rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-09-18 16:39:07 +00:00
Code Issues Projects Releases Wiki Activity

Add ability to disallow methods per a schema attribute

Browse Source
This commit is contained in:
Darren Shepherd
2021-08-13 11:02:38 -07:00
parent e9222c6ccf
commit d9512c366d
2 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/schema/factory.go
View File

@@ -99,21 +99,28 @@ func (c *Collection) schemasForSubject(access *accesscontrol.AccessSet) (*types.
}
}
allowed := func(method string) string {
if attributes.DisallowMethods(s)[method] {
return "blocked-" + method
}
return method
}
s = s.DeepCopy()
attributes.SetAccess(s, verbAccess)
if verbAccess.AnyVerb("list", "get") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodGet)
s.CollectionMethods = append(s.CollectionMethods, http.MethodGet)
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodGet))
s.CollectionMethods = append(s.CollectionMethods, allowed(http.MethodGet))
}
if verbAccess.AnyVerb("delete") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodDelete)
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodDelete))
}
if verbAccess.AnyVerb("update") {
s.ResourceMethods = append(s.ResourceMethods, http.MethodPut)
s.ResourceMethods = append(s.ResourceMethods, http.MethodPatch)
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodPut))
s.ResourceMethods = append(s.ResourceMethods, allowed(http.MethodPatch))
}
if verbAccess.AnyVerb("create") {
s.CollectionMethods = append(s.CollectionMethods, http.MethodPost)
s.CollectionMethods = append(s.CollectionMethods, allowed(http.MethodPost))
}
if len(s.CollectionMethods) == 0 && len(s.ResourceMethods) == 0 {