grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Rework the way we setup the access code a little bit so it's easier to refresh
2019-09-12, Gary Kramlich
d13c14d4fadb
Rework the way we setup the access code a little bit so it's easier to refresh
package
access
import
(
"sync"
)
const
(
modelFilename
=
"model.conf"
policyFilename
=
"policy.csv"
)
var
(
accessLock
sync
.
Mutex
adminRepoPath
string
)
func
Setup
(
adminRepo
string
)
error
{
adminRepoPath
=
adminRepo
return
Refresh
()
}
// Refresh will try to reload the casbin model and policies followed by SSH
// keys. If there is an error it's possible that the casbin model and polcies
// could have been updated but the ssh keys were not.
func
Refresh
()
error
{
accessLock
.
Lock
()
defer
accessLock
.
Unlock
()
if
err
:=
refreshEnforcer
(
adminRepoPath
);
err
!=
nil
{
return
err
}
if
err
:=
refreshKeys
(
adminRepoPath
);
err
!=
nil
{
return
err
}
return
nil
}
func
check
(
user
,
repo
,
action
string
)
bool
{
return
enforcer
.
Enforce
(
user
,
repo
,
action
)
}
func
CanRead
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"read"
)
}
func
CanWrite
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"write"
)
}
func
CanInit
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"init"
)
}