager.AllowScope(self.TokenCredential, service, resource, action, extra...)
    38. 

  38. 	if result.Result == rbacutils.Allow && !targetScope.HigherThan(allowScope) {
    39. 

  39. 		return result
    40. 

  40. 	}
    41. 

  41. 	return rbacutils.PolicyDeny
    42. 

  42. }*/
    43. 

  43. 

  44. func init() {
    45. 

  45. 	gotypes.RegisterSerializableTransformer(mcclient.TokenCredentialType, func(input gotypes.ISerializable) gotypes.ISerializable {
    46. 

  46. 		// log.Debugf("do TokenCredential transform for %#v", input)
    47. 

  47. 		switch val := input.(type) {
    48. 

  48. 		case *mcclient.SSimpleToken:
    49. 

  49. 			return &SPolicyTokenCredential{val}
    50. 

  50. 		default:
    51. 

  51. 			return val
    52. 

  52. 		}
    53. 

  53. 	})
    54. 

  54. }
    55. 

  55. 

  56. func FilterPolicyCredential(token mcclient.TokenCredential) mcclient.TokenCredential {
    57. 

  57. 	switch token.(type) {
    58. 

  58. 	case *SPolicyTokenCredential:
    59. 

  59. 		return token
    60. 

  60. 	default:
    61. 

  61. 		return &SPolicyTokenCredential{TokenCredential: token}
    62. 

  62. 	}
    63. 

  63. }
    64. 

  64. 

  65. func FetchUserCredential(ctx context.Context) mcclient.TokenCredential {
    66. 

  66. 	token := auth.FetchUserCredential(ctx, FilterPolicyCredential)
    67. 

  67. 	return token
    68. 

  68. }
    69.