Add auth scope constants
This commit is contained in:
parent
fbb91c6cb7
commit
9c072a372c
@ -7,8 +7,14 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
// BearerScheme used for Authorization header
|
// BearerScheme used for Authorization header
|
||||||
const BearerScheme = "Bearer "
|
BearerScheme = "Bearer "
|
||||||
|
// ScopePublic is the scope applied to a rule to allow access to the public
|
||||||
|
ScopePublic = ""
|
||||||
|
// ScopeAccount is the scope applied to a rule to limit to users with any valid account
|
||||||
|
ScopeAccount = "*"
|
||||||
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// ErrInvalidToken is when the token provided is not valid
|
// ErrInvalidToken is when the token provided is not valid
|
||||||
|
@ -51,9 +51,9 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error {
|
|||||||
// loop through the rules and check for a rule which applies to this account
|
// loop through the rules and check for a rule which applies to this account
|
||||||
for _, rule := range filteredRules {
|
for _, rule := range filteredRules {
|
||||||
// a blank scope indicates the rule applies to everyone, even nil accounts
|
// a blank scope indicates the rule applies to everyone, even nil accounts
|
||||||
if rule.Scope == "" && rule.Access == auth.AccessDenied {
|
if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessDenied {
|
||||||
return auth.ErrForbidden
|
return auth.ErrForbidden
|
||||||
} else if rule.Scope == "" && rule.Access == auth.AccessGranted {
|
} else if rule.Scope == auth.ScopePublic && rule.Access == auth.AccessGranted {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -63,9 +63,9 @@ func Verify(rules []*auth.Rule, acc *auth.Account, res *auth.Resource) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// this rule applies to any account
|
// this rule applies to any account
|
||||||
if rule.Scope == "*" && rule.Access == auth.AccessDenied {
|
if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessDenied {
|
||||||
return auth.ErrForbidden
|
return auth.ErrForbidden
|
||||||
} else if rule.Scope == "*" && rule.Access == auth.AccessGranted {
|
} else if rule.Scope == auth.ScopeAccount && rule.Access == auth.AccessGranted {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user