steve/pkg/accesscontrol/access_control.go

package accesscontrol

import (
	"fmt"

	"github.com/rancher/steve/pkg/schemaserver/server"
	"github.com/rancher/steve/pkg/schemaserver/types"
)

type AccessControl struct {
	server.SchemaBasedAccess
}

func NewAccessControl() *AccessControl {
	return &AccessControl{}
}

func (a *AccessControl) CanWatch(apiOp *types.APIRequest, schema *types.APISchema) error {
	access := GetAccessListMap(schema)
	if _, ok := access["watch"]; ok {
		return nil
	}
	return fmt.Errorf("watch not allowed")
}
Initial commit 2019-08-04 17:41:32 +00:00			`package accesscontrol`

			`import (`
			`"fmt"`

Refactor 2020-01-31 05:37:59 +00:00			`"github.com/rancher/steve/pkg/schemaserver/server"`
			`"github.com/rancher/steve/pkg/schemaserver/types"`
Initial commit 2019-08-04 17:41:32 +00:00			`)`

			`type AccessControl struct {`
Add impersonation support 2020-02-03 21:28:25 +00:00			`server.SchemaBasedAccess`
Initial commit 2019-08-04 17:41:32 +00:00			`}`

			`func NewAccessControl() *AccessControl {`
			`return &AccessControl{}`
			`}`

Refactor 2020-01-31 05:37:59 +00:00			`func (a AccessControl) CanWatch(apiOp types.APIRequest, schema *types.APISchema) error {`
Initial commit 2019-08-04 17:41:32 +00:00			`access := GetAccessListMap(schema)`
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`if _, ok := access["watch"]; ok {`
			`return nil`
Initial commit 2019-08-04 17:41:32 +00:00			`}`
Full dynamic RBAC and pagination 2020-02-10 17:18:20 +00:00			`return fmt.Errorf("watch not allowed")`
Initial commit 2019-08-04 17:41:32 +00:00			`}`