github/steve
1
0
Fork 0
mirror of https://github.com/niusmallnan/steve.git synced 2025-04-29 03:36:32 +00:00
Code Issues Projects Releases Wiki Activity

Add ability to disallow methods per a schema attribute

Browse Source
This commit is contained in:
Darren Shepherd 2021-08-13 11:02:38 -07:00
parent e9222c6ccf
commit d9512c366d
2 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/attributes/attributes.go
View File

@ -127,6 +127,25 @@ func Access(s *types.APISchema) interface{} {
return s.Attributes["access"] return s.Attributes["access"]
} }
func AddDisallowMethods(s *types.APISchema, methods ...string) {
data, ok := s.Attributes["disallowMethods"].(map[string]bool)
if !ok {
data = map[string]bool{}
s.Attributes["disallowMethods"] = data
}
for _, method := range methods {
data[method] = true
}
}
func DisallowMethods(s *types.APISchema) map[string]bool {
data, ok := s.Attributes["disallowMethods"].(map[string]bool)
if !ok {
return nil
}
return data
}
func SetAPIResource(s *types.APISchema, resource v1.APIResource) { func SetAPIResource(s *types.APISchema, resource v1.APIResource) {
SetResource(s, resource.Name) SetResource(s, resource.Name)
SetVerbs(s, resource.Verbs) SetVerbs(s, resource.Verbs)

19
pkg/schema/factory.go
View File

@ -99,21 +99,28 @@ func (c *Collection) schemasForSubject(access *accesscontrol.AccessSet) (*types.
} }
} }
allowed := func(method string) string {
if attributes.DisallowMethods(s)[method] {
return "blocked-" + method
}
return method
}
s = s.DeepCopy() s = s.DeepCopy()
attributes.SetAccess(s, verbAccess) attributes.SetAccess(s, verbAccess)
if verbAccess.AnyVerb("list", "get") { if verbAccess.AnyVerb("list", "get") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodGet) s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodGet))
s.CollectionMethods = append(s.CollectionMethods, http.MethodGet) s.CollectionMethods = append(s.CollectionMethods, allowed(http.MethodGet))
} }
if verbAccess.AnyVerb("delete") { if verbAccess.AnyVerb("delete") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodDelete) s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodDelete))
} }
if verbAccess.AnyVerb("update") { if verbAccess.AnyVerb("update") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodPut) s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodPut))
s.ResourceMethods = append(s.ResourceMethods, http.MethodPatch) s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodPatch))
} }
if verbAccess.AnyVerb("create") { if verbAccess.AnyVerb("create") {
s.CollectionMethods = append(s.CollectionMethods, http.MethodPost) s.CollectionMethods = append(s.CollectionMethods, allowed(http.MethodPost))
} }
if len(s.CollectionMethods) == 0 && len(s.ResourceMethods) == 0 { if len(s.CollectionMethods) == 0 && len(s.ResourceMethods) == 0 {