github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-09-24 19:38:52 +00:00
Code Issues Projects Releases Wiki Activity

Add impersonation support

Browse Source
This commit is contained in:
Darren Shepherd
2020-02-03 14:28:25 -07:00
parent a32064f238
commit c7ac7f35af
9 changed files with 139 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/schemaserver/server/access.go
View File

@@ -9,49 +9,49 @@ import (
"github.com/rancher/wrangler/pkg/slice"
)
type AllAccess struct {
type SchemaBasedAccess struct {
}
func (*AllAccess) CanCreate(apiOp *types.APIRequest, schema *types.APISchema) error {
func (*SchemaBasedAccess) CanCreate(apiOp *types.APIRequest, schema *types.APISchema) error {
if slice.ContainsString(schema.CollectionMethods, http.MethodPost) {
return nil
}
return httperror.NewAPIError(validation.PermissionDenied, "can not create "+schema.ID)
}
func (*AllAccess) CanGet(apiOp *types.APIRequest, schema *types.APISchema) error {
func (*SchemaBasedAccess) CanGet(apiOp *types.APIRequest, schema *types.APISchema) error {
if slice.ContainsString(schema.ResourceMethods, http.MethodGet) {
return nil
}
return httperror.NewAPIError(validation.PermissionDenied, "can not get "+schema.ID)
}
func (*AllAccess) CanList(apiOp *types.APIRequest, schema *types.APISchema) error {
func (*SchemaBasedAccess) CanList(apiOp *types.APIRequest, schema *types.APISchema) error {
if slice.ContainsString(schema.CollectionMethods, http.MethodGet) {
return nil
}
return httperror.NewAPIError(validation.PermissionDenied, "can not list "+schema.ID)
}
func (*AllAccess) CanUpdate(apiOp *types.APIRequest, obj types.APIObject, schema *types.APISchema) error {
func (*SchemaBasedAccess) CanUpdate(apiOp *types.APIRequest, obj types.APIObject, schema *types.APISchema) error {
if slice.ContainsString(schema.ResourceMethods, http.MethodPut) {
return nil
}
return httperror.NewAPIError(validation.PermissionDenied, "can not update "+schema.ID)
}
func (*AllAccess) CanDelete(apiOp *types.APIRequest, obj types.APIObject, schema *types.APISchema) error {
func (*SchemaBasedAccess) CanDelete(apiOp *types.APIRequest, obj types.APIObject, schema *types.APISchema) error {
if slice.ContainsString(schema.ResourceMethods, http.MethodDelete) {
return nil
}
return httperror.NewAPIError(validation.PermissionDenied, "can not delete "+schema.ID)
}
func (a *AllAccess) CanWatch(apiOp *types.APIRequest, schema *types.APISchema) error {
func (a *SchemaBasedAccess) CanWatch(apiOp *types.APIRequest, schema *types.APISchema) error {
return a.CanList(apiOp, schema)
}
func (*AllAccess) CanAction(apiOp *types.APIRequest, schema *types.APISchema, name string) error {
func (*SchemaBasedAccess) CanAction(apiOp *types.APIRequest, schema *types.APISchema, name string) error {
if _, ok := schema.ActionHandlers[name]; ok {
return httperror.NewAPIError(validation.PermissionDenied, "no such action "+name)
}

20
pkg/schemaserver/server/server.go
View File

@@ -19,12 +19,12 @@ type RequestHandler interface {
}
type Server struct {
ResponseWriters map[string]types.ResponseWriter
Schemas *types.APISchemas
Defaults Defaults
AccessControl types.AccessControl
Parser parse.Parser
URLParser parse.URLParser
ResponseWriters map[string]types.ResponseWriter
Schemas *types.APISchemas
Defaults Defaults
AccessControl types.AccessControl
Parser parse.Parser
URLParser parse.URLParser
}
type Defaults struct {
@@ -39,7 +39,7 @@ type Defaults struct {
func DefaultAPIServer() *Server {
s := &Server{
Schemas: types.EmptyAPISchemas(),
Schemas: types.EmptyAPISchemas(),
ResponseWriters: map[string]types.ResponseWriter{
"json": &writer.EncodingResponseWriter{
ContentType: "application/json",
@@ -56,7 +56,7 @@ func DefaultAPIServer() *Server {
Encoder: types.YAMLEncoder,
},
},
AccessControl: &AllAccess{},
AccessControl: &SchemaBasedAccess{},
Defaults: Defaults{
ByIDHandler: handlers.ByIDHandler,
CreateHandler: handlers.CreateHandler,
@@ -140,8 +140,8 @@ func (s *Server) GetSchemas() *types.APISchemas {
func (s *Server) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
s.Handle(&types.APIRequest{
Request: req,
Response: rw,
Request: req,
Response: rw,
})
}

13
pkg/schemaserver/types/types.go
View File

@@ -75,8 +75,21 @@ type APISchema struct {
Store Store `json:"-"`
}
func copyHandlers(m map[string]http.Handler) map[string]http.Handler {
if m == nil {
return nil
}
result := make(map[string]http.Handler, len(m))
for k, v := range m {
result[k] = v
}
return result
}
func (a *APISchema) DeepCopy() *APISchema {
r := *a
r.ActionHandlers = copyHandlers(a.ActionHandlers)
r.LinkHandlers = copyHandlers(a.ActionHandlers)
r.Schema = r.Schema.DeepCopy()
return &r
}