aboutsummaryrefslogtreecommitdiffstats
path: root/library/cpp/tvmauth/client/misc/roles/roles.cpp
blob: f412558b991518588608c5282b69e1b012e58e5c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#include "roles.h"

#include <library/cpp/tvmauth/checked_service_ticket.h>
#include <library/cpp/tvmauth/checked_user_ticket.h>

namespace NTvmAuth::NRoles {
    TRoles::TRoles(TMeta&& meta,
                   TTvmConsumers tvm,
                   TUserConsumers user,
                   TRawPtr raw)
        : Meta_(std::move(meta))
        , TvmIds_(std::move(tvm))
        , Users_(std::move(user))
        , Raw_(std::move(raw))
    {
        Y_ENSURE(Raw_);
    }

    TConsumerRolesPtr TRoles::GetRolesForService(const TCheckedServiceTicket& t) const {
        Y_ENSURE_EX(t,
                    TIllegalUsage() << "Service ticket must be valid, got: " << t.GetStatus());
        auto it = TvmIds_.find(t.GetSrc());
        return it == TvmIds_.end() ? TConsumerRolesPtr() : it->second;
    }

    TConsumerRolesPtr TRoles::GetRolesForUser(const TCheckedUserTicket& t,
                                              std::optional<TUid> selectedUid) const {
        Y_ENSURE_EX(t,
                    TIllegalUsage() << "User ticket must be valid, got: " << t.GetStatus());
        Y_ENSURE_EX(t.GetEnv() == EBlackboxEnv::ProdYateam,
                    TIllegalUsage() << "User ticket must be from ProdYateam, got from " << t.GetEnv());

        TUid uid = t.GetDefaultUid();
        if (selectedUid) {
            auto it = std::find(t.GetUids().begin(), t.GetUids().end(), *selectedUid);
            Y_ENSURE_EX(it != t.GetUids().end(),
                        TIllegalUsage() << "selectedUid must be in user ticket but it's not: "
                                        << *selectedUid);
            uid = *selectedUid;
        }

        auto it = Users_.find(uid);
        return it == Users_.end() ? TConsumerRolesPtr() : it->second;
    }

    const TRoles::TMeta& TRoles::GetMeta() const {
        return Meta_;
    }

    const TString& TRoles::GetRaw() const {
        return *Raw_;
    }

    bool TRoles::CheckServiceRole(const TCheckedServiceTicket& t,
                                  const TStringBuf roleName) const {
        TConsumerRolesPtr c = GetRolesForService(t);
        return c ? c->HasRole(roleName) : false;
    }

    bool TRoles::CheckUserRole(const TCheckedUserTicket& t,
                               const TStringBuf roleName,
                               std::optional<TUid> selectedUid) const {
        TConsumerRolesPtr c = GetRolesForUser(t, selectedUid);
        return c ? c->HasRole(roleName) : false;
    }

    bool TRoles::CheckServiceRoleForExactEntity(const TCheckedServiceTicket& t,
                                                const TStringBuf roleName,
                                                const TEntity& exactEntity) const {
        TConsumerRolesPtr c = GetRolesForService(t);
        return c ? c->CheckRoleForExactEntity(roleName, exactEntity) : false;
    }

    bool TRoles::CheckUserRoleForExactEntity(const TCheckedUserTicket& t,
                                             const TStringBuf roleName,
                                             const TEntity& exactEntity,
                                             std::optional<TUid> selectedUid) const {
        TConsumerRolesPtr c = GetRolesForUser(t, selectedUid);
        return c ? c->CheckRoleForExactEntity(roleName, exactEntity) : false;
    }

    TConsumerRoles::TConsumerRoles(THashMap<TString, TEntitiesPtr> roles)
        : Roles_(std::move(roles))
    {
    }

    bool TConsumerRoles::CheckRoleForExactEntity(const TStringBuf roleName,
                                                 const TEntity& exactEntity) const {
        auto it = Roles_.find(roleName);
        if (it == Roles_.end()) {
            return false;
        }

        return it->second->Contains(exactEntity);
    }

    TEntities::TEntities(TEntitiesIndex idx)
        : Idx_(std::move(idx))
    {
    }
}