auth
auth/context.go
Start to support deleting profiles through the API. Create a removeLoginsByProfile method on the profileStore, to allow an easy way to bulk-delete logins associated with a Profile after the Profile has been deleted. Create postgres and memstore implementations of the removeLoginsByProfile method. Create a cleanUpAfterProfileDeletion helper method that will clean up the child objects of a Profile (its Sessions, Tokens, Clients, etc.). The intended usage is to call this in a goroutine after a Profile has been deleted, to try and get things back in order. Detect when the UpdateProfileHandler API is used to set the Deleted flag of a Profile to true, and clean up after the Profile when that's the case. Add a DeleteProfileHandler API endpoint that is a shortcut to setting the Deleted flag of a Profile to true and cleaning up after the Profile. The problem with our approach thus far is that some of it is reversible and some is not. If a Profile is maliciously/accidentally deleted, it's simple enough to use the API as a superuser to restore the Profile. But doing that will not (and cannot) restore the Logins associated with that Profile, for example. While it would be nice to add a Deleted flag to our Logins that we could simply toggle, that would wreak havoc with our database constraints and ensuring uniqueness of Login values. I still don't have a solution for this, outside the superuser manually restoring a Login for the Profile, after which the user can authenticate themselves and add more Logins as desired. But there has to be a better way. I suppose since the passphrase is being stored with the Profile and not the Login, we could offer an endpoint that would automate this, but... well, that would be tricky. It would require the user remembering their Profile ID, and let's be honest, nobody's going to remember a UUID. Maybe such an endpoint would help from a customer service standpoint: we identify their Profile manually, then send them to /profiles/ID/restorelogin or something, and that lets them add a Login back to the Profile. I'll figure it out later. For now, we know we at least have enough information to identify a user is who they say they are and resolve the situation manually.
| paddy@50 | 1 package auth |
| paddy@50 | 2 |
| paddy@50 | 3 import ( |
| paddy@50 | 4 "html/template" |
| paddy@50 | 5 "io" |
| paddy@55 | 6 "log" |
| paddy@77 | 7 "net/url" |
| paddy@50 | 8 "time" |
| paddy@50 | 9 |
| paddy@107 | 10 "code.secondbit.org/uuid.hg" |
| paddy@50 | 11 ) |
| paddy@50 | 12 |
| paddy@57 | 13 // Context wraps the different storage interfaces and should |
| paddy@57 | 14 // be used as the main point of interaction for the data storage |
| paddy@57 | 15 // layer. |
| paddy@50 | 16 type Context struct { |
| paddy@87 | 17 template *template.Template |
| paddy@87 | 18 loginURI *url.URL |
| paddy@87 | 19 clients clientStore |
| paddy@87 | 20 authCodes authorizationCodeStore |
| paddy@87 | 21 profiles profileStore |
| paddy@87 | 22 tokens tokenStore |
| paddy@87 | 23 sessions sessionStore |
| paddy@134 | 24 scopes scopeStore |
| paddy@96 | 25 config Config |
| paddy@96 | 26 } |
| paddy@96 | 27 |
| paddy@96 | 28 // NewContext takes a Config instance and uses it to bootstrap a Context |
| paddy@96 | 29 // using the information provided in the Config variable. |
| paddy@96 | 30 func NewContext(config Config) (Context, error) { |
| paddy@102 | 31 if config.iterations == 0 { |
| paddy@102 | 32 return Context{}, ErrConfigNotInitialized |
| paddy@102 | 33 } |
| paddy@96 | 34 context := Context{ |
| paddy@96 | 35 clients: config.ClientStore, |
| paddy@96 | 36 authCodes: config.AuthCodeStore, |
| paddy@96 | 37 profiles: config.ProfileStore, |
| paddy@96 | 38 tokens: config.TokenStore, |
| paddy@96 | 39 sessions: config.SessionStore, |
| paddy@134 | 40 scopes: config.ScopeStore, |
| paddy@96 | 41 template: config.Template, |
| paddy@96 | 42 config: config, |
| paddy@96 | 43 } |
| paddy@96 | 44 var err error |
| paddy@96 | 45 context.loginURI, err = url.Parse(config.LoginURI) |
| paddy@96 | 46 if err != nil { |
| paddy@96 | 47 log.Println(err) |
| paddy@96 | 48 return Context{}, ErrInvalidLoginURI |
| paddy@96 | 49 } |
| paddy@96 | 50 return context, nil |
| paddy@50 | 51 } |
| paddy@50 | 52 |
| paddy@57 | 53 // Render uses the HTML templates associated with the Context to render the |
| paddy@57 | 54 // template specified by name to out using data to fill any template variables. |
| paddy@55 | 55 func (c Context) Render(out io.Writer, name string, data interface{}) { |
| paddy@50 | 56 if c.template == nil { |
| paddy@57 | 57 log.Println("No template set on Context, can't render anything!") |
| paddy@57 | 58 return |
| paddy@50 | 59 } |
| paddy@55 | 60 err := c.template.ExecuteTemplate(out, name, data) |
| paddy@55 | 61 if err != nil { |
| paddy@55 | 62 log.Println("Error executing template", name, ":", err) |
| paddy@55 | 63 } |
| paddy@50 | 64 } |
| paddy@50 | 65 |
| paddy@57 | 66 // GetClient returns a single Client by its ID from the |
| paddy@57 | 67 // clientStore associated with the Context. |
| paddy@50 | 68 func (c Context) GetClient(id uuid.ID) (Client, error) { |
| paddy@50 | 69 if c.clients == nil { |
| paddy@50 | 70 return Client{}, ErrNoClientStore |
| paddy@50 | 71 } |
| paddy@57 | 72 return c.clients.getClient(id) |
| paddy@50 | 73 } |
| paddy@50 | 74 |
| paddy@57 | 75 // SaveClient stores the passed Client in the clientStore |
| paddy@57 | 76 // associated with the Context. |
| paddy@50 | 77 func (c Context) SaveClient(client Client) error { |
| paddy@50 | 78 if c.clients == nil { |
| paddy@50 | 79 return ErrNoClientStore |
| paddy@50 | 80 } |
| paddy@57 | 81 return c.clients.saveClient(client) |
| paddy@50 | 82 } |
| paddy@50 | 83 |
| paddy@57 | 84 // UpdateClient applies the specified ClientChange to the Client |
| paddy@57 | 85 // with the specified ID in the clientStore associated with the |
| paddy@57 | 86 // Context. |
| paddy@50 | 87 func (c Context) UpdateClient(id uuid.ID, change ClientChange) error { |
| paddy@50 | 88 if c.clients == nil { |
| paddy@50 | 89 return ErrNoClientStore |
| paddy@50 | 90 } |
| paddy@57 | 91 return c.clients.updateClient(id, change) |
| paddy@50 | 92 } |
| paddy@50 | 93 |
| paddy@57 | 94 // ListClientsByOwner returns a slice of up to num Clients, starting at offset (inclusive) |
| paddy@57 | 95 // that have the specified OwnerID in the clientStore associated with the Context. |
| paddy@50 | 96 func (c Context) ListClientsByOwner(ownerID uuid.ID, num, offset int) ([]Client, error) { |
| paddy@50 | 97 if c.clients == nil { |
| paddy@50 | 98 return []Client{}, ErrNoClientStore |
| paddy@50 | 99 } |
| paddy@57 | 100 return c.clients.listClientsByOwner(ownerID, num, offset) |
| paddy@50 | 101 } |
| paddy@50 | 102 |
| paddy@151 | 103 // AddEndpoints stores the specified Endpoints in the clientStore associated with the Context. |
| paddy@151 | 104 func (c Context) AddEndpoints(endpoints []Endpoint) error { |
| paddy@50 | 105 if c.clients == nil { |
| paddy@50 | 106 return ErrNoClientStore |
| paddy@50 | 107 } |
| paddy@116 | 108 for pos, endpoint := range endpoints { |
| paddy@116 | 109 u, err := normalizeURIString(endpoint.URI) |
| paddy@116 | 110 if err != nil { |
| paddy@116 | 111 return err |
| paddy@116 | 112 } |
| paddy@116 | 113 endpoint.NormalizedURI = u |
| paddy@116 | 114 endpoints[pos] = endpoint |
| paddy@116 | 115 } |
| paddy@151 | 116 return c.clients.addEndpoints(endpoints) |
| paddy@50 | 117 } |
| paddy@50 | 118 |
| paddy@143 | 119 // GetEndpoint retrieves the Endpoint with the specified ID from the clientStore associated |
| paddy@143 | 120 // with the Context, if and only if it belongs to the Client with the specified ID. |
| paddy@143 | 121 func (c Context) GetEndpoint(client, endpoint uuid.ID) (Endpoint, error) { |
| paddy@143 | 122 if c.clients == nil { |
| paddy@143 | 123 return Endpoint{}, ErrNoClientStore |
| paddy@143 | 124 } |
| paddy@143 | 125 return c.clients.getEndpoint(client, endpoint) |
| paddy@143 | 126 } |
| paddy@143 | 127 |
| paddy@57 | 128 // RemoveEndpoint deletes the Endpoint with the specified ID from the clientStore associated |
| paddy@57 | 129 // with the Context, and disassociates the Endpoint from the specified Client. |
| paddy@50 | 130 func (c Context) RemoveEndpoint(client, endpoint uuid.ID) error { |
| paddy@50 | 131 if c.clients == nil { |
| paddy@50 | 132 return ErrNoClientStore |
| paddy@50 | 133 } |
| paddy@57 | 134 return c.clients.removeEndpoint(client, endpoint) |
| paddy@50 | 135 } |
| paddy@50 | 136 |
| paddy@57 | 137 // CheckEndpoint finds Endpoints in the clientStore associated with the Context that belong |
| paddy@58 | 138 // to the Client specified by the passed ID and match the URI passed. URI matches must be |
| paddy@58 | 139 // performed according to RFC 3986 Section 6. |
| paddy@58 | 140 func (c Context) CheckEndpoint(client uuid.ID, URI string) (bool, error) { |
| paddy@50 | 141 if c.clients == nil { |
| paddy@50 | 142 return false, ErrNoClientStore |
| paddy@50 | 143 } |
| paddy@116 | 144 u, err := normalizeURIString(URI) |
| paddy@116 | 145 if err != nil { |
| paddy@116 | 146 return false, err |
| paddy@116 | 147 } |
| paddy@116 | 148 return c.clients.checkEndpoint(client, u) |
| paddy@50 | 149 } |
| paddy@50 | 150 |
| paddy@57 | 151 // ListEndpoints finds Endpoints in the clientStore associated with the Context that belong |
| paddy@57 | 152 // to the Client specified by the passed ID. It returns up to num endpoints, starting at offset, |
| paddy@57 | 153 // exclusive. |
| paddy@50 | 154 func (c Context) ListEndpoints(client uuid.ID, num, offset int) ([]Endpoint, error) { |
| paddy@50 | 155 if c.clients == nil { |
| paddy@50 | 156 return []Endpoint{}, ErrNoClientStore |
| paddy@50 | 157 } |
| paddy@57 | 158 return c.clients.listEndpoints(client, num, offset) |
| paddy@50 | 159 } |
| paddy@50 | 160 |
| paddy@57 | 161 // CountEndpoints returns the number of Endpoints the are associated with the Client specified by the |
| paddy@57 | 162 // passed ID in the clientStore associated with the Context. |
| paddy@55 | 163 func (c Context) CountEndpoints(client uuid.ID) (int64, error) { |
| paddy@55 | 164 if c.clients == nil { |
| paddy@55 | 165 return 0, ErrNoClientStore |
| paddy@55 | 166 } |
| paddy@57 | 167 return c.clients.countEndpoints(client) |
| paddy@55 | 168 } |
| paddy@55 | 169 |
| paddy@87 | 170 // GetAuthorizationCode returns the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with the |
| paddy@57 | 171 // Context. |
| paddy@87 | 172 func (c Context) GetAuthorizationCode(code string) (AuthorizationCode, error) { |
| paddy@87 | 173 if c.authCodes == nil { |
| paddy@87 | 174 return AuthorizationCode{}, ErrNoAuthorizationCodeStore |
| paddy@50 | 175 } |
| paddy@87 | 176 return c.authCodes.getAuthorizationCode(code) |
| paddy@50 | 177 } |
| paddy@50 | 178 |
| paddy@87 | 179 // SaveAuthorizationCode stores the passed AuthorizationCode in the authorizationCodeStore associated with the Context. |
| paddy@87 | 180 func (c Context) SaveAuthorizationCode(authCode AuthorizationCode) error { |
| paddy@87 | 181 if c.authCodes == nil { |
| paddy@87 | 182 return ErrNoAuthorizationCodeStore |
| paddy@50 | 183 } |
| paddy@87 | 184 return c.authCodes.saveAuthorizationCode(authCode) |
| paddy@50 | 185 } |
| paddy@50 | 186 |
| paddy@87 | 187 // DeleteAuthorizationCode removes the AuthorizationCode specified by the provided code from the authorizationCodeStore associated with |
| paddy@57 | 188 // the Context. |
| paddy@87 | 189 func (c Context) DeleteAuthorizationCode(code string) error { |
| paddy@87 | 190 if c.authCodes == nil { |
| paddy@87 | 191 return ErrNoAuthorizationCodeStore |
| paddy@50 | 192 } |
| paddy@87 | 193 return c.authCodes.deleteAuthorizationCode(code) |
| paddy@50 | 194 } |
| paddy@50 | 195 |
| paddy@94 | 196 // UseAuthorizationCode marks the AuthorizationCode specified by the provided code as used in the authorizationCodeStore associated with |
| paddy@94 | 197 // the Context. Once an AuthorizationCode is marked as used, its Used property will be set to true when retrieved from the authorizationCodeStore. |
| paddy@94 | 198 func (c Context) UseAuthorizationCode(code string) error { |
| paddy@94 | 199 if c.authCodes == nil { |
| paddy@94 | 200 return ErrNoAuthorizationCodeStore |
| paddy@94 | 201 } |
| paddy@94 | 202 return c.authCodes.useAuthorizationCode(code) |
| paddy@94 | 203 } |
| paddy@94 | 204 |
| paddy@57 | 205 // GetProfileByID returns the Profile specified by the provided ID from the profileStore associated with |
| paddy@57 | 206 // the Context. |
| paddy@50 | 207 func (c Context) GetProfileByID(id uuid.ID) (Profile, error) { |
| paddy@50 | 208 if c.profiles == nil { |
| paddy@50 | 209 return Profile{}, ErrNoProfileStore |
| paddy@50 | 210 } |
| paddy@57 | 211 return c.profiles.getProfileByID(id) |
| paddy@50 | 212 } |
| paddy@50 | 213 |
| paddy@57 | 214 // GetProfileByLogin returns the Profile associated with the specified Login from the profileStore associated |
| paddy@57 | 215 // with the Context. |
| paddy@69 | 216 func (c Context) GetProfileByLogin(value string) (Profile, error) { |
| paddy@50 | 217 if c.profiles == nil { |
| paddy@50 | 218 return Profile{}, ErrNoProfileStore |
| paddy@50 | 219 } |
| paddy@69 | 220 return c.profiles.getProfileByLogin(value) |
| paddy@50 | 221 } |
| paddy@50 | 222 |
| paddy@57 | 223 // SaveProfile inserts the passed Profile into the profileStore associated with the Context. |
| paddy@50 | 224 func (c Context) SaveProfile(profile Profile) error { |
| paddy@50 | 225 if c.profiles == nil { |
| paddy@50 | 226 return ErrNoProfileStore |
| paddy@50 | 227 } |
| paddy@57 | 228 return c.profiles.saveProfile(profile) |
| paddy@50 | 229 } |
| paddy@50 | 230 |
| paddy@57 | 231 // UpdateProfile applies the supplied ProfileChange to the Profile that matches the specified ID |
| paddy@57 | 232 // in the profileStore associated with the Context. |
| paddy@50 | 233 func (c Context) UpdateProfile(id uuid.ID, change ProfileChange) error { |
| paddy@50 | 234 if c.profiles == nil { |
| paddy@50 | 235 return ErrNoProfileStore |
| paddy@50 | 236 } |
| paddy@57 | 237 return c.profiles.updateProfile(id, change) |
| paddy@50 | 238 } |
| paddy@50 | 239 |
| paddy@57 | 240 // UpdateProfiles applies the supplied BulkProfileChange to every Profile that matches one of the |
| paddy@57 | 241 // specified IDs in the profileStore associated with the Context. |
| paddy@50 | 242 func (c Context) UpdateProfiles(ids []uuid.ID, change BulkProfileChange) error { |
| paddy@50 | 243 if c.profiles == nil { |
| paddy@50 | 244 return ErrNoProfileStore |
| paddy@50 | 245 } |
| paddy@57 | 246 return c.profiles.updateProfiles(ids, change) |
| paddy@50 | 247 } |
| paddy@50 | 248 |
| paddy@57 | 249 // AddLogin stores the passed Login in the profileStore associated with the Context. It also associates |
| paddy@57 | 250 // the newly-created Login with the Orofile in login.ProfileID. |
| paddy@50 | 251 func (c Context) AddLogin(login Login) error { |
| paddy@50 | 252 if c.profiles == nil { |
| paddy@50 | 253 return ErrNoProfileStore |
| paddy@50 | 254 } |
| paddy@57 | 255 return c.profiles.addLogin(login) |
| paddy@50 | 256 } |
| paddy@50 | 257 |
| paddy@57 | 258 // RemoveLogin removes the specified Login from the profileStore associated with the Context, provided |
| paddy@57 | 259 // the Login has a ProfileID property that matches the profile ID passed in. It also disassociates the |
| paddy@57 | 260 // deleted Login from the Profile in login.ProfileID. |
| paddy@69 | 261 func (c Context) RemoveLogin(value string, profile uuid.ID) error { |
| paddy@50 | 262 if c.profiles == nil { |
| paddy@50 | 263 return ErrNoProfileStore |
| paddy@50 | 264 } |
| paddy@69 | 265 return c.profiles.removeLogin(value, profile) |
| paddy@50 | 266 } |
| paddy@50 | 267 |
| paddy@160 | 268 // RemoveLoginsByProfile removes all Logins connected to the specified Profile in the profileStore |
| paddy@160 | 269 // associated with the Context and disassociates them from the Profile. |
| paddy@160 | 270 func (c Context) RemoveLoginsByProfile(profile uuid.ID) error { |
| paddy@160 | 271 if c.profiles == nil { |
| paddy@160 | 272 return ErrNoProfileStore |
| paddy@160 | 273 } |
| paddy@160 | 274 return c.profiles.removeLoginsByProfile(profile) |
| paddy@160 | 275 } |
| paddy@160 | 276 |
| paddy@57 | 277 // RecordLoginUse sets the LastUsed property of the Login specified in the profileStore associated with |
| paddy@57 | 278 // the Context to the value passed in as when. |
| paddy@69 | 279 func (c Context) RecordLoginUse(value string, when time.Time) error { |
| paddy@50 | 280 if c.profiles == nil { |
| paddy@50 | 281 return ErrNoProfileStore |
| paddy@50 | 282 } |
| paddy@69 | 283 return c.profiles.recordLoginUse(value, when) |
| paddy@50 | 284 } |
| paddy@50 | 285 |
| paddy@57 | 286 // ListLogins returns a slice of up to num Logins associated with the specified Profile from the profileStore |
| paddy@57 | 287 // associated with the Context, skipping offset Profiles. |
| paddy@50 | 288 func (c Context) ListLogins(profile uuid.ID, num, offset int) ([]Login, error) { |
| paddy@50 | 289 if c.profiles == nil { |
| paddy@50 | 290 return []Login{}, ErrNoProfileStore |
| paddy@50 | 291 } |
| paddy@57 | 292 return c.profiles.listLogins(profile, num, offset) |
| paddy@50 | 293 } |
| paddy@50 | 294 |
| paddy@57 | 295 // GetToken returns the Token specified from the tokenStore associated with the Context. |
| paddy@57 | 296 // If refresh is true, the token input should be compared against the refresh tokens, not the |
| paddy@57 | 297 // access tokens. |
| paddy@50 | 298 func (c Context) GetToken(token string, refresh bool) (Token, error) { |
| paddy@50 | 299 if c.tokens == nil { |
| paddy@50 | 300 return Token{}, ErrNoTokenStore |
| paddy@50 | 301 } |
| paddy@57 | 302 return c.tokens.getToken(token, refresh) |
| paddy@50 | 303 } |
| paddy@50 | 304 |
| paddy@57 | 305 // SaveToken stores the passed Token in the tokenStore associated with the Context. |
| paddy@50 | 306 func (c Context) SaveToken(token Token) error { |
| paddy@50 | 307 if c.tokens == nil { |
| paddy@50 | 308 return ErrNoTokenStore |
| paddy@50 | 309 } |
| paddy@57 | 310 return c.tokens.saveToken(token) |
| paddy@50 | 311 } |
| paddy@50 | 312 |
| paddy@93 | 313 // RevokeToken revokes the Token identfied by the passed token string from the tokenStore associated |
| paddy@93 | 314 // with the context. If refresh is true, the token input should be compared against the refresh tokens, |
| paddy@93 | 315 // not the access tokens. |
| paddy@93 | 316 func (c Context) RevokeToken(token string, refresh bool) error { |
| paddy@93 | 317 if c.tokens == nil { |
| paddy@93 | 318 return ErrNoTokenStore |
| paddy@93 | 319 } |
| paddy@93 | 320 return c.tokens.revokeToken(token, refresh) |
| paddy@93 | 321 } |
| paddy@93 | 322 |
| paddy@57 | 323 // GetTokensByProfileID returns a slice of up to num Tokens with a ProfileID that matches the specified |
| paddy@57 | 324 // profileID from the tokenStore associated with the Context, skipping offset Tokens. |
| paddy@50 | 325 func (c Context) GetTokensByProfileID(profileID uuid.ID, num, offset int) ([]Token, error) { |
| paddy@50 | 326 if c.tokens == nil { |
| paddy@50 | 327 return []Token{}, ErrNoTokenStore |
| paddy@50 | 328 } |
| paddy@57 | 329 return c.tokens.getTokensByProfileID(profileID, num, offset) |
| paddy@50 | 330 } |
| paddy@69 | 331 |
| paddy@69 | 332 // CreateSession stores the passed Session in the sessionStore associated with the Context. |
| paddy@69 | 333 func (c Context) CreateSession(session Session) error { |
| paddy@69 | 334 if c.sessions == nil { |
| paddy@69 | 335 return ErrNoSessionStore |
| paddy@69 | 336 } |
| paddy@69 | 337 return c.sessions.createSession(session) |
| paddy@69 | 338 } |
| paddy@69 | 339 |
| paddy@69 | 340 // GetSession returns the Session specified from the sessionStore associated with the Context. |
| paddy@69 | 341 func (c Context) GetSession(id string) (Session, error) { |
| paddy@69 | 342 if c.sessions == nil { |
| paddy@69 | 343 return Session{}, ErrNoSessionStore |
| paddy@69 | 344 } |
| paddy@69 | 345 return c.sessions.getSession(id) |
| paddy@69 | 346 } |
| paddy@69 | 347 |
| paddy@159 | 348 // TerminateSession sets the Session identified by the passed ID as inactive in the sessionStore assocated |
| paddy@159 | 349 // with the Context. |
| paddy@159 | 350 func (c Context) TerminateSession(id string) error { |
| paddy@159 | 351 if c.sessions == nil { |
| paddy@159 | 352 return ErrNoSessionStore |
| paddy@159 | 353 } |
| paddy@159 | 354 return c.sessions.terminateSession(id) |
| paddy@159 | 355 } |
| paddy@159 | 356 |
| paddy@69 | 357 // RemoveSession removes the Session identified by the passed ID from the sessionStore associated with |
| paddy@69 | 358 // the Context. |
| paddy@69 | 359 func (c Context) RemoveSession(id string) error { |
| paddy@69 | 360 if c.sessions == nil { |
| paddy@69 | 361 return ErrNoSessionStore |
| paddy@69 | 362 } |
| paddy@69 | 363 return c.sessions.removeSession(id) |
| paddy@69 | 364 } |
| paddy@69 | 365 |
| paddy@69 | 366 // ListSessions returns a slice of up to num Sessions from the sessionStore associated with the Context, |
| paddy@69 | 367 // ordered by the date they were created, descending. If before.IsZero() returns false, only Sessions |
| paddy@69 | 368 // that were created before that time will be returned. If profile is not nil, only Sessions belonging to |
| paddy@69 | 369 // that Profile will be returned. |
| paddy@69 | 370 func (c Context) ListSessions(profile uuid.ID, before time.Time, num int64) ([]Session, error) { |
| paddy@116 | 371 if c.sessions == nil { |
| paddy@69 | 372 return []Session{}, ErrNoSessionStore |
| paddy@69 | 373 } |
| paddy@69 | 374 return c.sessions.listSessions(profile, before, num) |
| paddy@69 | 375 } |
| paddy@134 | 376 |
| paddy@134 | 377 func (c Context) CreateScopes(scopes []Scope) error { |
| paddy@134 | 378 if c.scopes == nil { |
| paddy@134 | 379 return ErrNoScopeStore |
| paddy@134 | 380 } |
| paddy@134 | 381 return c.scopes.createScopes(scopes) |
| paddy@134 | 382 } |
| paddy@134 | 383 |
| paddy@134 | 384 func (c Context) GetScopes(ids []string) ([]Scope, error) { |
| paddy@134 | 385 if c.scopes == nil { |
| paddy@134 | 386 return []Scope{}, ErrNoScopeStore |
| paddy@134 | 387 } |
| paddy@134 | 388 return c.scopes.getScopes(ids) |
| paddy@134 | 389 } |
| paddy@134 | 390 |
| paddy@152 | 391 func (c Context) UpdateScope(id string, change ScopeChange) error { |
| paddy@134 | 392 if c.scopes == nil { |
| paddy@152 | 393 return ErrNoScopeStore |
| paddy@134 | 394 } |
| paddy@152 | 395 return c.scopes.updateScope(id, change) |
| paddy@134 | 396 } |
| paddy@134 | 397 |
| paddy@134 | 398 func (c Context) RemoveScopes(ids []string) error { |
| paddy@134 | 399 if c.scopes == nil { |
| paddy@134 | 400 return ErrNoScopeStore |
| paddy@134 | 401 } |
| paddy@134 | 402 return c.scopes.removeScopes(ids) |
| paddy@134 | 403 } |
| paddy@134 | 404 |
| paddy@134 | 405 func (c Context) ListScopes() ([]Scope, error) { |
| paddy@134 | 406 if c.scopes == nil { |
| paddy@134 | 407 return []Scope{}, ErrNoScopeStore |
| paddy@134 | 408 } |
| paddy@134 | 409 return c.scopes.listScopes() |
| paddy@134 | 410 } |