added logging
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
||||
"authorization/models"
|
||||
"authorization/repository"
|
||||
"fmt"
|
||||
"log"
|
||||
"time"
|
||||
)
|
||||
|
||||
@@ -12,32 +13,41 @@ func Authorize(ctx *models.AuthorizationContext) (*models.AuthorizationResult, e
|
||||
startTime := time.Now()
|
||||
|
||||
// Step 1: Find the permission for the requested resource and action
|
||||
log.Printf("[AuthZ Step 1] Fetching permission for resource=%s, action=%s", ctx.Resource, ctx.Action)
|
||||
permission, err := repository.GetPermissionByResourceAndAction(ctx.Resource, ctx.Action)
|
||||
if err != nil {
|
||||
log.Printf("✗ Permission not found for resource=%s, action=%s: %v", ctx.Resource, ctx.Action, err)
|
||||
return &models.AuthorizationResult{
|
||||
Allowed: false,
|
||||
Message: fmt.Sprintf("Permission not found: %v", err),
|
||||
}, nil
|
||||
}
|
||||
log.Printf("[AuthZ Step 1] Permission found: ID=%d, Name=%s", permission.ID, permission.PermissionName)
|
||||
|
||||
// Step 2: Get user attributes
|
||||
log.Printf("[AuthZ Step 2] Fetching user attributes for userID=%s", ctx.UserID)
|
||||
userAttrs, err := repository.GetUserAttributes(ctx.UserID)
|
||||
if err != nil {
|
||||
log.Printf("✗ Failed to get user attributes for userID=%s: %v", ctx.UserID, err)
|
||||
return &models.AuthorizationResult{
|
||||
Allowed: false,
|
||||
Message: fmt.Sprintf("Failed to get user attributes: %v", err),
|
||||
}, err
|
||||
}
|
||||
ctx.UserAttributes = userAttrs
|
||||
log.Printf("[AuthZ Step 2] User attributes retrieved: %d attributes", len(userAttrs))
|
||||
|
||||
// Step 3: Get policy attributes for the permission
|
||||
log.Printf("[AuthZ Step 3] Fetching policy attributes for permissionID=%d", permission.ID)
|
||||
policies, err := repository.GetPolicyAttributesByPermission(permission.ID)
|
||||
if err != nil {
|
||||
log.Printf("✗ Failed to get policies for permissionID=%d: %v", permission.ID, err)
|
||||
return &models.AuthorizationResult{
|
||||
Allowed: false,
|
||||
Message: fmt.Sprintf("Failed to get policies: %v", err),
|
||||
}, err
|
||||
}
|
||||
log.Printf("[AuthZ Step 3] Policies retrieved: %d policies to evaluate", len(policies))
|
||||
|
||||
// Step 4: Evaluate ABAC policies
|
||||
allowed, reason := EvaluatePolicies(policies, ctx)
|
||||
@@ -47,8 +57,13 @@ func Authorize(ctx *models.AuthorizationContext) (*models.AuthorizationResult, e
|
||||
}
|
||||
|
||||
if allowed {
|
||||
result.RedirectRoute = "dashboard"
|
||||
result.Message = "Access granted"
|
||||
log.Printf("✓ Authorization GRANTED for user=%s, resource=%s, action=%s (evaluated in %v)",
|
||||
ctx.UserID, ctx.Resource, ctx.Action, time.Since(startTime))
|
||||
} else {
|
||||
log.Printf("✗ Authorization DENIED for user=%s, resource=%s, action=%s - Reason: %s (evaluated in %v)",
|
||||
ctx.UserID, ctx.Resource, ctx.Action, reason, time.Since(startTime))
|
||||
result.Message = reason
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user