Untitled
unknown
plain_text
a year ago
17 kB
8
Indexable
package com.aidtaas.mobius.acl.service.layer.services.impl;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.stereotype.Component;
import com.aidtaas.mobius.acl.lib.model.response.ApiResponse;
import com.aidtaas.mobius.acl.lib.model.spicedb.entity.basemodel.Resource;
import com.aidtaas.mobius.acl.lib.model.spicedb.entity.basemodel.Subject;
import com.aidtaas.mobius.acl.lib.model.spicedb.pojo.Item;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.BulkCheckPermissionRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.CheckPermissionRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.LookUpResourceCreateRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.LookUpSubjectCreateRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.RelationshipCreateRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.RelationshipRemoveRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.SchemaCreateRequest;
import com.aidtaas.mobius.acl.service.layer.properties.SpiceDBProperties;
import com.aidtaas.mobius.acl.service.layer.services.IAuthorizationService;
import com.authzed.api.v1.Core;
import com.authzed.api.v1.Core.ObjectReference;
import com.authzed.api.v1.Core.Relationship;
import com.authzed.api.v1.Core.RelationshipUpdate;
import com.authzed.api.v1.Core.SubjectReference;
import com.authzed.api.v1.ExperimentalServiceGrpc;
import com.authzed.api.v1.ExperimentalServiceOuterClass;
import com.authzed.api.v1.PermissionService;
import com.authzed.api.v1.PermissionService.DeleteRelationshipsRequest;
import com.authzed.api.v1.PermissionService.Precondition;
import com.authzed.api.v1.PermissionService.Precondition.Operation;
import com.authzed.api.v1.PermissionService.RelationshipFilter;
import com.authzed.api.v1.PermissionService.SubjectFilter;
import com.authzed.api.v1.PermissionsServiceGrpc;
import com.authzed.api.v1.SchemaServiceGrpc;
import com.authzed.api.v1.SchemaServiceOuterClass.ReadSchemaRequest;
import com.authzed.api.v1.SchemaServiceOuterClass.ReadSchemaResponse;
import com.authzed.api.v1.SchemaServiceOuterClass.WriteSchemaRequest;
import com.authzed.api.v1.SchemaServiceOuterClass.WriteSchemaResponse;
import com.authzed.grpcutil.BearerToken;
import io.grpc.ManagedChannel;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import io.grpc.netty.shaded.io.grpc.netty.*;
@RequiredArgsConstructor
@Slf4j
@Component("SPICEDB_SERVICE")
public class AuthorizationServiceImpl implements IAuthorizationService {
private final SpiceDBProperties spiceDBProperties;
@Override
public ApiResponse checkPermissionForGivenResource(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method------");
CheckPermissionRequest checkPermissionRequest = CheckPermissionRequest.class.cast(apiRequest);
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
.newBlockingStub(channel).withCallCredentials(bearerToken);
PermissionService.CheckPermissionRequest request = PermissionService.CheckPermissionRequest.newBuilder()
.setConsistency(PermissionService.Consistency.newBuilder()
.setMinimizeLatency(checkPermissionRequest.getConsistency().isMinimizeLatency()).build())
.setResource(Core.ObjectReference.newBuilder()
.setObjectType(checkPermissionRequest.getResource().getObjectType())
.setObjectId(checkPermissionRequest.getResource().getObjectId()).build())
.setSubject(Core.SubjectReference.newBuilder()
.setObject(Core.ObjectReference.newBuilder()
.setObjectType(checkPermissionRequest.getSubject().getObject().getObjectType())
.setObjectId(checkPermissionRequest.getSubject().getObject().getObjectId()).build())
.build())
.setPermission(checkPermissionRequest.getPermission()).build();
try {
PermissionService.CheckPermissionResponse response = permissionsService.checkPermission(request);
log.info("-----Resonse : {}", response.getPermissionship().getValueDescriptor().getName());
} catch (Exception e) {
log.error("-----Error message for checkPermissionForGivenResource: {}", e.getMessage());
}
return null;
}
@Override
public ApiResponse checkPermissionForGivenBulkResource(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method-----");
BulkCheckPermissionRequest bulkCheckPermissionRequest = BulkCheckPermissionRequest.class.cast(apiRequest);
log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method : {}",
bulkCheckPermissionRequest);
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
ExperimentalServiceGrpc.ExperimentalServiceBlockingStub experimentalService = ExperimentalServiceGrpc
.newBlockingStub(channel).withCallCredentials(bearerToken);
ExperimentalServiceOuterClass.BulkCheckPermissionRequest.Builder requestBuilder = ExperimentalServiceOuterClass.BulkCheckPermissionRequest
.newBuilder().setConsistency(PermissionService.Consistency.newBuilder()
.setMinimizeLatency(bulkCheckPermissionRequest.getConsistency().isMinimizeLatency()).build());
for (Item item : bulkCheckPermissionRequest.getItems()) {
Resource resource = item.getResource();
Subject subject = item.getSubject();
ExperimentalServiceOuterClass.BulkCheckPermissionRequestItem.Builder itemBuilder = ExperimentalServiceOuterClass.BulkCheckPermissionRequestItem
.newBuilder()
.setResource(Core.ObjectReference.newBuilder().setObjectType(resource.getObjectType())
.setObjectId(resource.getObjectId()).build())
.setPermission(item.getPermission()).setSubject(
Core.SubjectReference.newBuilder()
.setObject(Core.ObjectReference.newBuilder()
.setObjectType(subject.getObject().getObjectType())
.setObjectId(subject.getObject().getObjectId()).build())
.build());
requestBuilder.addItems(itemBuilder);
}
ExperimentalServiceOuterClass.BulkCheckPermissionRequest request = requestBuilder.build();
ExperimentalServiceOuterClass.BulkCheckPermissionResponse response;
try {
response = experimentalService.bulkCheckPermission(request);
log.info("-----Response : {}", response);
} catch (Exception e) {
log.error("-----Error message : {}", e.getMessage());
}
return null;
}
@Override
public ApiResponse grantPermissionForGivenResource(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, grantPermissionForGivenResource method-----");
RelationshipCreateRequest relationshipCreateRequest = RelationshipCreateRequest.class.cast(apiRequest);
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
.newBlockingStub(channel).withCallCredentials(bearerToken);
PermissionService.WriteRelationshipsRequest request = PermissionService.WriteRelationshipsRequest.newBuilder()
.addUpdates(
RelationshipUpdate.newBuilder().setOperation(RelationshipUpdate.Operation.OPERATION_CREATE)
.setRelationship(Relationship.newBuilder().setResource(ObjectReference.newBuilder()
.setObjectType(relationshipCreateRequest.getRootRelationship().getUpdates()
.get(0).getRelationship().getResource().getObjectType())
.setObjectId(relationshipCreateRequest.getRootRelationship().getUpdates().get(0)
.getRelationship().getResource().getObjectId())
.build())
.setRelation(relationshipCreateRequest.getRootRelationship().getUpdates().get(0)
.getRelationship().getRelation())
.setSubject(SubjectReference.newBuilder()
.setObject(ObjectReference.newBuilder()
.setObjectType(relationshipCreateRequest.getRootRelationship()
.getUpdates().get(0).getRelationship().getSubject()
.getObject().getObjectType())
.setObjectId(relationshipCreateRequest.getRootRelationship()
.getUpdates().get(0).getRelationship().getSubject()
.getObject().getObjectId())
.build())
.build())
.build())
.build())
.build();
PermissionService.WriteRelationshipsResponse response;
try {
response = permissionsService.writeRelationships(request);
String zedToken = response.getWrittenAt().getToken();
log.info("------Response after granting permission to the subject : {}", zedToken);
} catch (Exception e) {
}
return null;
}
@Override
public ApiResponse revokePermissionForGivenResource(Object apiRequest) {
RelationshipRemoveRequest relationshipRemoveRequest = RelationshipRemoveRequest.class.cast(apiRequest);
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
.newBlockingStub(channel).withCallCredentials(bearerToken);
PermissionService.DeleteRelationshipsRequest request = PermissionService.DeleteRelationshipsRequest.newBuilder(
DeleteRelationshipsRequest.newBuilder().setRelationshipFilter(RelationshipFilter.newBuilder()
.setResourceType(relationshipRemoveRequest.getRelationshipFilter().getResourceType())
.setOptionalResourceId(
relationshipRemoveRequest.getRelationshipFilter().getOptionalResourceId())
.setOptionalRelation(relationshipRemoveRequest.getRelationshipFilter().getOptionalRelation())
.setOptionalSubjectFilter(SubjectFilter.newBuilder()
.setSubjectType(relationshipRemoveRequest.getRelationshipFilter()
.getOptionalSubjectFilter().getSubjectType())
.setOptionalSubjectId(relationshipRemoveRequest.getRelationshipFilter()
.getOptionalSubjectFilter().getOptionalSubjectId())
.build())
.build())
.setOptionalPreconditions(0, Precondition.newBuilder()
.setOperation(Operation.OPERATION_MUST_MATCH)
.setFilter(RelationshipFilter.newBuilder()
.setResourceType(relationshipRemoveRequest.getOptionalPreconditions().get(0)
.getOperation())
.setOptionalResourceId(relationshipRemoveRequest.getOptionalPreconditions()
.get(0).getFilter().getOptionalResourceId())
.setOptionalRelation(relationshipRemoveRequest.getOptionalPreconditions().get(0)
.getFilter().getOptionalRelation())
.build())
.build())
.build())
.build();
PermissionService.DeleteRelationshipsResponse response;
try {
response = permissionsService.deleteRelationships(request);
log.info("-----Response after deleting the relationship : {}", response);
} catch (final Exception ex) {
log.error("-----Exception msg : {}", ex.getMessage());
}
return null;
}
@Override
public ApiResponse lookUpResources(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, lookUpResources method-----");
LookUpResourceCreateRequest lookUpResourceCreateRequest = LookUpResourceCreateRequest.class.cast(apiRequest);
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
.newBlockingStub(channel).withCallCredentials(bearerToken);
PermissionService.LookupResourcesRequest request = PermissionService.LookupResourcesRequest.newBuilder()
.setConsistency(PermissionService.Consistency.newBuilder()
.setMinimizeLatency(lookUpResourceCreateRequest.getConsistency().isMinimizeLatency()).build())
.setResourceObjectType(lookUpResourceCreateRequest.getResourceObjectType())
.setSubject(Core.SubjectReference.newBuilder().setObject(Core.ObjectReference.newBuilder()
.setObjectType(lookUpResourceCreateRequest.getSubject().getObject().getObjectType())
.setObjectId(lookUpResourceCreateRequest.getSubject().getObject().getObjectId()).build())
.build())
.setPermission(lookUpResourceCreateRequest.getPermission()).build();
try {
PermissionService.LookupResourcesResponse response = permissionsService.lookupResources(request).next();
log.info("-----Response from resourceLookUp: {}", response);
} catch (Exception e) {
log.error("-----Error message for lookUpResources: {}", e.getMessage());
}
return null;
}
@Override
public ApiResponse lookUpSubjects(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, lookUpSubjects method-----");
LookUpSubjectCreateRequest lookUpSubjectCreateRequest = LookUpSubjectCreateRequest.class.cast(apiRequest);
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
.newBlockingStub(channel).withCallCredentials(bearerToken);
PermissionService.LookupSubjectsRequest request = PermissionService.LookupSubjectsRequest.newBuilder()
.setConsistency(PermissionService.Consistency.newBuilder()
.setMinimizeLatency(lookUpSubjectCreateRequest.getConsistency().isMinimizeLatency()).build())
.setResource(Core.ObjectReference.newBuilder()
.setObjectType(lookUpSubjectCreateRequest.getResource().getObjectType())
.setObjectId(lookUpSubjectCreateRequest.getResource().getObjectId()).build())
.setSubjectObjectType(lookUpSubjectCreateRequest.getSubjectObjectType())
.setPermission(lookUpSubjectCreateRequest.getPermission()).build();
PermissionService.LookupSubjectsResponse response;
try {
response = permissionsService.lookupSubjects(request).next();
log.info("-----Response for subjectLookUp : {}", response);
} catch (Exception e) {
log.error("-----Error message for lookUpSubjects: {}", e.getMessage());
}
return null;
}
@Override
public ApiResponse createSchema(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, createSchema method-----");
ObjectMapper mapper = new ObjectMapper();
SchemaCreateRequest schemaRequest = mapper.convertValue(apiRequest, SchemaCreateRequest.class);
log.info("------schemaRequest---- {}", schemaRequest.toString());
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
log.info("-------SPICEDB URI {}", channel.toString());
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
SchemaServiceGrpc.SchemaServiceBlockingStub schemaService = SchemaServiceGrpc.newBlockingStub(channel)
.withCallCredentials(bearerToken);
WriteSchemaRequest request = WriteSchemaRequest.newBuilder().setSchema(schemaRequest.getSchema()).build();
log.info("-----request : {}", request.toString());
WriteSchemaResponse response;
try {
log.info("--------in try block--------");
response = schemaService.writeSchema(request);
log.info("-----Response : {}", response);
} catch (Exception e) {
log.error("-----error----- {}", e.getMessage());
}
return null;
}
@Override
public ApiResponse readSchema(Object apiRequest) {
log.info("-----AuthorizationServiceImpl Class, readSchema method-----");
ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
.usePlaintext()
.build();
BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
SchemaServiceGrpc.SchemaServiceBlockingStub schemaService = SchemaServiceGrpc.newBlockingStub(channel)
.withCallCredentials(bearerToken);
ReadSchemaRequest request = ReadSchemaRequest.newBuilder().build();
ReadSchemaResponse response;
try {
response = schemaService.readSchema(request);
log.info("-----Response : {}", response);
} catch (Exception e) {
}
return null;
}
}
Editor is loading...
Leave a Comment