storj/satellite/console/consolewasm/restrict.go

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.

package consolewasm

import (
	"strings"

	"storj.io/common/grant"
)

// RestrictGrant restricts an access grant with the permissions and paths and returns a new access grant.
func RestrictGrant(accessGrant string, paths []string, permission Permission) (string, error) {
	access, err := grant.ParseAccess(accessGrant)
	if err != nil {
		return "", err
	}

	prefixes := make([]grant.SharePrefix, 0, len(paths))
	for _, path := range paths {
		parts := strings.SplitN(path, "/", 2)
		prefix := grant.SharePrefix{Bucket: parts[0]}
		if len(parts) > 1 {
			prefix.Prefix = parts[1]
		}
		prefixes = append(prefixes, prefix)
	}

	restricted, err := access.Restrict(
		grant.Permission{
			AllowDownload: permission.AllowDownload,
			AllowUpload:   permission.AllowUpload,
			AllowList:     permission.AllowList,
			AllowDelete:   permission.AllowDelete,
			NotBefore:     permission.NotBefore,
			NotAfter:      permission.NotAfter,
		},
		prefixes...,
	)
	if err != nil {
		return "", err
	}

	return restricted.Serialize()
}
satellite/wasm: support restricting full access grants to paths Change-Id: Id6d4fa41db068d32e7c0d542d9d8805fba927fc6 2021-03-25 22:57:25 +00:00			`// Copyright (C) 2020 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package consolewasm`

			`import (`
			`"strings"`

			`"storj.io/common/grant"`
			`)`

			`// RestrictGrant restricts an access grant with the permissions and paths and returns a new access grant.`
			`func RestrictGrant(accessGrant string, paths []string, permission Permission) (string, error) {`
			`access, err := grant.ParseAccess(accessGrant)`
			`if err != nil {`
			`return "", err`
			`}`

			`prefixes := make([]grant.SharePrefix, 0, len(paths))`
			`for _, path := range paths {`
			`parts := strings.SplitN(path, "/", 2)`
			`prefix := grant.SharePrefix{Bucket: parts[0]}`
			`if len(parts) > 1 {`
			`prefix.Prefix = parts[1]`
			`}`
			`prefixes = append(prefixes, prefix)`
			`}`

satellite/console/consolewasm: no direct cast to grant.Permission A new field is introduced to grant.Permission in storj.io/common. Having a direct cast here leads to compilation problems when bumping storj.io/uplink to the latest storj.io/common. Avoiding the direct cast resolves the issue. Context: https://github.com/storj/storj/issues/6249 Change-Id: I3b9bc14ebcce8e192e218c621b996300753b8de4 2023-09-07 11:27:53 +01:00			`restricted, err := access.Restrict(`
			`grant.Permission{`
			`AllowDownload: permission.AllowDownload,`
			`AllowUpload: permission.AllowUpload,`
			`AllowList: permission.AllowList,`
			`AllowDelete: permission.AllowDelete,`
			`NotBefore: permission.NotBefore,`
			`NotAfter: permission.NotAfter,`
			`},`
			`prefixes...,`
			`)`
satellite/wasm: support restricting full access grants to paths Change-Id: Id6d4fa41db068d32e7c0d542d9d8805fba927fc6 2021-03-25 22:57:25 +00:00			`if err != nil {`
			`return "", err`
			`}`

			`return restricted.Serialize()`
			`}`