forked from TrueCloudLab/frostfs-node
66 lines
1.6 KiB
Go
66 lines
1.6 KiB
Go
package main
|
|
|
|
import (
|
|
"sync"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/ape/chainbase"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
|
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource"
|
|
)
|
|
|
|
type accessPolicyEngine struct {
|
|
mtx sync.RWMutex
|
|
|
|
chainRouter engine.ChainRouter
|
|
|
|
morphChainStorage engine.MorphRuleChainStorage
|
|
|
|
localOverrideDatabase chainbase.LocalOverrideDatabase
|
|
}
|
|
|
|
var _ engine.LocalOverrideEngine = (*accessPolicyEngine)(nil)
|
|
|
|
func newAccessPolicyEngine(
|
|
morphChainStorage engine.MorphRuleChainStorage,
|
|
localOverrideDatabase chainbase.LocalOverrideDatabase,
|
|
) *accessPolicyEngine {
|
|
return &accessPolicyEngine{
|
|
chainRouter: engine.NewDefaultChainRouterWithLocalOverrides(
|
|
morphChainStorage,
|
|
localOverrideDatabase,
|
|
),
|
|
|
|
morphChainStorage: morphChainStorage,
|
|
|
|
localOverrideDatabase: localOverrideDatabase,
|
|
}
|
|
}
|
|
|
|
func (a *accessPolicyEngine) IsAllowed(name chain.Name, target engine.RequestTarget, r resource.Request) (status chain.Status, found bool, err error) {
|
|
a.mtx.RLock()
|
|
defer a.mtx.RUnlock()
|
|
|
|
return a.chainRouter.IsAllowed(name, target, r)
|
|
}
|
|
|
|
func (a *accessPolicyEngine) MorphRuleChainStorage() engine.MorphRuleChainStorage {
|
|
a.mtx.Lock()
|
|
defer a.mtx.Unlock()
|
|
|
|
return a.morphChainStorage
|
|
}
|
|
|
|
func (a *accessPolicyEngine) LocalStorage() engine.LocalOverrideStorage {
|
|
a.mtx.Lock()
|
|
defer a.mtx.Unlock()
|
|
|
|
return a.localOverrideDatabase
|
|
}
|
|
|
|
func (a *accessPolicyEngine) LocalOverrideDatabaseCore() chainbase.DatabaseCore {
|
|
a.mtx.Lock()
|
|
defer a.mtx.Unlock()
|
|
|
|
return a.localOverrideDatabase
|
|
}
|