Mercurial > gemma
changeset 1341:a0892b578553
Added comments how to use the impersonating database connections from the session middleware.
author | Sascha L. Teichmann <sascha.teichmann@intevation.de> |
---|---|
date | Mon, 26 Nov 2018 10:45:51 +0100 |
parents | 97430d442909 |
children | 20b9c3f261db |
files | pkg/auth/opendb.go |
diffstat | 1 files changed, 15 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/pkg/auth/opendb.go Mon Nov 26 10:32:37 2018 +0100 +++ b/pkg/auth/opendb.go Mon Nov 26 10:45:51 2018 +0100 @@ -27,10 +27,14 @@ ) var ( + // ErrNoMetamorphUser is returned if no metamorphic user is configured. ErrNoMetamorphUser = errors.New("No metamorphic user configured") - ErrNotLoggedIn = errors.New("Not logged in") + // ErrNotLoggedIn is returned if there is the user is not logged in. + ErrNotLoggedIn = errors.New("Not logged in") ) +// OpenDB opens up a database connection with a given username and password. +// The other credentials are taken from the configuration. func OpenDB(user, password string) (*sql.DB, error) { // To ease SSL config ride a bit on parsing. @@ -74,7 +78,7 @@ return db, nil } -func MetamorphConn(ctx context.Context, user string) (*sql.Conn, error) { +func metamorphConn(ctx context.Context, user string) (*sql.Conn, error) { db, err := mm.open() if err != nil { return nil, err @@ -102,6 +106,8 @@ WHERE oid IN (SELECT oid FROM cte) AND rolname <> current_user AND EXISTS (SELECT 1 FROM users.list_users WHERE username = current_user)` +// AllOtherRoles loggs in as user with password and returns a list +// of all roles the logged in user has in the system. func AllOtherRoles(user, password string) (Roles, error) { db, err := OpenDB(user, password) if err != nil { @@ -126,8 +132,12 @@ return roles, rows.Err() } +// RunAs runs a given function fn with a database connection impersonated +// as the given role. +// To make this work a metamorphic user has to be configured in +// the system configuration. func RunAs(ctx context.Context, role string, fn func(*sql.Conn) error) error { - conn, err := MetamorphConn(ctx, role) + conn, err := metamorphConn(ctx, role) if err != nil { return err } @@ -135,6 +145,8 @@ return fn(conn) } +// RunAsSessionUser is a convinience wrapper araound which extracts +// the logged in user from a session and calls RunAs with it. func RunAsSessionUser(req *http.Request, fn func(*sql.Conn) error) error { token, ok := GetToken(req) if !ok {