surrealpatch/db/perms.go

91 lines
2.1 KiB
Go
Raw Normal View History

// Copyright © 2016 Abcum Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package db
import (
"context"
"github.com/abcum/surreal/cnf"
"github.com/abcum/surreal/sql"
"github.com/abcum/surreal/util/data"
)
func (d *document) perms(ctx context.Context, doc *data.Doc) (err error) {
// Get the field definitions so we can
// check if the permissions allow us
// to view each field.
fds, err := d.getFD()
if err != nil {
return err
}
// Once we have the table we reset the
// context to DB level so that no other
// embedded permissions are checked on
// records within these permissions.
ctx = context.WithValue(ctx, ctxKeyKind, cnf.AuthDB)
// We then try to process the relevant
// permissions dependent on the query
// that we are currently processing. If
// there are no permissions specified
// for this table, then because this is
// a scoped request, return an error.
for _, fd := range fds {
if fd.Perms != nil {
err = doc.Walk(func(key string, val interface{}, exi bool) error {
// We are checking the permissions of the field
if p, ok := fd.Perms.(*sql.PermExpression); ok {
// Get the old value
old := d.initial.Get(key).Data()
// Reset the variables
vars := data.New()
vars.Set(val, varKeyValue)
vars.Set(val, varKeyAfter)
vars.Set(old, varKeyBefore)
ctx = context.WithValue(ctx, ctxKeySpec, vars)
if v, err := d.i.e.fetch(ctx, p.Select, doc); err != nil {
return err
} else if b, ok := v.(bool); !ok || !b {
doc.Del(key)
}
}
return nil
}, fd.Name.ID)
}
}
return nil
}