Add todo with interceptor
This commit is contained in:
Achim Rohn
@@ -3,6 +3,10 @@ package main
|
||||
import (
|
||||
"context"
|
||||
"ersteller-lib/schema/ent/example/ent"
|
||||
"ersteller-lib/schema/ent/example/ent/group"
|
||||
"ersteller-lib/schema/ent/example/ent/todo"
|
||||
"ersteller-lib/schema/ent/example/ent/user"
|
||||
"fmt"
|
||||
"log"
|
||||
"time"
|
||||
|
||||
@@ -18,15 +22,27 @@ func main() {
|
||||
}
|
||||
log.Println("client", client)
|
||||
defer client.Close()
|
||||
|
||||
// Add authorization interceptor for Todo queries
|
||||
client.Todo.Intercept(TodoAuthorizationInterceptor())
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Minute*5)
|
||||
defer cancel()
|
||||
|
||||
if err := client.Schema.Create(ctx); err != nil {
|
||||
log.Fatalf("failed creating schema resources: %v", err)
|
||||
}
|
||||
|
||||
testGroup, err := client.Group.Create().SetName("Test").Save(ctx)
|
||||
if err != nil {
|
||||
log.Fatalf("failed creating group: %w", err)
|
||||
}
|
||||
u, err := client.User.
|
||||
Create().
|
||||
SetEmail("something@gorlug.de").
|
||||
SetPassword("uhoh").Save(ctx)
|
||||
SetPassword("uhoh").
|
||||
AddGroup(testGroup).
|
||||
Save(ctx)
|
||||
if err != nil {
|
||||
log.Fatalf("failed creating user: %w", err)
|
||||
}
|
||||
@@ -60,4 +76,68 @@ func main() {
|
||||
}
|
||||
}
|
||||
|
||||
todoItem, err := client.Todo.Create().SetTitle("test").
|
||||
SetGroup(testGroup).Save(ctx)
|
||||
if err != nil {
|
||||
log.Fatalf("failed to create todo", err)
|
||||
}
|
||||
|
||||
// Add user ID to context for authorization
|
||||
authorizedCtx := context.WithValue(ctx, UserIDKey, u.ID)
|
||||
|
||||
// This should work - user is in the group
|
||||
retrievedTodo, err := client.Todo.Get(authorizedCtx, todoItem.ID)
|
||||
if err != nil {
|
||||
log.Fatalf("failed getting todo with authorization: %v", err)
|
||||
}
|
||||
log.Println("retrieved todo:", retrievedTodo)
|
||||
|
||||
// This should fail - no user ID in context
|
||||
_, err = client.Todo.Get(ctx, todoItem.ID)
|
||||
if err != nil {
|
||||
log.Println("expected authorization error:", err)
|
||||
}
|
||||
|
||||
secondGroup, err := client.Group.Create().SetName("second").Save(ctx)
|
||||
if err != nil {
|
||||
log.Fatalf("failed creating group: %w", err)
|
||||
}
|
||||
secondUser, err := client.User.Create().SetEmail("abc@def.de").AddGroup(secondGroup).Save(ctx)
|
||||
if err != nil {
|
||||
log.Fatalf("failed creating user: %w", err)
|
||||
}
|
||||
|
||||
// Add user ID to context for authorization
|
||||
secondUserAuthorizedCtx := context.WithValue(ctx, UserIDKey, secondUser.ID)
|
||||
_, err = client.Todo.Get(secondUserAuthorizedCtx, todoItem.ID)
|
||||
if err != nil {
|
||||
log.Println("expected authorization error:", err)
|
||||
}
|
||||
}
|
||||
|
||||
// UserIDKey is used to store user ID in context
|
||||
type contextKey string
|
||||
|
||||
const UserIDKey = contextKey("userID")
|
||||
|
||||
// TodoAuthorizationInterceptor returns an interceptor that enforces user authorization for todos
|
||||
func TodoAuthorizationInterceptor() ent.Interceptor {
|
||||
return ent.InterceptFunc(func(next ent.Querier) ent.Querier {
|
||||
return ent.QuerierFunc(func(ctx context.Context, query ent.Query) (ent.Value, error) {
|
||||
// Get user ID from context
|
||||
userID, ok := ctx.Value(UserIDKey).(int)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("user ID is required in context for todo operations")
|
||||
}
|
||||
|
||||
// Cast to TodoQuery to add authorization filter
|
||||
if tq, ok := query.(*ent.TodoQuery); ok {
|
||||
// Add predicate to ensure user is in the same group as the todo
|
||||
tq = tq.Where(todo.HasGroupWith(group.HasUsersWith(user.ID(userID))))
|
||||
return next.Query(ctx, tq)
|
||||
}
|
||||
|
||||
return next.Query(ctx, query)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user