ControlProxy/access-control-template/actemplate/IODAC.yjs

//访问控制规则：
//针对如果是DOIP请求的调用
//仅包括Repo.doipRetrive
//Registry的publish/subscribe不做访问控制
//如果是HTTP请求的调用
//管理员具有所有权限
//一些”写入接口“添加权限检查
module DOAuth {
    function initDOAuth(req, createParam, doipFunctions) {
        Global.owner = req;
        Global.doipFunctions = doipFunctions;
        Global.accessInfo = RocksDBUtil.loadDB("accessControl", "false");
    }
    function isOwner(req) {
        return req == Global.owner;
    }
    function doipAccessCheck(argPack) {
        print("in doipAcceccCheck, requester:" + argPack.requester);
        var stored = Global.accessInfo.get(argPack.arg.header.identifier);
        return stored == argPack.requester;
    }
    function checkByManager(action) {
        return Global.doipFunctions.indexOf(action) == - 1;
    }

    @Description("针对某一DO，添加用户的访问权限")
    @ArgSchema({
        "doId" : "string", "publicKey" : "string"
    })
    export function addAuthedUser(arg) {
    //把requester和 arg.doId放到accessInfo里即可。
        Global.accessInfo.put(arg.doId, arg.publicKey);
        return {
            "code" : 0
        };
    }

    function acceptJudgementInternal(argPack) {
        if (checkByManager(argPack.action)){
            return isOwner(argPack.requester);
        } else {
            return doipAccessCheck(argPack);
        }
    }
    function acceptJudgement(argPack) {
        if (! acceptJudgementInternal(argPack)){
            print("acceptJudgement, requester:" + argPack.requester + "false!!");
            YancloudUtil.exceptionReturn({
                "code" : 401, "msg" : "no permission: " + argPack.action
            });
        } else print("acceptJudgement, requester:" + argPack.requester + "true!!");
    }

    @Description("针对某一DO，删除用户的访问权限")
    @ArgSchema({
        "doId" : "string", "publicKey" : "string"
    })
    export function deleteAuthedUser(arg) {
        return {
            "code" : 0
        };
    }

    @Description("针对某一DO，添加节点的访问权限，所有调用进带该节点授权的用户均可访问")
    @ArgSchema({
        "doId" : "string", "publicKey" : "string"
    })
    export function addAuthedNode(arg) {
        return {
            "code" : 0
        };
    }


    @Description("针对某一DO，删除节点的访问权限")
    @ArgSchema({
        "doId" : "string", "publicKey" : "string"
    })
    export function deleteAuthedNode(arg) {
        return {
            "code" : 0
        };
    }
}