Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

*: support deleteRange perm checking

Browse Source
This commit is contained in:
Xiang Li 2016-06-13 17:19:59 -07:00
parent a26ebfb675
commit c75fa6fdc9
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
auth/store.go
View File

@ -113,6 +113,9 @@ type AuthStore interface {
// IsRangePermitted checks range permission of the user
IsRangePermitted(header *pb.RequestHeader, key, rangeEnd []byte) bool
// IsDeleteRangePermitted checks delete-range permission of the user
IsDeleteRangePermitted(username string, key, rangeEnd []byte) bool
// IsAdminPermitted checks admin permission of the user
IsAdminPermitted(username string) bool
@ -575,6 +578,10 @@ func (as *authStore) IsRangePermitted(header *pb.RequestHeader, key, rangeEnd []
return as.isOpPermitted(header.Username, key, rangeEnd, authpb.READ)
}
func (as *authStore) IsDeleteRangePermitted(username string, key, rangeEnd []byte) bool {
return as.isOpPermitted(username, key, rangeEnd, authpb.WRITE)
}
func (as *authStore) IsAdminPermitted(username string) bool {
if !as.isAuthEnabled() {
return true

6
etcdserver/apply.go
View File

@ -104,7 +104,11 @@ func (s *EtcdServer) applyV3Request(r *pb.InternalRaftRequest) *applyResult {
ar.err = auth.ErrPermissionDenied
}
case r.DeleteRange != nil:
ar.resp, ar.err = s.applyV3.DeleteRange(noTxn, r.DeleteRange)
if s.AuthStore().IsDeleteRangePermitted(r.Header.Username, r.DeleteRange.Key, r.DeleteRange.RangeEnd) {
ar.resp, ar.err = s.applyV3.DeleteRange(noTxn, r.DeleteRange)
} else {
ar.err = auth.ErrPermissionDenied
}
case r.Txn != nil:
ar.resp, ar.err = s.applyV3.Txn(r.Txn)
case r.Compaction != nil: