Verify Namespace

This commit is contained in:
Ben Toogood 2020-05-21 18:11:35 +01:00
parent 12061bd006
commit 1fce0f02b6
3 changed files with 15 additions and 4 deletions

View File

@ -225,6 +225,14 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
return options
}
type VerifyOptions struct{}
type VerifyOptions struct {
Namespace string
}
type VerifyOption func(o *VerifyOptions)
func VerifyNamespace(ns string) VerifyOption {
return func(o *VerifyOptions) {
o.Namespace = ns
}
}

View File

@ -123,12 +123,15 @@ func (s *svc) Verify(acc *auth.Account, res *auth.Resource, opts ...auth.VerifyO
for _, o := range opts {
o(&options)
}
if len(options.Namespace) == 0 {
options.Namespace = s.options.Namespace
}
// load the rules if none are loaded
s.loadRulesIfEmpty(s.Options().Namespace)
s.loadRulesIfEmpty(options.Namespace)
// verify the request using the rules
return rules.Verify(s.rules[s.Options().Namespace], acc, res)
return rules.Verify(s.rules[options.Namespace], acc, res)
}
// Inspect a token

View File

@ -221,7 +221,7 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
}
// Verify the caller has access to the resource
err := a.Verify(account, res)
err := a.Verify(account, res, auth.VerifyNamespace(ns))
if err != nil && account != nil {
return errors.Forbidden(req.Service(), "Forbidden call made to %v:%v by %v", req.Service(), req.Endpoint(), account.ID)
} else if err != nil {