catalyst/role/role.go

package role

import (
	"errors"
	"sort"
	"strings"

	"golang.org/x/exp/slices"

	"github.com/SecurityBrewery/catalyst/generated/model"
)

type Role string

const (
	Analyst  string = "analyst"
	Engineer string = "engineer"
	Admin    string = "admin"

	AutomationRead       Role = "analyst:automation:read"
	CurrentuserRead      Role = "analyst:currentuser:read"
	CurrentuserdataRead  Role = "analyst:currentuserdata:read"
	CurrentuserdataWrite Role = "analyst:currentsettings:write"
	DashboardRead        Role = "analyst:dashboard:read"
	FileReadWrite        Role = "analyst:file"
	GroupRead            Role = "analyst:group:read"
	PlaybookRead         Role = "analyst:playbook:read"
	RuleRead             Role = "analyst:rule:read"
	SettingsRead         Role = "analyst:settings:read"
	TemplateRead         Role = "analyst:template:read"
	TicketRead           Role = "analyst:ticket:read"
	TicketWrite          Role = "analyst:ticket:write"
	TickettypeRead       Role = "analyst:tickettype:read"
	UserRead             Role = "analyst:user:read"

	AutomationWrite Role = "engineer:automation:write"
	PlaybookWrite   Role = "engineer:playbook:write"
	RuleWrite       Role = "engineer:rule:write"
	TemplateWrite   Role = "engineer:template:write"
	TickettypeWrite Role = "engineer:tickettype:write"

	BackupRead     Role = "admin:backup:read"
	BackupRestore  Role = "admin:backup:restore"
	DashboardWrite Role = "admin:dashboard:write"
	GroupWrite     Role = "admin:group:write"
	JobRead        Role = "admin:job:read"
	JobWrite       Role = "admin:job:write"
	LogRead        Role = "admin:log:read"
	SettingsWrite  Role = "admin:settings:write"
	TicketDelete   Role = "admin:ticket:delete"
	UserWrite      Role = "admin:user:write"
	UserdataRead   Role = "admin:userdata:read"
	UserdataWrite  Role = "admin:userdata:write"
)

func (p Role) String() string {
	return string(p)
}

func UserHasRoles(user *model.UserResponse, roles []Role) bool {
	hasRoles := true
	for _, role := range roles {
		if !UserHasRole(user, role) {
			hasRoles = false

			break
		}
	}

	return hasRoles
}

func UserHasRole(user *model.UserResponse, role Role) bool {
	return slices.Contains(FromStrings(user.Roles), role)
}

func Explodes(s []string) []Role {
	var roles []Role
	for _, e := range s {
		roles = append(roles, Explode(e)...)
	}
	sort.Slice(roles, func(i, j int) bool {
		return roles[i].String() < roles[j].String()
	})
	roles = slices.Compact(roles)

	return roles
}

func Explode(s string) []Role {
	var roles []Role

	switch s {
	case Admin:
		roles = append(roles, listPrefix(Admin)...)

		fallthrough
	case Engineer:
		roles = append(roles, listPrefix(Engineer)...)

		fallthrough
	case Analyst:
		roles = append(roles, listPrefix(Analyst)...)

		return roles
	}

	for _, role := range List() {
		if role.String() == s {
			roles = append(roles, role)
		}
	}

	return roles
}

func listPrefix(s string) []Role {
	var roles []Role

	for _, role := range List() {
		if strings.HasPrefix(role.String(), s+":") {
			roles = append(roles, role)
		}
	}

	return roles
}

func List() []Role {
	return []Role{
		AutomationRead, CurrentuserdataRead, CurrentuserdataWrite,
		CurrentuserRead, FileReadWrite, GroupRead, PlaybookRead, RuleRead,
		UserdataRead, SettingsRead, TemplateRead, TicketRead, TickettypeRead,
		TicketWrite, UserRead, AutomationWrite, PlaybookWrite, RuleWrite,
		TemplateWrite, TickettypeWrite, BackupRead, BackupRestore, GroupWrite,
		LogRead, UserdataWrite, TicketDelete, UserWrite, JobRead, JobWrite,
		SettingsWrite, DashboardRead, DashboardWrite,
	}
}

func fromString(s string) (Role, error) {
	for _, role := range List() {
		if role.String() == s {
			return role, nil
		}
	}

	return "", errors.New("unknown role")
}

func Strings(roles []Role) []string {
	var s []string
	for _, role := range roles {
		s = append(s, role.String())
	}

	return s
}

func FromStrings(s []string) []Role {
	var roles []Role
	for _, e := range s {
		role, err := fromString(e)
		if err != nil {
			continue
		}
		roles = append(roles, role)
	}

	return roles
}