all: Removes access control relics

ory · May 23, 2018 · a4d2e73 · a4d2e73
1 parent da5026c
commit a4d2e73
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 74 deletions.
diff --git a/client/handler.go b/client/handler.go
@@ -32,33 +32,14 @@ import (
 )
 
 type Handler struct {
-	Manager        Manager
-	H              herodot.Writer
-	ResourcePrefix string
+	Manager Manager
+	H       herodot.Writer
 }
 
 const (
 	ClientsHandlerPath = "/clients"
 )
 
-const (
-	ClientsResource = "clients"
-	ClientResource  = "clients:%s"
-	Scope           = "hydra.clients"
-)
-
-func (h *Handler) PrefixResource(resource string) string {
-	if h.ResourcePrefix == "" {
-		h.ResourcePrefix = "rn:hydra"
-	}
-
-	if h.ResourcePrefix[len(h.ResourcePrefix)-1] == ':' {
-		h.ResourcePrefix = h.ResourcePrefix[:len(h.ResourcePrefix)-1]
-	}
-
-	return h.ResourcePrefix + ":" + resource
-}
-
 func (h *Handler) SetRoutes(r *httprouter.Router) {
 	r.GET(ClientsHandlerPath, h.List)
 	r.POST(ClientsHandlerPath, h.Create)
@@ -75,16 +56,6 @@ func (h *Handler) SetRoutes(r *httprouter.Router) {
 //
 // OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components.
 //
-//  Additionally, the context key "owner" is set to the owner of the client, allowing policies such as:
-//
-//  ```
-//  {
-//    "resources": ["rn:hydra:clients"],
-//    "actions": ["create"],
-//    "effect": "allow",
-//    "conditions": { "owner": { "type": "EqualsSubjectCondition" } }
-//  }
-//  ```
 //
 //     Consumes:
 //     - application/json

diff --git a/cmd/server/handler_client_factory.go b/cmd/server/handler_client_factory.go
@@ -54,9 +54,8 @@ func newClientManager(c *config.Config) client.Manager {
 
 func newClientHandler(c *config.Config, router *httprouter.Router, manager client.Manager) *client.Handler {
 	h := &client.Handler{
-		H:              herodot.NewJSONWriter(c.GetLogger()),
-		Manager:        manager,
-		ResourcePrefix: c.AccessControlResourcePrefix,
+		H:       herodot.NewJSONWriter(c.GetLogger()),
+		Manager: manager,
 	}
 
 	h.SetRoutes(router)

diff --git a/cmd/server/handler_health_factory.go b/cmd/server/handler_health_factory.go
@@ -29,10 +29,9 @@ import (
 
 func newHealthHandler(c *config.Config, router *httprouter.Router) *health.Handler {
 	h := &health.Handler{
-		Metrics:        c.GetTelemetryMetrics(),
-		H:              herodot.NewJSONWriter(c.GetLogger()),
-		ResourcePrefix: c.AccessControlResourcePrefix,
-		VersionString:  c.BuildVersion,
+		Metrics:       c.GetTelemetryMetrics(),
+		H:             herodot.NewJSONWriter(c.GetLogger()),
+		VersionString: c.BuildVersion,
 	}
 	h.SetRoutes(router)
 	return h

diff --git a/cmd/server/handler_jwk_factory.go b/cmd/server/handler_jwk_factory.go
@@ -58,9 +58,8 @@ func injectJWKManager(c *config.Config) {
 func newJWKHandler(c *config.Config, router *httprouter.Router) *jwk.Handler {
 	ctx := c.Context()
 	h := &jwk.Handler{
-		H:              herodot.NewJSONWriter(c.GetLogger()),
-		Manager:        ctx.KeyManager,
-		ResourcePrefix: c.AccessControlResourcePrefix,
+		H:       herodot.NewJSONWriter(c.GetLogger()),
+		Manager: ctx.KeyManager,
 	}
 	h.SetRoutes(router)
 	return h

diff --git a/jwk/handler.go b/jwk/handler.go
@@ -38,22 +38,9 @@ const (
 )
 
 type Handler struct {
-	Manager        Manager
-	Generators     map[string]KeyGenerator
-	H              herodot.Writer
-	ResourcePrefix string
-}
-
-func (h *Handler) PrefixResource(resource string) string {
-	if h.ResourcePrefix == "" {
-		h.ResourcePrefix = "rn:hydra"
-	}
-
-	if h.ResourcePrefix[len(h.ResourcePrefix)-1] == ':' {
-		h.ResourcePrefix = h.ResourcePrefix[:len(h.ResourcePrefix)-1]
-	}
-
-	return h.ResourcePrefix + ":" + resource
+	Manager    Manager
+	Generators map[string]KeyGenerator
+	H          herodot.Writer
 }
 
 func (h *Handler) GetGenerators() map[string]KeyGenerator {

diff --git a/oauth2/handler.go b/oauth2/handler.go
@@ -273,14 +273,6 @@ func (h *Handler) RevocationHandler(w http.ResponseWriter, r *http.Request, _ ht
 // is neither expired nor revoked. If a token is active, additional information on the token will be included. You can
 // set additional data for a token by setting `accessTokenExtra` during the consent flow.
 //
-//  ```
-//  {
-//    "resources": ["rn:hydra:oauth2:tokens"],
-//    "actions": ["introspect"],
-//    "effect": "allow"
-//  }
-//  ```
-//
 //     Consumes:
 //     - application/x-www-form-urlencoded
 //
@@ -339,15 +331,6 @@ func (h *Handler) IntrospectHandler(w http.ResponseWriter, r *http.Request, _ ht
 // not be touched, in case you want to keep recent tokens for auditing. Refresh tokens can not be flushed as they are deleted
 // automatically when performing the refresh flow.
 //
-//
-//  ```
-//  {
-//    "resources": ["rn:hydra:oauth2:tokens"],
-//    "actions": ["flush"],
-//    "effect": "allow"
-//  }
-//  ```
-//
 //     Consumes:
 //     - application/json
 //