Verify Namespace
This commit is contained in:
parent
12061bd006
commit
1fce0f02b6
@ -225,6 +225,14 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
|
|||||||
return options
|
return options
|
||||||
}
|
}
|
||||||
|
|
||||||
type VerifyOptions struct{}
|
type VerifyOptions struct {
|
||||||
|
Namespace string
|
||||||
|
}
|
||||||
|
|
||||||
type VerifyOption func(o *VerifyOptions)
|
type VerifyOption func(o *VerifyOptions)
|
||||||
|
|
||||||
|
func VerifyNamespace(ns string) VerifyOption {
|
||||||
|
return func(o *VerifyOptions) {
|
||||||
|
o.Namespace = ns
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@ -123,12 +123,15 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
|
|||||||
for _, o := range opts {
|
for _, o := range opts {
|
||||||
o(&options)
|
o(&options)
|
||||||
}
|
}
|
||||||
|
if len(options.Namespace) == 0 {
|
||||||
|
options.Namespace = s.options.Namespace
|
||||||
|
}
|
||||||
|
|
||||||
// load the rules if none are loaded
|
// load the rules if none are loaded
|
||||||
s.loadRulesIfEmpty(s.Options().Namespace)
|
s.loadRulesIfEmpty(options.Namespace)
|
||||||
|
|
||||||
// verify the request using the rules
|
// verify the request using the rules
|
||||||
return rules.Verify(s.rules[s.Options().Namespace], acc, res)
|
return rules.Verify(s.rules[options.Namespace], acc, res)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Inspect a token
|
// Inspect a token
|
||||||
|
@ -221,7 +221,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Verify the caller has access to the resource
|
// Verify the caller has access to the resource
|
||||||
err := a.Verify(account, res)
|
err := a.Verify(account, res, auth.VerifyNamespace(ns))
|
||||||
if err != nil && account != nil {
|
if err != nil && account != nil {
|
||||||
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
|
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
|
||||||
} else if err != nil {
|
} else if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user