355 lines
11 KiB
Go
355 lines
11 KiB
Go
// Code generated by entc, DO NOT EDIT.
|
|
|
|
package privacy
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/crowdsecurity/crowdsec/pkg/database/ent"
|
|
)
|
|
|
|
var (
|
|
// Allow may be returned by rules to indicate that the policy
|
|
// evaluation should terminate with an allow decision.
|
|
Allow = errors.New("ent/privacy: allow rule")
|
|
|
|
// Deny may be returned by rules to indicate that the policy
|
|
// evaluation should terminate with an deny decision.
|
|
Deny = errors.New("ent/privacy: deny rule")
|
|
|
|
// Skip may be returned by rules to indicate that the policy
|
|
// evaluation should continue to the next rule.
|
|
Skip = errors.New("ent/privacy: skip rule")
|
|
)
|
|
|
|
// Allowf returns an formatted wrapped Allow decision.
|
|
func Allowf(format string, a ...interface{}) error {
|
|
return fmt.Errorf(format+": %w", append(a, Allow)...)
|
|
}
|
|
|
|
// Denyf returns an formatted wrapped Deny decision.
|
|
func Denyf(format string, a ...interface{}) error {
|
|
return fmt.Errorf(format+": %w", append(a, Deny)...)
|
|
}
|
|
|
|
// Skipf returns an formatted wrapped Skip decision.
|
|
func Skipf(format string, a ...interface{}) error {
|
|
return fmt.Errorf(format+": %w", append(a, Skip)...)
|
|
}
|
|
|
|
type decisionCtxKey struct{}
|
|
|
|
// DecisionContext creates a decision context.
|
|
func DecisionContext(parent context.Context, decision error) context.Context {
|
|
if decision == nil || errors.Is(decision, Skip) {
|
|
return parent
|
|
}
|
|
return context.WithValue(parent, decisionCtxKey{}, decision)
|
|
}
|
|
|
|
func decisionFromContext(ctx context.Context) (error, bool) {
|
|
decision, ok := ctx.Value(decisionCtxKey{}).(error)
|
|
if ok && errors.Is(decision, Allow) {
|
|
decision = nil
|
|
}
|
|
return decision, ok
|
|
}
|
|
|
|
type (
|
|
// QueryPolicy combines multiple query rules into a single policy.
|
|
QueryPolicy []QueryRule
|
|
|
|
// QueryRule defines the interface deciding whether a
|
|
// query is allowed and optionally modify it.
|
|
QueryRule interface {
|
|
EvalQuery(context.Context, ent.Query) error
|
|
}
|
|
)
|
|
|
|
// EvalQuery evaluates a query against a query policy.
|
|
func (policy QueryPolicy) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if decision, ok := decisionFromContext(ctx); ok {
|
|
return decision
|
|
}
|
|
for _, rule := range policy {
|
|
switch decision := rule.EvalQuery(ctx, q); {
|
|
case decision == nil || errors.Is(decision, Skip):
|
|
case errors.Is(decision, Allow):
|
|
return nil
|
|
default:
|
|
return decision
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// QueryRuleFunc type is an adapter to allow the use of
|
|
// ordinary functions as query rules.
|
|
type QueryRuleFunc func(context.Context, ent.Query) error
|
|
|
|
// Eval returns f(ctx, q).
|
|
func (f QueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
return f(ctx, q)
|
|
}
|
|
|
|
type (
|
|
// MutationPolicy combines multiple mutation rules into a single policy.
|
|
MutationPolicy []MutationRule
|
|
|
|
// MutationRule defines the interface deciding whether a
|
|
// mutation is allowed and optionally modify it.
|
|
MutationRule interface {
|
|
EvalMutation(context.Context, ent.Mutation) error
|
|
}
|
|
)
|
|
|
|
// EvalMutation evaluates a mutation against a mutation policy.
|
|
func (policy MutationPolicy) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if decision, ok := decisionFromContext(ctx); ok {
|
|
return decision
|
|
}
|
|
for _, rule := range policy {
|
|
switch decision := rule.EvalMutation(ctx, m); {
|
|
case decision == nil || errors.Is(decision, Skip):
|
|
case errors.Is(decision, Allow):
|
|
return nil
|
|
default:
|
|
return decision
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// MutationRuleFunc type is an adapter to allow the use of
|
|
// ordinary functions as mutation rules.
|
|
type MutationRuleFunc func(context.Context, ent.Mutation) error
|
|
|
|
// EvalMutation returns f(ctx, m).
|
|
func (f MutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
return f(ctx, m)
|
|
}
|
|
|
|
// Policy groups query and mutation policies.
|
|
type Policy struct {
|
|
Query QueryPolicy
|
|
Mutation MutationPolicy
|
|
}
|
|
|
|
// EvalQuery forwards evaluation to query policy.
|
|
func (policy Policy) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
return policy.Query.EvalQuery(ctx, q)
|
|
}
|
|
|
|
// EvalMutation forwards evaluation to mutation policy.
|
|
func (policy Policy) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
return policy.Mutation.EvalMutation(ctx, m)
|
|
}
|
|
|
|
// QueryMutationRule is the interface that groups query and mutation rules.
|
|
type QueryMutationRule interface {
|
|
QueryRule
|
|
MutationRule
|
|
}
|
|
|
|
// AlwaysAllowRule returns a rule that returns an allow decision.
|
|
func AlwaysAllowRule() QueryMutationRule {
|
|
return fixedDecision{Allow}
|
|
}
|
|
|
|
// AlwaysDenyRule returns a rule that returns a deny decision.
|
|
func AlwaysDenyRule() QueryMutationRule {
|
|
return fixedDecision{Deny}
|
|
}
|
|
|
|
type fixedDecision struct {
|
|
decision error
|
|
}
|
|
|
|
func (f fixedDecision) EvalQuery(context.Context, ent.Query) error {
|
|
return f.decision
|
|
}
|
|
|
|
func (f fixedDecision) EvalMutation(context.Context, ent.Mutation) error {
|
|
return f.decision
|
|
}
|
|
|
|
type contextDecision struct {
|
|
eval func(context.Context) error
|
|
}
|
|
|
|
// ContextQueryMutationRule creates a query/mutation rule from a context eval func.
|
|
func ContextQueryMutationRule(eval func(context.Context) error) QueryMutationRule {
|
|
return contextDecision{eval}
|
|
}
|
|
|
|
func (c contextDecision) EvalQuery(ctx context.Context, _ ent.Query) error {
|
|
return c.eval(ctx)
|
|
}
|
|
|
|
func (c contextDecision) EvalMutation(ctx context.Context, _ ent.Mutation) error {
|
|
return c.eval(ctx)
|
|
}
|
|
|
|
// OnMutationOperation evaluates the given rule only on a given mutation operation.
|
|
func OnMutationOperation(rule MutationRule, op ent.Op) MutationRule {
|
|
return MutationRuleFunc(func(ctx context.Context, m ent.Mutation) error {
|
|
if m.Op().Is(op) {
|
|
return rule.EvalMutation(ctx, m)
|
|
}
|
|
return Skip
|
|
})
|
|
}
|
|
|
|
// DenyMutationOperationRule returns a rule denying specified mutation operation.
|
|
func DenyMutationOperationRule(op ent.Op) MutationRule {
|
|
rule := MutationRuleFunc(func(_ context.Context, m ent.Mutation) error {
|
|
return Denyf("ent/privacy: operation %s is not allowed", m.Op())
|
|
})
|
|
return OnMutationOperation(rule, op)
|
|
}
|
|
|
|
// The AlertQueryRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type AlertQueryRuleFunc func(context.Context, *ent.AlertQuery) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f AlertQueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if q, ok := q.(*ent.AlertQuery); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("ent/privacy: unexpected query type %T, expect *ent.AlertQuery", q)
|
|
}
|
|
|
|
// The AlertMutationRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type AlertMutationRuleFunc func(context.Context, *ent.AlertMutation) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f AlertMutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if m, ok := m.(*ent.AlertMutation); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("ent/privacy: unexpected mutation type %T, expect *ent.AlertMutation", m)
|
|
}
|
|
|
|
// The BouncerQueryRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type BouncerQueryRuleFunc func(context.Context, *ent.BouncerQuery) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f BouncerQueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if q, ok := q.(*ent.BouncerQuery); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("ent/privacy: unexpected query type %T, expect *ent.BouncerQuery", q)
|
|
}
|
|
|
|
// The BouncerMutationRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type BouncerMutationRuleFunc func(context.Context, *ent.BouncerMutation) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f BouncerMutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if m, ok := m.(*ent.BouncerMutation); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("ent/privacy: unexpected mutation type %T, expect *ent.BouncerMutation", m)
|
|
}
|
|
|
|
// The DecisionQueryRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type DecisionQueryRuleFunc func(context.Context, *ent.DecisionQuery) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f DecisionQueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if q, ok := q.(*ent.DecisionQuery); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("ent/privacy: unexpected query type %T, expect *ent.DecisionQuery", q)
|
|
}
|
|
|
|
// The DecisionMutationRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type DecisionMutationRuleFunc func(context.Context, *ent.DecisionMutation) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f DecisionMutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if m, ok := m.(*ent.DecisionMutation); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("ent/privacy: unexpected mutation type %T, expect *ent.DecisionMutation", m)
|
|
}
|
|
|
|
// The EventQueryRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type EventQueryRuleFunc func(context.Context, *ent.EventQuery) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f EventQueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if q, ok := q.(*ent.EventQuery); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("ent/privacy: unexpected query type %T, expect *ent.EventQuery", q)
|
|
}
|
|
|
|
// The EventMutationRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type EventMutationRuleFunc func(context.Context, *ent.EventMutation) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f EventMutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if m, ok := m.(*ent.EventMutation); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("ent/privacy: unexpected mutation type %T, expect *ent.EventMutation", m)
|
|
}
|
|
|
|
// The MachineQueryRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type MachineQueryRuleFunc func(context.Context, *ent.MachineQuery) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f MachineQueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if q, ok := q.(*ent.MachineQuery); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("ent/privacy: unexpected query type %T, expect *ent.MachineQuery", q)
|
|
}
|
|
|
|
// The MachineMutationRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type MachineMutationRuleFunc func(context.Context, *ent.MachineMutation) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f MachineMutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if m, ok := m.(*ent.MachineMutation); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("ent/privacy: unexpected mutation type %T, expect *ent.MachineMutation", m)
|
|
}
|
|
|
|
// The MetaQueryRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a query rule.
|
|
type MetaQueryRuleFunc func(context.Context, *ent.MetaQuery) error
|
|
|
|
// EvalQuery return f(ctx, q).
|
|
func (f MetaQueryRuleFunc) EvalQuery(ctx context.Context, q ent.Query) error {
|
|
if q, ok := q.(*ent.MetaQuery); ok {
|
|
return f(ctx, q)
|
|
}
|
|
return Denyf("ent/privacy: unexpected query type %T, expect *ent.MetaQuery", q)
|
|
}
|
|
|
|
// The MetaMutationRuleFunc type is an adapter to allow the use of ordinary
|
|
// functions as a mutation rule.
|
|
type MetaMutationRuleFunc func(context.Context, *ent.MetaMutation) error
|
|
|
|
// EvalMutation calls f(ctx, m).
|
|
func (f MetaMutationRuleFunc) EvalMutation(ctx context.Context, m ent.Mutation) error {
|
|
if m, ok := m.(*ent.MetaMutation); ok {
|
|
return f(ctx, m)
|
|
}
|
|
return Denyf("ent/privacy: unexpected mutation type %T, expect *ent.MetaMutation", m)
|
|
}
|