Updates permission management

fident · Aug 15, 2017 · bb1b698 · bb1b698
1 parent 4f7de31
commit bb1b698
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 9 deletions.
diff --git a/managementPermissions.go b/managementPermissions.go
@@ -0,0 +1,98 @@
+package manage
+
+import (
+	"context"
+
+	"github.com/fident/go-manage/permissions"
+	"github.com/fident/go-manage/tls"
+	"github.com/fident/go-proto/fident"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/metadata"
+)
+
+// GetManagementPermissions retrieves all management permissions for given identity id
+func (i *Instance) GetManagementPermissions(identityID string) ([]permissions.Entry, error) {
+	meta, err := i.preflightAuth()
+	if err != nil {
+		return []permissions.Entry{}, err
+	}
+	ctx := metadata.NewContext(context.Background(), meta)
+
+	conn, err := grpc.Dial(i.fidentEndpoint, grpc.WithTransportCredentials(credentials.NewTLS(tls.FidentTSLConfig)))
+	if err != nil {
+		return []permissions.Entry{}, err
+	}
+	defer conn.Close()
+
+	c := fident.NewAuthClient(conn)
+	res, err := c.GetManagementPermissionsForIdentityIDs(ctx, &fident.GetManagementPermissionsRequest{
+		IdentityId: []string{identityID},
+	})
+
+	if err != nil {
+		return []permissions.Entry{}, err
+	}
+
+	fin := []permissions.Entry{}
+	for _, re := range res.Results {
+		for _, pem := range re.Permissions {
+			fin = append(fin, permissions.Entry(pem))
+		}
+	}
+
+	return fin, nil
+}
+
+// AddManagementPermission adds given management permission to given identity id
+func (i *Instance) AddManagementPermission(identityID string, permission permissions.Entry) error {
+	meta, err := i.preflightAuth()
+	if err != nil {
+		return err
+	}
+
+	ctx := metadata.NewContext(context.Background(), meta)
+	conn, err := grpc.Dial(i.fidentEndpoint, grpc.WithTransportCredentials(credentials.NewTLS(tls.FidentTSLConfig)))
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	c := fident.NewAuthClient(conn)
+	_, err = c.AddManagementPermissionToIdentityIDs(ctx, &fident.AddManagementPermissionRequest{
+		IdentityId: []string{identityID},
+		Permission: string(permission),
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RemoveManagementPermission removes given management permission from given identity id
+func (i *Instance) RemoveManagementPermission(identityID string, permission permissions.Entry) error {
+	meta, err := i.preflightAuth()
+	if err != nil {
+		return err
+	}
+
+	ctx := metadata.NewContext(context.Background(), meta)
+	conn, err := grpc.Dial(i.fidentEndpoint, grpc.WithTransportCredentials(credentials.NewTLS(tls.FidentTSLConfig)))
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	c := fident.NewAuthClient(conn)
+	_, err = c.RemoveManagementPermissionFromIdentityIDs(ctx, &fident.RemoveManagementPermissionRequest{
+		IdentityId: []string{identityID},
+		Permission: string(permission),
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/permissions/permissions.go b/permissions/permissions.go
@@ -4,30 +4,31 @@ package permissions
 * Fident permission keys
 **/
 
-type entry int
+// Entry is a single permission entry
+type Entry string
 
 const (
 	// PermissionAll allows account to perform all requests
-	PermissionAll = "fident/management/*"
+	PermissionAll Entry = "fident/management/*"
 
 	// PermissionsReadAll allows account perform all read requests
-	PermissionsReadAll = "fident/management/read"
+	PermissionsReadAll Entry = "fident/management/read"
 
 	// PermissionGetLastLoginTimestamps is the permission required to read login timestamps
-	PermissionGetLastLoginTimestamps = "fident/management/read/login-timestamps"
+	PermissionGetLastLoginTimestamps Entry = "fident/management/read/login-timestamps"
 
 	// PermissionGetAccountDetails is the permission required to read account details
-	PermissionGetAccountDetails = "fident/management/read/account-details"
+	PermissionGetAccountDetails Entry = "fident/management/read/account-details"
 
 	// PermissionGetAllIdentityIDs is the permission required to read all identity IDs
-	PermissionGetAllIdentityIDs = "fident/management/read/all-identity-ids"
+	PermissionGetAllIdentityIDs Entry = "fident/management/read/all-identity-ids"
 
 	// PermissionAddManagementPermissions is the permission required to add management permissions to an identity
-	PermissionAddManagementPermissions = "fident/management/write/add-management-permission"
+	PermissionAddManagementPermissions Entry = "fident/management/write/add-management-permission"
 
 	// PermissionGetManagementPermissions is the permission required to retrieve assigned managemnent permissions for an identity
-	PermissionGetManagementPermissions = "fident/management/read/management-permissions"
+	PermissionGetManagementPermissions Entry = "fident/management/read/management-permissions"
 
 	// PermissionRemoveManagementPermissions is the permission required to remove management permissions from an identity
-	PermissionRemoveManagementPermissions = "fident/management/write/remove-management-permission"
+	PermissionRemoveManagementPermissions Entry = "fident/management/write/remove-management-permission"
 )