Untitled

 avatar
unknown
plain_text
a year ago
17 kB
8
Indexable
package com.aidtaas.mobius.acl.service.layer.services.impl;

import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.stereotype.Component;

import com.aidtaas.mobius.acl.lib.model.response.ApiResponse;
import com.aidtaas.mobius.acl.lib.model.spicedb.entity.basemodel.Resource;
import com.aidtaas.mobius.acl.lib.model.spicedb.entity.basemodel.Subject;
import com.aidtaas.mobius.acl.lib.model.spicedb.pojo.Item;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.BulkCheckPermissionRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.CheckPermissionRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.LookUpResourceCreateRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.LookUpSubjectCreateRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.RelationshipCreateRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.RelationshipRemoveRequest;
import com.aidtaas.mobius.acl.lib.model.spicedb.request.SchemaCreateRequest;
import com.aidtaas.mobius.acl.service.layer.properties.SpiceDBProperties;
import com.aidtaas.mobius.acl.service.layer.services.IAuthorizationService;
import com.authzed.api.v1.Core;
import com.authzed.api.v1.Core.ObjectReference;
import com.authzed.api.v1.Core.Relationship;
import com.authzed.api.v1.Core.RelationshipUpdate;
import com.authzed.api.v1.Core.SubjectReference;
import com.authzed.api.v1.ExperimentalServiceGrpc;
import com.authzed.api.v1.ExperimentalServiceOuterClass;
import com.authzed.api.v1.PermissionService;
import com.authzed.api.v1.PermissionService.DeleteRelationshipsRequest;
import com.authzed.api.v1.PermissionService.Precondition;
import com.authzed.api.v1.PermissionService.Precondition.Operation;
import com.authzed.api.v1.PermissionService.RelationshipFilter;
import com.authzed.api.v1.PermissionService.SubjectFilter;
import com.authzed.api.v1.PermissionsServiceGrpc;
import com.authzed.api.v1.SchemaServiceGrpc;
import com.authzed.api.v1.SchemaServiceOuterClass.ReadSchemaRequest;
import com.authzed.api.v1.SchemaServiceOuterClass.ReadSchemaResponse;
import com.authzed.api.v1.SchemaServiceOuterClass.WriteSchemaRequest;
import com.authzed.api.v1.SchemaServiceOuterClass.WriteSchemaResponse;
import com.authzed.grpcutil.BearerToken;

import io.grpc.ManagedChannel;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import io.grpc.netty.shaded.io.grpc.netty.*;

@RequiredArgsConstructor
@Slf4j
@Component("SPICEDB_SERVICE")
public class AuthorizationServiceImpl implements IAuthorizationService {

	private final SpiceDBProperties spiceDBProperties;

	@Override
	public ApiResponse checkPermissionForGivenResource(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method------");
		CheckPermissionRequest checkPermissionRequest = CheckPermissionRequest.class.cast(apiRequest);

		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
				.newBlockingStub(channel).withCallCredentials(bearerToken);

		PermissionService.CheckPermissionRequest request = PermissionService.CheckPermissionRequest.newBuilder()
				.setConsistency(PermissionService.Consistency.newBuilder()
						.setMinimizeLatency(checkPermissionRequest.getConsistency().isMinimizeLatency()).build())
				.setResource(Core.ObjectReference.newBuilder()
						.setObjectType(checkPermissionRequest.getResource().getObjectType())
						.setObjectId(checkPermissionRequest.getResource().getObjectId()).build())
				.setSubject(Core.SubjectReference.newBuilder()
						.setObject(Core.ObjectReference.newBuilder()
								.setObjectType(checkPermissionRequest.getSubject().getObject().getObjectType())
								.setObjectId(checkPermissionRequest.getSubject().getObject().getObjectId()).build())
						.build())
				.setPermission(checkPermissionRequest.getPermission()).build();

		try {
			PermissionService.CheckPermissionResponse response = permissionsService.checkPermission(request);
			log.info("-----Resonse : {}", response.getPermissionship().getValueDescriptor().getName());
		} catch (Exception e) {
			log.error("-----Error message for checkPermissionForGivenResource: {}", e.getMessage());
		}

		return null;
	}

	@Override
	public ApiResponse checkPermissionForGivenBulkResource(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method-----");

		BulkCheckPermissionRequest bulkCheckPermissionRequest = BulkCheckPermissionRequest.class.cast(apiRequest);
		log.info("-----AuthorizationServiceImpl Class, checkPermissionForGivenResource method : {}",
				bulkCheckPermissionRequest);
		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		ExperimentalServiceGrpc.ExperimentalServiceBlockingStub experimentalService = ExperimentalServiceGrpc
				.newBlockingStub(channel).withCallCredentials(bearerToken);

		ExperimentalServiceOuterClass.BulkCheckPermissionRequest.Builder requestBuilder = ExperimentalServiceOuterClass.BulkCheckPermissionRequest
				.newBuilder().setConsistency(PermissionService.Consistency.newBuilder()
						.setMinimizeLatency(bulkCheckPermissionRequest.getConsistency().isMinimizeLatency()).build());

		for (Item item : bulkCheckPermissionRequest.getItems()) {
			Resource resource = item.getResource();
			Subject subject = item.getSubject();

			ExperimentalServiceOuterClass.BulkCheckPermissionRequestItem.Builder itemBuilder = ExperimentalServiceOuterClass.BulkCheckPermissionRequestItem
					.newBuilder()
					.setResource(Core.ObjectReference.newBuilder().setObjectType(resource.getObjectType())
							.setObjectId(resource.getObjectId()).build())
					.setPermission(item.getPermission()).setSubject(
							Core.SubjectReference.newBuilder()
									.setObject(Core.ObjectReference.newBuilder()
											.setObjectType(subject.getObject().getObjectType())
											.setObjectId(subject.getObject().getObjectId()).build())
									.build());

			requestBuilder.addItems(itemBuilder);
		}

		ExperimentalServiceOuterClass.BulkCheckPermissionRequest request = requestBuilder.build();

		ExperimentalServiceOuterClass.BulkCheckPermissionResponse response;
		try {
			response = experimentalService.bulkCheckPermission(request);
			log.info("-----Response : {}", response);

		} catch (Exception e) {
			log.error("-----Error message : {}", e.getMessage());
		}

		return null;
	}

	@Override
	public ApiResponse grantPermissionForGivenResource(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, grantPermissionForGivenResource method-----");
		RelationshipCreateRequest relationshipCreateRequest = RelationshipCreateRequest.class.cast(apiRequest);
		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
				.newBlockingStub(channel).withCallCredentials(bearerToken);

		PermissionService.WriteRelationshipsRequest request = PermissionService.WriteRelationshipsRequest.newBuilder()
				.addUpdates(
						RelationshipUpdate.newBuilder().setOperation(RelationshipUpdate.Operation.OPERATION_CREATE)
								.setRelationship(Relationship.newBuilder().setResource(ObjectReference.newBuilder()
										.setObjectType(relationshipCreateRequest.getRootRelationship().getUpdates()
												.get(0).getRelationship().getResource().getObjectType())
										.setObjectId(relationshipCreateRequest.getRootRelationship().getUpdates().get(0)
												.getRelationship().getResource().getObjectId())
										.build())
										.setRelation(relationshipCreateRequest.getRootRelationship().getUpdates().get(0)
												.getRelationship().getRelation())
										.setSubject(SubjectReference.newBuilder()
												.setObject(ObjectReference.newBuilder()
														.setObjectType(relationshipCreateRequest.getRootRelationship()
																.getUpdates().get(0).getRelationship().getSubject()
																.getObject().getObjectType())
														.setObjectId(relationshipCreateRequest.getRootRelationship()
																.getUpdates().get(0).getRelationship().getSubject()
																.getObject().getObjectId())
														.build())
												.build())
										.build())
								.build())
				.build();

		PermissionService.WriteRelationshipsResponse response;
		try {
			response = permissionsService.writeRelationships(request);
			String zedToken = response.getWrittenAt().getToken();
			log.info("------Response after granting permission to the subject : {}", zedToken);
		} catch (Exception e) {
		}

		return null;
	}

	@Override
	public ApiResponse revokePermissionForGivenResource(Object apiRequest) {

		RelationshipRemoveRequest relationshipRemoveRequest = RelationshipRemoveRequest.class.cast(apiRequest);
		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
				.newBlockingStub(channel).withCallCredentials(bearerToken);

		PermissionService.DeleteRelationshipsRequest request = PermissionService.DeleteRelationshipsRequest.newBuilder(
				DeleteRelationshipsRequest.newBuilder().setRelationshipFilter(RelationshipFilter.newBuilder()
						.setResourceType(relationshipRemoveRequest.getRelationshipFilter().getResourceType())
						.setOptionalResourceId(
								relationshipRemoveRequest.getRelationshipFilter().getOptionalResourceId())
						.setOptionalRelation(relationshipRemoveRequest.getRelationshipFilter().getOptionalRelation())
						.setOptionalSubjectFilter(SubjectFilter.newBuilder()
								.setSubjectType(relationshipRemoveRequest.getRelationshipFilter()
										.getOptionalSubjectFilter().getSubjectType())
								.setOptionalSubjectId(relationshipRemoveRequest.getRelationshipFilter()
										.getOptionalSubjectFilter().getOptionalSubjectId())
								.build())
						.build())
						.setOptionalPreconditions(0, Precondition.newBuilder()
								.setOperation(Operation.OPERATION_MUST_MATCH)
								.setFilter(RelationshipFilter.newBuilder()
										.setResourceType(relationshipRemoveRequest.getOptionalPreconditions().get(0)
												.getOperation())
										.setOptionalResourceId(relationshipRemoveRequest.getOptionalPreconditions()
												.get(0).getFilter().getOptionalResourceId())
										.setOptionalRelation(relationshipRemoveRequest.getOptionalPreconditions().get(0)
												.getFilter().getOptionalRelation())
										.build())
								.build())
						.build())
				.build();
		PermissionService.DeleteRelationshipsResponse response;
		try {
			response = permissionsService.deleteRelationships(request);
			log.info("-----Response after deleting the relationship : {}", response);
		} catch (final Exception ex) {
			log.error("-----Exception msg : {}", ex.getMessage());
		}
		return null;
	}

	@Override
	public ApiResponse lookUpResources(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, lookUpResources method-----");
		LookUpResourceCreateRequest lookUpResourceCreateRequest = LookUpResourceCreateRequest.class.cast(apiRequest);
		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
				.newBlockingStub(channel).withCallCredentials(bearerToken);

		PermissionService.LookupResourcesRequest request = PermissionService.LookupResourcesRequest.newBuilder()
				.setConsistency(PermissionService.Consistency.newBuilder()
						.setMinimizeLatency(lookUpResourceCreateRequest.getConsistency().isMinimizeLatency()).build())
				.setResourceObjectType(lookUpResourceCreateRequest.getResourceObjectType())
				.setSubject(Core.SubjectReference.newBuilder().setObject(Core.ObjectReference.newBuilder()
						.setObjectType(lookUpResourceCreateRequest.getSubject().getObject().getObjectType())
						.setObjectId(lookUpResourceCreateRequest.getSubject().getObject().getObjectId()).build())
						.build())
				.setPermission(lookUpResourceCreateRequest.getPermission()).build();
		try {
			PermissionService.LookupResourcesResponse response = permissionsService.lookupResources(request).next();
			log.info("-----Response from resourceLookUp: {}", response);
		} catch (Exception e) {
			log.error("-----Error message for lookUpResources: {}", e.getMessage());
		}
		return null;
	}

	@Override
	public ApiResponse lookUpSubjects(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, lookUpSubjects method-----");
		LookUpSubjectCreateRequest lookUpSubjectCreateRequest = LookUpSubjectCreateRequest.class.cast(apiRequest);
		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		PermissionsServiceGrpc.PermissionsServiceBlockingStub permissionsService = PermissionsServiceGrpc
				.newBlockingStub(channel).withCallCredentials(bearerToken);

		PermissionService.LookupSubjectsRequest request = PermissionService.LookupSubjectsRequest.newBuilder()
				.setConsistency(PermissionService.Consistency.newBuilder()
						.setMinimizeLatency(lookUpSubjectCreateRequest.getConsistency().isMinimizeLatency()).build())
				.setResource(Core.ObjectReference.newBuilder()
						.setObjectType(lookUpSubjectCreateRequest.getResource().getObjectType())
						.setObjectId(lookUpSubjectCreateRequest.getResource().getObjectId()).build())
				.setSubjectObjectType(lookUpSubjectCreateRequest.getSubjectObjectType())
				.setPermission(lookUpSubjectCreateRequest.getPermission()).build();

		PermissionService.LookupSubjectsResponse response;
		try {
			response = permissionsService.lookupSubjects(request).next();
			log.info("-----Response for subjectLookUp :  {}", response);
		} catch (Exception e) {
			log.error("-----Error message for lookUpSubjects: {}", e.getMessage());
		}
		return null;
	}

	@Override
	public ApiResponse createSchema(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, createSchema method-----");

		ObjectMapper mapper = new ObjectMapper();
		SchemaCreateRequest schemaRequest = mapper.convertValue(apiRequest, SchemaCreateRequest.class);

		log.info("------schemaRequest---- {}", schemaRequest.toString());
		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();

		log.info("-------SPICEDB URI {}", channel.toString());

		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		SchemaServiceGrpc.SchemaServiceBlockingStub schemaService = SchemaServiceGrpc.newBlockingStub(channel)
				.withCallCredentials(bearerToken);

		WriteSchemaRequest request = WriteSchemaRequest.newBuilder().setSchema(schemaRequest.getSchema()).build();
		log.info("-----request : {}", request.toString());
		WriteSchemaResponse response;
		try {
			log.info("--------in try block--------");
			response = schemaService.writeSchema(request);
			log.info("-----Response : {}", response);
		} catch (Exception e) {
			log.error("-----error----- {}", e.getMessage());
		}
		return null;
	}

	@Override
	public ApiResponse readSchema(Object apiRequest) {
		log.info("-----AuthorizationServiceImpl Class, readSchema method-----");

		ManagedChannel channel = NettyChannelBuilder.forAddress(spiceDBProperties.getHost(), spiceDBProperties.getPort())
				.usePlaintext()
				.build();
		BearerToken bearerToken = new BearerToken(spiceDBProperties.getToken());
		SchemaServiceGrpc.SchemaServiceBlockingStub schemaService = SchemaServiceGrpc.newBlockingStub(channel)
				.withCallCredentials(bearerToken);

		ReadSchemaRequest request = ReadSchemaRequest.newBuilder().build();
		ReadSchemaResponse response;
		try {
			response = schemaService.readSchema(request);
			log.info("-----Response : {}", response);
		} catch (Exception e) {
		}
		return null;
	}
}
Editor is loading...
Leave a Comment