Some improvements for ABAC

enshi_back/ABAC/blogsPolicies/blogPolicies.go

@@ -1 +1,40 @@
 package blogspolicies
+
+import (
+	blogrules "enshi/ABAC/blogsPolicies/blogRules"
+	"enshi/ABAC/rules"
+
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	DELETE_BLOG = "delete_blog"
+	UPDATE_BLOG = "update_blog"
+	CREATE_BLOG = "create_blog"
+	GET_BLOG    = "get_blog"
+)
+
+func BlogPolicies(c *gin.Context) (bool, []error) {
+	target, exists := c.Get("target")
+	if !exists {
+		return false, nil
+	}
+
+	// Permit if one permit
+	switch target {
+	case DELETE_BLOG:
+		return rules.CheckRule(c, blogrules.BlogDeleteRule)
+
+	case UPDATE_BLOG:
+		return rules.CheckRule(c, blogrules.BlogUpdateRule)
+
+	case GET_BLOG:
+		return rules.CheckRule(c, blogrules.BlogReadRule)
+
+	case CREATE_BLOG:
+		return rules.CheckRule(c, blogrules.BlogCreateRule)
+
+	}
+
+	return false, nil
+}

enshi_back/ABAC/blogsPolicies/blogRules/deleteRule.go

@@ -0,0 +1,24 @@
+package blogrules
+
+import (
+	globalrules "enshi/ABAC/globalRules"
+	"enshi/ABAC/rules"
+
+	"github.com/gin-gonic/gin"
+)
+
+func BlogDeleteRule(c *gin.Context) (bool, []error) {
+	rulesToCheck := []rules.RuleFunction{
+		globalrules.AuthorizedRule,
+		globalrules.IsOwnerOfTheBlogRule,
+		globalrules.IsAdminRule,
+	}
+
+	isAllowed, errors := rules.CheckRules(
+		c,
+		rulesToCheck,
+		2,
+	)
+
+	return isAllowed, errors
+}

enshi_back/ABAC/blogsPolicies/blogRules/readRule.go

@@ -0,0 +1,19 @@
+package blogrules
+
+import (
+	"enshi/ABAC/rules"
+
+	"github.com/gin-gonic/gin"
+)
+
+func BlogReadRule(c *gin.Context) (bool, []error) {
+	rulesToCheck := []rules.RuleFunction{}
+
+	isAllowed, errors := rules.CheckRules(
+		c,
+		rulesToCheck,
+		rules.ALL_RULES_MUST_BE_COMPLETED,
+	)
+
+	return isAllowed, errors
+}

enshi_back/ABAC/blogsPolicies/blogRules/updateRule.go

@@ -0,0 +1,23 @@
+package blogrules
+
+import (
+	globalrules "enshi/ABAC/globalRules"
+	"enshi/ABAC/rules"
+
+	"github.com/gin-gonic/gin"
+)
+
+func BlogUpdateRule(c *gin.Context) (bool, []error) {
+	rulesToCheck := []rules.RuleFunction{
+		globalrules.AuthorizedRule,
+		globalrules.IsOwnerOfTheBlogRule,
+	}
+
+	isAllowed, errors := rules.CheckRules(
+		c,
+		rulesToCheck,
+		rules.ALL_RULES_MUST_BE_COMPLETED,
+	)
+
+	return isAllowed, errors
+}

enshi_back/middleware/blogsMiddleware.go

@@ -0,0 +1,47 @@
+package middleware
+
+import (
+	blogspolicies "enshi/ABAC/blogsPolicies"
+	rest_api_stuff "enshi/REST_API_stuff"
+	"fmt"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+func BlogsMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+
+		switch c.Request.Method {
+		case "DELETE":
+			c.Set("target", blogspolicies.DELETE_BLOG)
+		case "PUT":
+			c.Set("target", blogspolicies.UPDATE_BLOG)
+		case "POST":
+			c.Set("target", blogspolicies.CREATE_BLOG)
+		case "GET":
+			c.Set("target", blogspolicies.GET_BLOG)
+		}
+
+		isAllowed, errors := blogspolicies.BlogPolicies(c)
+
+		var errorsMap = map[int]string{}
+		for i, error := range errors {
+			errorsMap[i] = error.Error()
+		}
+
+		if errors != nil {
+			c.IndentedJSON(http.StatusUnauthorized, errorsMap)
+			c.Abort()
+			return
+		}
+
+		if !isAllowed {
+			rest_api_stuff.UnauthorizedAnswer(c, fmt.Errorf("you have no permission"))
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}