forked from baron/baron-sso
feat: 테넌트/RP 관리자 할당 UI 및 ReBAC 권한 검증 도구 구현 #244
This commit is contained in:
@@ -16,6 +16,9 @@ type RelyingPartyService interface {
|
||||
Update(ctx context.Context, clientID string, client domain.HydraClient) (*domain.RelyingParty, error)
|
||||
Delete(ctx context.Context, clientID string) error
|
||||
CheckPermission(ctx context.Context, userID, clientID, relation string) (bool, error)
|
||||
AddOwner(ctx context.Context, clientID, subject string) error
|
||||
RemoveOwner(ctx context.Context, clientID, subject string) error
|
||||
ListOwners(ctx context.Context, clientID string) ([]string, error)
|
||||
}
|
||||
|
||||
type relyingPartyService struct {
|
||||
@@ -163,6 +166,27 @@ func (s *relyingPartyService) CheckPermission(ctx context.Context, userID, clien
|
||||
return s.ketoService.CheckPermission(ctx, userID, "RelyingParty", clientID, relation)
|
||||
}
|
||||
|
||||
func (s *relyingPartyService) AddOwner(ctx context.Context, clientID, subject string) error {
|
||||
return s.ketoService.CreateRelation(ctx, "RelyingParty", clientID, "owners", subject)
|
||||
}
|
||||
|
||||
func (s *relyingPartyService) RemoveOwner(ctx context.Context, clientID, subject string) error {
|
||||
return s.ketoService.DeleteRelation(ctx, "RelyingParty", clientID, "owners", subject)
|
||||
}
|
||||
|
||||
func (s *relyingPartyService) ListOwners(ctx context.Context, clientID string) ([]string, error) {
|
||||
tuples, err := s.ketoService.ListRelations(ctx, "RelyingParty", clientID, "owners", "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
subjects := make([]string, 0, len(tuples))
|
||||
for _, t := range tuples {
|
||||
subjects = append(subjects, t.SubjectID)
|
||||
}
|
||||
return subjects, nil
|
||||
}
|
||||
|
||||
func (s *relyingPartyService) mapHydraToDomain(client *domain.HydraClient) *domain.RelyingParty {
|
||||
if client == nil {
|
||||
return nil
|
||||
|
||||
Reference in New Issue
Block a user