mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-04 03:59:07 -05:00
105 lines
3.4 KiB
Go
105 lines
3.4 KiB
Go
package command
|
|
|
|
import (
|
|
"os"
|
|
"slices"
|
|
"strings"
|
|
|
|
"github.com/olekukonko/tablewriter"
|
|
"github.com/olekukonko/tablewriter/renderer"
|
|
"github.com/olekukonko/tablewriter/tw"
|
|
"github.com/urfave/cli/v2"
|
|
|
|
"github.com/opencloud-eu/opencloud/pkg/config/configlog"
|
|
"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
|
|
"github.com/opencloud-eu/opencloud/services/graph/pkg/config/parser"
|
|
"github.com/opencloud-eu/opencloud/services/graph/pkg/unifiedrole"
|
|
)
|
|
|
|
var (
|
|
unifiedRolesNames = map[string]string{
|
|
unifiedrole.UnifiedRoleViewerID: "Viewer",
|
|
unifiedrole.UnifiedRoleViewerListGrantsID: "ViewerListGrants",
|
|
unifiedrole.UnifiedRoleSpaceViewerID: "SpaceViewer",
|
|
unifiedrole.UnifiedRoleEditorID: "Editor",
|
|
unifiedrole.UnifiedRoleEditorListGrantsID: "EditorListGrants",
|
|
unifiedrole.UnifiedRoleSpaceEditorID: "SpaceEditor",
|
|
unifiedrole.UnifiedRoleSpaceEditorWithoutVersionsID: "SpaceEditorWithoutVersions",
|
|
unifiedrole.UnifiedRoleFileEditorID: "FileEditor",
|
|
unifiedrole.UnifiedRoleFileEditorListGrantsID: "FileEditorListGrants",
|
|
unifiedrole.UnifiedRoleEditorLiteID: "EditorLite",
|
|
unifiedrole.UnifiedRoleManagerID: "SpaceManager",
|
|
unifiedrole.UnifiedRoleSecureViewerID: "SecureViewer",
|
|
}
|
|
)
|
|
|
|
// UnifiedRoles bundles available commands for unified roles
|
|
func UnifiedRoles(cfg *config.Config) cli.Commands {
|
|
cmds := cli.Commands{
|
|
listUnifiedRoles(cfg),
|
|
}
|
|
|
|
for _, cmd := range cmds {
|
|
cmd.Category = "unified-roles"
|
|
cmd.Name = strings.Join([]string{cmd.Name, "unified-roles"}, "-")
|
|
cmd.Before = func(c *cli.Context) error {
|
|
return configlog.ReturnError(parser.ParseConfig(cfg))
|
|
}
|
|
}
|
|
|
|
return cmds
|
|
}
|
|
|
|
// unifiedRolesStatus lists available unified roles, it contains an indicator to show if the role is enabled or not
|
|
func listUnifiedRoles(cfg *config.Config) *cli.Command {
|
|
return &cli.Command{
|
|
Name: "list",
|
|
Usage: "list available unified roles",
|
|
Action: func(c *cli.Context) error {
|
|
r := tw.Rendition{
|
|
Settings: tw.Settings{
|
|
Separators: tw.Separators{
|
|
BetweenRows: tw.On,
|
|
},
|
|
},
|
|
}
|
|
tbl := tablewriter.NewTable(os.Stdout, tablewriter.WithRenderer(renderer.NewBlueprint(r)))
|
|
|
|
headers := []string{"Name", "UID", "Enabled", "Description", "Condition", "Allowed resource actions"}
|
|
tbl.Header(headers)
|
|
|
|
for _, definition := range unifiedrole.GetRoles(unifiedrole.RoleFilterAll()) {
|
|
const enabled = "enabled"
|
|
const disabled = "disabled"
|
|
|
|
rows := [][]string{
|
|
{unifiedRolesNames[definition.GetId()], definition.GetId(), disabled, definition.GetDescription()},
|
|
}
|
|
if slices.Contains(cfg.UnifiedRoles.AvailableRoles, definition.GetId()) {
|
|
rows[0][2] = enabled
|
|
}
|
|
|
|
for i, rolePermission := range definition.GetRolePermissions() {
|
|
actions := strings.Join(rolePermission.GetAllowedResourceActions(), "\n")
|
|
row := []string{rolePermission.GetCondition(), actions}
|
|
switch i {
|
|
case 0:
|
|
rows[0] = append(rows[0], row...)
|
|
default:
|
|
rows[0][4] = rows[0][4] + "\n" + rolePermission.GetCondition()
|
|
}
|
|
}
|
|
|
|
for _, row := range rows {
|
|
// balance the row before adding it to the table,
|
|
// this prevents the row from having empty columns.
|
|
tbl.Append(append(row, make([]string, len(headers)-len(row))...))
|
|
}
|
|
}
|
|
|
|
tbl.Render()
|
|
return nil
|
|
},
|
|
}
|
|
}
|