Verify Namespace

2020-05-21 18:11:35 +01:00 · 2020-05-21 18:11:35 +01:00 · 1fce0f02b6
commit 1fce0f02b6
parent 12061bd006
3 changed files with 15 additions and 4 deletions
--- a/auth/options.go
+++ b/auth/options.go
@ -225,6 +225,14 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
 	return options
 }

-type VerifyOptions struct{}
+type VerifyOptions struct {
+	Namespace string
+}

 type VerifyOption func(o *VerifyOptions)
+
+func VerifyNamespace(ns string) VerifyOption {
+	return func(o *VerifyOptions) {
+		o.Namespace = ns
+	}
+}
--- a/auth/service/service.go
+++ b/auth/service/service.go
@ -123,12 +123,15 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
 	for _, o := range opts {
 		o(&options)
 	}
+	if len(options.Namespace) == 0 {
+		options.Namespace = s.options.Namespace
+	}

 	// load the rules if none are loaded
-	s.loadRulesIfEmpty(s.Options().Namespace)
+	s.loadRulesIfEmpty(options.Namespace)

 	// verify the request using the rules
-	return rules.Verify(s.rules[s.Options().Namespace], acc, res)
+	return rules.Verify(s.rules[options.Namespace], acc, res)
 }

 // Inspect a token
--- a/util/wrapper/wrapper.go
+++ b/util/wrapper/wrapper.go
@ -221,7 +221,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			}

 			// Verify the caller has access to the resource
-			err := a.Verify(account, res)
+			err := a.Verify(account, res, auth.VerifyNamespace(ns))
 			if err != nil && account != nil {
 				return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
 			} else if err != nil {