-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor[internal/openfga] simplifies some model access checks #1484
refactor[internal/openfga] simplifies some model access checks #1484
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
if err != nil { | ||
return errors.E(op, err) | ||
} | ||
if !allowedModelAccess[access][accessLevel] { | ||
|
||
if !hasAccess { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
basically before we were handling hierarchy between roles manually? And now we rely on our authorization model, good
} | ||
if hasReadAccess { | ||
return "read", nil | ||
func userModelAccess(ctx context.Context, user *openfga.User, model names.ModelTag) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
godoc please
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm ty
func userModelAccess(ctx context.Context, user *openfga.User, model names.ModelTag) string { | ||
userRelation := user.GetModelAccess(ctx, model) | ||
switch userRelation { | ||
case ofganames.AdministratorRelation: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know we have ofganames now, but I really think permission package with access constants would've been better from juju.
Description
Engineering checklist
Check only items that apply
Test instructions
Notes for code reviewers