rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-04-28 03:10:32 +00:00
Code Issues Projects Releases Wiki Activity

Add ability to disallow methods per a schema attribute

Browse Source
This commit is contained in:
Darren Shepherd 2021-08-13 11:02:38 -07:00
parent e9222c6ccf
commit d9512c366d
2 changed files with 32 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/attributes/attributes.go
View File

@ -127,6 +127,25 @@ func Access(s *types.APISchema) interface{} {
return s.Attributes["access"]
}
func AddDisallowMethods(s *types.APISchema, methods ...string) {
data, ok := s.Attributes["disallowMethods"].(map[string]bool)
if !ok {
data = map[string]bool{}
s.Attributes["disallowMethods"] = data
}
for _, method := range methods {
data[method] = true
}
}
func DisallowMethods(s *types.APISchema) map[string]bool {
data, ok := s.Attributes["disallowMethods"].(map[string]bool)
if !ok {
return nil
}
return data
}
func SetAPIResource(s *types.APISchema, resource v1.APIResource) {
SetResource(s, resource.Name)
SetVerbs(s, resource.Verbs)

19
pkg/schema/factory.go
View File

@ -99,21 +99,28 @@ func (c *Collection) schemasForSubject(access *accesscontrol.AccessSet) (*types.
}
}
allowed := func(method string) string {
if attributes.DisallowMethods(s)[method] {
return "blocked-" + method
}
return method
}
s = s.DeepCopy()
attributes.SetAccess(s, verbAccess)
if verbAccess.AnyVerb("list", "get") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodGet)
s.CollectionMethods = append(s.CollectionMethods, http.MethodGet)
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodGet))
s.CollectionMethods = append(s.CollectionMethods, allowed(http.MethodGet))
}
if verbAccess.AnyVerb("delete") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodDelete)
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodDelete))
}
if verbAccess.AnyVerb("update") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodPut)
s.ResourceMethods = append(s.ResourceMethods, http.MethodPatch)
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodPut))
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodPatch))
}
if verbAccess.AnyVerb("create") {
s.CollectionMethods = append(s.CollectionMethods, http.MethodPost)
s.CollectionMethods = append(s.CollectionMethods, allowed(http.MethodPost))
}
if len(s.CollectionMethods) == 0 && len(s.ResourceMethods) == 0 {