Untitled
unknown
plain_text
a year ago
17 kB
8
Indexable
package com.aidtaas.mobius.acl.service.layer.services.impl; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.stereotype.Component; import com.aidtaas.mobius.acl.lib.model.response.ApiResponse; import com.aidtaas.mobius.acl.lib.model.spicedb.entity.basemodel.Resource; import com.aidtaas.mobius.acl.lib.model.spicedb.entity.basemodel.Subject; import com.aidtaas.mobius.acl.lib.model.spicedb.pojo.Item; import com.aidtaas.mobius.acl.lib.model.spicedb.request.BulkCheckPermissionRequest; import com.aidtaas.mobius.acl.lib.model.spicedb.request.CheckPermissionRequest; import com.aidtaas.mobius.acl.lib.model.spicedb.request.LookUpResourceCreateRequest; import com.aidtaas.mobius.acl.lib.model.spicedb.request.LookUpSubjectCreateRequest; import com.aidtaas.mobius.acl.lib.model.spicedb.request.RelationshipCreateRequest; import com.aidtaas.mobius.acl.lib.model.spicedb.request.RelationshipRemoveRequest; import com.aidtaas.mobius.acl.lib.model.spicedb.request.SchemaCreateRequest; import com.aidtaas.mobius.acl.service.layer.properties.SpiceDBProperties; import com.aidtaas.mobius.acl.service.layer.services.IAuthorizationService; import com.authzed.api.v1.Core; import com.authzed.api.v1.Core.ObjectReference; import com.authzed.api.v1.Core.Relationship; import com.authzed.api.v1.Core.RelationshipUpdate; import com.authzed.api.v1.Core.SubjectReference; import com.authzed.api.v1.ExperimentalServiceGrpc; import com.authzed.api.v1.ExperimentalServiceOuterClass; import com.authzed.api.v1.PermissionService; import com.authzed.api.v1.PermissionService.DeleteRelationshipsRequest; import com.authzed.api.v1.PermissionService.Precondition; import com.authzed.api.v1.PermissionService.Precondition.Operation; import com.authzed.api.v1.PermissionService.RelationshipFilter; import com.authzed.api.v1.PermissionService.SubjectFilter; import com.authzed.api.v1.PermissionsServiceGrpc; import com.authzed.api.v1.SchemaServiceGrpc; import com.authzed.api.v1.SchemaServiceOuterClass.ReadSchemaRequest; import com.authzed.api.v1.SchemaServiceOuterClass.ReadSchemaResponse; import com.authzed.api.v1.SchemaServiceOuterClass.WriteSchemaRequest; import com.authzed.api.v1.SchemaServiceOuterClass.WriteSchemaResponse; import com.authzed.grpcutil.BearerToken; import io.grpc.ManagedChannel; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import io.grpc.netty.shaded.io.grpc.netty.*; @RequiredArgsConstructor @Slf4j @Component("SPICEDB_SERVICE") public class AuthorizationServiceImpl implements IAuthorizationService { private final SpiceDBProperties spiceDBProperties; @Override public ApiResponse checkPermissionForGivenResource(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method------"); CheckPermissionRequest checkPermissionRequest = CheckPermissionRequest.class.cast(apiRequest); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc .newBlockingStub(channel).withCallCredentials(bearerToken); PermissionService.CheckPermissionRequest request = PermissionService.CheckPermissionRequest.newBuilder() .setConsistency(PermissionService.Consistency.newBuilder() .setMinimizeLatency(checkPermissionRequest.getConsistency().isMinimizeLatency()).build()) .setResource(Core.ObjectReference.newBuilder() .setObjectType(checkPermissionRequest.getResource().getObjectType()) .setObjectId(checkPermissionRequest.getResource().getObjectId()).build()) .setSubject(Core.SubjectReference.newBuilder() .setObject(Core.ObjectReference.newBuilder() .setObjectType(checkPermissionRequest.getSubject().getObject().getObjectType()) .setObjectId(checkPermissionRequest.getSubject().getObject().getObjectId()).build()) .build()) .setPermission(checkPermissionRequest.getPermission()).build(); try { PermissionService.CheckPermissionResponse response = permissionsService.checkPermission(request); log.info("-----Resonse : {}", response.getPermissionship().getValueDescriptor().getName()); } catch (Exception e) { log.error("-----Error message for checkPermissionForGivenResource: {}", e.getMessage()); } return null; } @Override public ApiResponse checkPermissionForGivenBulkResource(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method-----"); BulkCheckPermissionRequest bulkCheckPermissionRequest = BulkCheckPermissionRequest.class.cast(apiRequest); log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method : {}", bulkCheckPermissionRequest); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); ExperimentalServiceGrpc.ExperimentalServiceBlockingStub experimentalService = ExperimentalServiceGrpc .newBlockingStub(channel).withCallCredentials(bearerToken); ExperimentalServiceOuterClass.BulkCheckPermissionRequest.Builder requestBuilder = ExperimentalServiceOuterClass.BulkCheckPermissionRequest .newBuilder().setConsistency(PermissionService.Consistency.newBuilder() .setMinimizeLatency(bulkCheckPermissionRequest.getConsistency().isMinimizeLatency()).build()); for (Item item : bulkCheckPermissionRequest.getItems()) { Resource resource = item.getResource(); Subject subject = item.getSubject(); ExperimentalServiceOuterClass.BulkCheckPermissionRequestItem.Builder itemBuilder = ExperimentalServiceOuterClass.BulkCheckPermissionRequestItem .newBuilder() .setResource(Core.ObjectReference.newBuilder().setObjectType(resource.getObjectType()) .setObjectId(resource.getObjectId()).build()) .setPermission(item.getPermission()).setSubject( Core.SubjectReference.newBuilder() .setObject(Core.ObjectReference.newBuilder() .setObjectType(subject.getObject().getObjectType()) .setObjectId(subject.getObject().getObjectId()).build()) .build()); requestBuilder.addItems(itemBuilder); } ExperimentalServiceOuterClass.BulkCheckPermissionRequest request = requestBuilder.build(); ExperimentalServiceOuterClass.BulkCheckPermissionResponse response; try { response = experimentalService.bulkCheckPermission(request); log.info("-----Response : {}", response); } catch (Exception e) { log.error("-----Error message : {}", e.getMessage()); } return null; } @Override public ApiResponse grantPermissionForGivenResource(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, grantPermissionForGivenResource method-----"); RelationshipCreateRequest relationshipCreateRequest = RelationshipCreateRequest.class.cast(apiRequest); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc .newBlockingStub(channel).withCallCredentials(bearerToken); PermissionService.WriteRelationshipsRequest request = PermissionService.WriteRelationshipsRequest.newBuilder() .addUpdates( RelationshipUpdate.newBuilder().setOperation(RelationshipUpdate.Operation.OPERATION_CREATE) .setRelationship(Relationship.newBuilder().setResource(ObjectReference.newBuilder() .setObjectType(relationshipCreateRequest.getRootRelationship().getUpdates() .get(0).getRelationship().getResource().getObjectType()) .setObjectId(relationshipCreateRequest.getRootRelationship().getUpdates().get(0) .getRelationship().getResource().getObjectId()) .build()) .setRelation(relationshipCreateRequest.getRootRelationship().getUpdates().get(0) .getRelationship().getRelation()) .setSubject(SubjectReference.newBuilder() .setObject(ObjectReference.newBuilder() .setObjectType(relationshipCreateRequest.getRootRelationship() .getUpdates().get(0).getRelationship().getSubject() .getObject().getObjectType()) .setObjectId(relationshipCreateRequest.getRootRelationship() .getUpdates().get(0).getRelationship().getSubject() .getObject().getObjectId()) .build()) .build()) .build()) .build()) .build(); PermissionService.WriteRelationshipsResponse response; try { response = permissionsService.writeRelationships(request); String zedToken = response.getWrittenAt().getToken(); log.info("------Response after granting permission to the subject : {}", zedToken); } catch (Exception e) { } return null; } @Override public ApiResponse revokePermissionForGivenResource(Object apiRequest) { RelationshipRemoveRequest relationshipRemoveRequest = RelationshipRemoveRequest.class.cast(apiRequest); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc .newBlockingStub(channel).withCallCredentials(bearerToken); PermissionService.DeleteRelationshipsRequest request = PermissionService.DeleteRelationshipsRequest.newBuilder( DeleteRelationshipsRequest.newBuilder().setRelationshipFilter(RelationshipFilter.newBuilder() .setResourceType(relationshipRemoveRequest.getRelationshipFilter().getResourceType()) .setOptionalResourceId( relationshipRemoveRequest.getRelationshipFilter().getOptionalResourceId()) .setOptionalRelation(relationshipRemoveRequest.getRelationshipFilter().getOptionalRelation()) .setOptionalSubjectFilter(SubjectFilter.newBuilder() .setSubjectType(relationshipRemoveRequest.getRelationshipFilter() .getOptionalSubjectFilter().getSubjectType()) .setOptionalSubjectId(relationshipRemoveRequest.getRelationshipFilter() .getOptionalSubjectFilter().getOptionalSubjectId()) .build()) .build()) .setOptionalPreconditions(0, Precondition.newBuilder() .setOperation(Operation.OPERATION_MUST_MATCH) .setFilter(RelationshipFilter.newBuilder() .setResourceType(relationshipRemoveRequest.getOptionalPreconditions().get(0) .getOperation()) .setOptionalResourceId(relationshipRemoveRequest.getOptionalPreconditions() .get(0).getFilter().getOptionalResourceId()) .setOptionalRelation(relationshipRemoveRequest.getOptionalPreconditions().get(0) .getFilter().getOptionalRelation()) .build()) .build()) .build()) .build(); PermissionService.DeleteRelationshipsResponse response; try { response = permissionsService.deleteRelationships(request); log.info("-----Response after deleting the relationship : {}", response); } catch (final Exception ex) { log.error("-----Exception msg : {}", ex.getMessage()); } return null; } @Override public ApiResponse lookUpResources(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, lookUpResources method-----"); LookUpResourceCreateRequest lookUpResourceCreateRequest = LookUpResourceCreateRequest.class.cast(apiRequest); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc .newBlockingStub(channel).withCallCredentials(bearerToken); PermissionService.LookupResourcesRequest request = PermissionService.LookupResourcesRequest.newBuilder() .setConsistency(PermissionService.Consistency.newBuilder() .setMinimizeLatency(lookUpResourceCreateRequest.getConsistency().isMinimizeLatency()).build()) .setResourceObjectType(lookUpResourceCreateRequest.getResourceObjectType()) .setSubject(Core.SubjectReference.newBuilder().setObject(Core.ObjectReference.newBuilder() .setObjectType(lookUpResourceCreateRequest.getSubject().getObject().getObjectType()) .setObjectId(lookUpResourceCreateRequest.getSubject().getObject().getObjectId()).build()) .build()) .setPermission(lookUpResourceCreateRequest.getPermission()).build(); try { PermissionService.LookupResourcesResponse response = permissionsService.lookupResources(request).next(); log.info("-----Response from resourceLookUp: {}", response); } catch (Exception e) { log.error("-----Error message for lookUpResources: {}", e.getMessage()); } return null; } @Override public ApiResponse lookUpSubjects(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, lookUpSubjects method-----"); LookUpSubjectCreateRequest lookUpSubjectCreateRequest = LookUpSubjectCreateRequest.class.cast(apiRequest); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc .newBlockingStub(channel).withCallCredentials(bearerToken); PermissionService.LookupSubjectsRequest request = PermissionService.LookupSubjectsRequest.newBuilder() .setConsistency(PermissionService.Consistency.newBuilder() .setMinimizeLatency(lookUpSubjectCreateRequest.getConsistency().isMinimizeLatency()).build()) .setResource(Core.ObjectReference.newBuilder() .setObjectType(lookUpSubjectCreateRequest.getResource().getObjectType()) .setObjectId(lookUpSubjectCreateRequest.getResource().getObjectId()).build()) .setSubjectObjectType(lookUpSubjectCreateRequest.getSubjectObjectType()) .setPermission(lookUpSubjectCreateRequest.getPermission()).build(); PermissionService.LookupSubjectsResponse response; try { response = permissionsService.lookupSubjects(request).next(); log.info("-----Response for subjectLookUp : {}", response); } catch (Exception e) { log.error("-----Error message for lookUpSubjects: {}", e.getMessage()); } return null; } @Override public ApiResponse createSchema(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, createSchema method-----"); ObjectMapper mapper = new ObjectMapper(); SchemaCreateRequest schemaRequest = mapper.convertValue(apiRequest, SchemaCreateRequest.class); log.info("------schemaRequest---- {}", schemaRequest.toString()); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); log.info("-------SPICEDB URI {}", channel.toString()); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); SchemaServiceGrpc.SchemaServiceBlockingStub schemaService = SchemaServiceGrpc.newBlockingStub(channel) .withCallCredentials(bearerToken); WriteSchemaRequest request = WriteSchemaRequest.newBuilder().setSchema(schemaRequest.getSchema()).build(); log.info("-----request : {}", request.toString()); WriteSchemaResponse response; try { log.info("--------in try block--------"); response = schemaService.writeSchema(request); log.info("-----Response : {}", response); } catch (Exception e) { log.error("-----error----- {}", e.getMessage()); } return null; } @Override public ApiResponse readSchema(Object apiRequest) { log.info("-----AuthorizationServiceImpl Class, readSchema method-----"); ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort()) .usePlaintext() .build(); BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken()); SchemaServiceGrpc.SchemaServiceBlockingStub schemaService = SchemaServiceGrpc.newBlockingStub(channel) .withCallCredentials(bearerToken); ReadSchemaRequest request = ReadSchemaRequest.newBuilder().build(); ReadSchemaResponse response; try { response = schemaService.readSchema(request); log.info("-----Response : {}", response); } catch (Exception e) { } return null; } }
Editor is loading...
Leave a Comment