Verify Namespace

auth/options.go

@@ -225,6 +225,14 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
 	return options
 }
 
-type VerifyOptions struct{}
+type VerifyOptions struct {
+	Namespace string
+}
 
 type VerifyOption func(o *VerifyOptions)
+
+func VerifyNamespace(ns string) VerifyOption {
+	return func(o *VerifyOptions) {
+		o.Namespace = ns
+	}
+}

auth/service/service.go

@@ -123,12 +123,15 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
 	for _, o := range opts {
 		o(&options)
 	}
+	if len(options.Namespace) == 0 {
+		options.Namespace = s.options.Namespace
+	}
 
 	// load the rules if none are loaded
-	s.loadRulesIfEmpty(s.Options().Namespace)
+	s.loadRulesIfEmpty(options.Namespace)
 
 	// verify the request using the rules
-	return rules.Verify(s.rules[s.Options().Namespace], acc, res)
+	return rules.Verify(s.rules[options.Namespace], acc, res)
 }
 
 // Inspect a token

util/wrapper/wrapper.go

@@ -221,7 +221,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			}
 
 			// Verify the caller has access to the resource
-			err := a.Verify(account, res)
+			err := a.Verify(account, res, auth.VerifyNamespace(ns))
 			if err != nil && account != nil {
 				return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
 			} else if err != nil {