Skip to content

Commit

Permalink
Fix #175 Refactor authorisation middleware to check RBAC for a user
Browse files Browse the repository at this point in the history
  • Loading branch information
albinpa committed Sep 21, 2023
1 parent e988fa6 commit b412873
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 32 deletions.
14 changes: 3 additions & 11 deletions src/middleware/middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -175,22 +175,14 @@ func Authorize(e *casbin.Enforcer) Middleware {

var role string

orgID, ok := mux.Vars(r)["organizationID"]
if !ok {
orgID, ok = mux.Vars(r)["orgID"]
}
if !ok && len(roles) > 0 {
orgID = user.Orgs[0].OrgID.Hex()
if len(roles) > 0 {
role = rbac.ROLE_ADMIN
}

if rbac.IsUser(roles) {
if len(roles) == 0 {
role = rbac.ROLE_USER
}

if rbac.IsOrgAdmin(roles, orgID) {
role = rbac.ROLE_ADMIN
}

// casbin enforce
res, err := e.Enforce(role, r.URL.Path, r.Method)
if err != nil {
Expand Down
21 changes: 0 additions & 21 deletions src/rbac/rbac.go
Original file line number Diff line number Diff line change
@@ -1,28 +1,7 @@
package rbac

import (
"github.com/bb-consent/api/src/user"
)

// RBAC User Roles
const (
ROLE_USER string = "user"
ROLE_ADMIN string = "organisation_admin"
)

// IsOrgAdmin is user an admin in the organisation
func IsOrgAdmin(roles []user.Role, orgID string) bool {
for _, item := range roles {
if item.RoleID == 1 {
if item.OrgID == orgID {
return true
}
}
}
return false
}

// IsUser is User Role user
func IsUser(roles []user.Role) bool {
return len(roles) == 0
}

0 comments on commit b412873

Please sign in to comment.