porter/api/server/authz/project.go

package authz

import (
	"context"
	"net/http"

	"github.com/porter-dev/porter/api/server/shared"
	"github.com/porter-dev/porter/api/server/shared/apierrors"
	"github.com/porter-dev/porter/api/types"
	"github.com/porter-dev/porter/internal/repository"
)

type ProjectScopedFactory struct {
	projectRepo repository.ProjectRepository
	config      *shared.Config
}

func NewProjectScopedFactory(
	projectRepo repository.ProjectRepository,
	config *shared.Config,
) *ProjectScopedFactory {
	return &ProjectScopedFactory{projectRepo, config}
}

func (f *ProjectScopedFactory) NewProjectScoped(next http.Handler) http.Handler {
	return &ProjectScoped{next, f.projectRepo, f.config}
}

type ProjectScoped struct {
	next        http.Handler
	projectRepo repository.ProjectRepository
	config      *shared.Config
}

func (scope *ProjectScoped) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	// read the project id from the request
	_, reqErr := GetURLParamUint(r, "project_id")

	if reqErr != nil {
		apierrors.HandleAPIError(w, scope.config.Logger, reqErr)
		return
	}

	// find a set of roles for this user and compute a policy document

	// determine if policy document allows for project scope

	project := types.Project{}

	// create a new project-scoped context and serve
	r = r.WithContext(NewProjectContext(r.Context(), project))
	scope.next.ServeHTTP(w, r)
}

func NewProjectContext(ctx context.Context, project types.Project) context.Context {
	return context.WithValue(ctx, types.ProjectScope, project)
}