feat: add support for source_filtering

bietkul · bietkul · commit dab7b875946d · 2019-11-23T23:29:57.000+05:30
diff --git a/model/permission/permission.go b/model/permission/permission.go
@@ -46,6 +46,8 @@ type Permission struct {
 	TTL         time.Duration       `json:"ttl"`
 	Limits      *Limits             `json:"limits"`
 	Description string              `json:"description"`
+	Includes    []string            `json:"include_fields"`
+	Excludes    []string            `json:"exclude_fields"`
 }
 
 // Limits defines the rate limits for each category.
@@ -159,6 +161,22 @@ func SetSources(sources []string) Options {
 	}
 }
 
+// SetIncludes sets the includes fields
+func SetIncludes(includes []string) Options {
+	return func(p *Permission) error {
+		p.Includes = includes
+		return nil
+	}
+}
+
+// SetExcludes sets the excludes fields
+func SetExcludes(excludes []string) Options {
+	return func(p *Permission) error {
+		p.Excludes = excludes
+		return nil
+	}
+}
+
 func validateSources(sources []string) error {
 	for _, source := range sources {
 		_, _, err := net.ParseCIDR(source)
@@ -557,6 +575,12 @@ func (p *Permission) GetPatch(rolePatched bool) (map[string]interface{}, error)
 	if p.Description != "" {
 		patch["description"] = p.Description
 	}
+	if p.Includes != nil {
+		patch["include_fields"] = p.Includes
+	}
+	if p.Excludes != nil {
+		patch["exclude_fields"] = p.Excludes
+	}
 
 	return patch, nil
 }
diff --git a/plugins/elasticsearch/middleware.go b/plugins/elasticsearch/middleware.go
@@ -1,7 +1,10 @@
 package elasticsearch
 
 import (
+	"bytes"
+	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
 
@@ -13,6 +16,7 @@ import (
 	"github.com/appbaseio/arc/model/acl"
 	"github.com/appbaseio/arc/model/category"
 	"github.com/appbaseio/arc/model/op"
+	"github.com/appbaseio/arc/model/permission"
 	"github.com/appbaseio/arc/plugins/auth"
 	"github.com/appbaseio/arc/plugins/logs"
 	"github.com/appbaseio/arc/util"
@@ -127,6 +131,39 @@ func transformRequest(h http.HandlerFunc) http.HandlerFunc {
 		// transform POST request(search) to GET
 		if *reqACL == category.Search {
 			req.Method = http.MethodGet
+			// Apply source filters
+			reqPermission, err := permission.FromContext(ctx)
+			if err != nil {
+				log.Printf("%s: %v\n", logTag, err)
+				util.WriteBackError(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			sources := make(map[string]interface{})
+			var Includes, Excludes []string
+			Includes = reqPermission.Includes
+			Excludes = reqPermission.Excludes
+			if len(Includes) > 0 {
+				sources["includes"] = Includes
+			}
+			if len(Excludes) > 0 {
+				sources["excludes"] = Excludes
+			}
+			body, err := ioutil.ReadAll(req.Body)
+			if err != nil {
+				log.Printf("%s: %v\n", logTag, err)
+				util.WriteBackError(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			d := json.NewDecoder(ioutil.NopCloser(bytes.NewReader(body)))
+			reqBody := make(map[string]interface{})
+			d.Decode(&reqBody)
+			_, isExcludesPresent := sources["excludes"]
+			isDefaultInclude := len(Includes) > 0 && Includes[0] == "*"
+			if !isDefaultInclude || isExcludesPresent {
+				reqBody["_source"] = sources
+			}
+			modifiedBody, _ := json.Marshal(reqBody)
+			req.Body = ioutil.NopCloser(bytes.NewReader(modifiedBody))
 		}
 		h(w, req)
 	}
diff --git a/plugins/permissions/handlers.go b/plugins/permissions/handlers.go
@@ -78,6 +78,12 @@ func (p *permissions) postPermission(opts ...permission.Options) http.HandlerFun
 		if permissionBody.Referers != nil {
 			opts = append(opts, permission.SetReferers(permissionBody.Referers))
 		}
+		if permissionBody.Includes != nil {
+			opts = append(opts, permission.SetIncludes(permissionBody.Includes))
+		}
+		if permissionBody.Excludes != nil {
+			opts = append(opts, permission.SetExcludes(permissionBody.Excludes))
+		}
 		if permissionBody.Indices != nil {
 			opts = append(opts, permission.SetIndices(permissionBody.Indices))
 		}
@@ -270,7 +276,7 @@ func (p *permissions) getUserPermissions() http.HandlerFunc {
 }
 
 func (p *permissions) role() http.HandlerFunc {
-	return func (w http.ResponseWriter, req *http.Request) {
+	return func(w http.ResponseWriter, req *http.Request) {
 		vars := mux.Vars(req)
 		role := vars["name"]
 
@@ -290,7 +296,7 @@ func (p *permissions) role() http.HandlerFunc {
 				msg := fmt.Sprintf(`an error occurred while fetching permissions for role=%s`, role)
 				log.Printf("%s: %s: %v\n", logTag, msg, err)
 				util.WriteBackError(w, msg, http.StatusInternalServerError)
-				return			
+				return
 			}
 		}
 
@@ -301,10 +307,10 @@ func (p *permissions) role() http.HandlerFunc {
 			p.postPermission(permission.SetRole(role))(w, req)
 			return
 		case http.MethodPatch:
-			http.Redirect(w, req, "/_permission/" + perm.Username, 308)
+			http.Redirect(w, req, "/_permission/"+perm.Username, 308)
 			return
 		case http.MethodDelete:
-			http.Redirect(w, req, "/_permission/" + perm.Username, 308)
+			http.Redirect(w, req, "/_permission/"+perm.Username, 308)
 			return
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,12 @@ func (p *permissions) postPermission(opts ...permission.Options) http.HandlerFun`
`78`	`78`	`if permissionBody.Referers != nil {`
`79`	`79`	`opts = append(opts, permission.SetReferers(permissionBody.Referers))`
`80`	`80`	`}`
	`81`	`+ if permissionBody.Includes != nil {`
	`82`	`+ opts = append(opts, permission.SetIncludes(permissionBody.Includes))`
	`83`	`+ }`
	`84`	`+ if permissionBody.Excludes != nil {`
	`85`	`+ opts = append(opts, permission.SetExcludes(permissionBody.Excludes))`
	`86`	`+ }`
`81`	`87`	`if permissionBody.Indices != nil {`
`82`	`88`	`opts = append(opts, permission.SetIndices(permissionBody.Indices))`
`83`	`89`	`}`
`@@ -270,7 +276,7 @@ func (p *permissions) getUserPermissions() http.HandlerFunc {`
`270`	`276`	`}`
`271`	`277`
`272`	`278`	`func (p *permissions) role() http.HandlerFunc {`
`273`		`- return func (w http.ResponseWriter, req *http.Request) {`
	`279`	`+ return func(w http.ResponseWriter, req *http.Request) {`
`274`	`280`	`vars := mux.Vars(req)`
`275`	`281`	`role := vars["name"]`
`276`	`282`
`@@ -290,7 +296,7 @@ func (p *permissions) role() http.HandlerFunc {`
`290`	`296`	msg := fmt.Sprintf(`an error occurred while fetching permissions for role=%s`, role)
`291`	`297`	`log.Printf("%s: %s: %v\n", logTag, msg, err)`
`292`	`298`	`util.WriteBackError(w, msg, http.StatusInternalServerError)`
`293`		`- return`
	`299`	`+ return`
`294`	`300`	`}`
`295`	`301`	`}`
`296`	`302`
`@@ -301,10 +307,10 @@ func (p *permissions) role() http.HandlerFunc {`
`301`	`307`	`p.postPermission(permission.SetRole(role))(w, req)`
`302`	`308`	`return`
`303`	`309`	`case http.MethodPatch:`
`304`		`- http.Redirect(w, req, "/_permission/" + perm.Username, 308)`
	`310`	`+ http.Redirect(w, req, "/_permission/"+perm.Username, 308)`
`305`	`311`	`return`
`306`	`312`	`case http.MethodDelete:`
`307`		`- http.Redirect(w, req, "/_permission/" + perm.Username, 308)`
	`313`	`+ http.Redirect(w, req, "/_permission/"+perm.Username, 308)`
`308`	`314`	`return`
`309`	`315`	`}`
`310`	`316`	`}`