diff options
| author | Robby Raschke <robby.raschke@erlang-solutions.com> | 2015-09-30 11:35:14 +0200 |
|---|---|---|
| committer | Robby Raschke <robby.raschke@erlang-solutions.com> | 2015-09-30 11:35:14 +0200 |
| commit | 0f8947bebed309cff647a8ae566ef9f8ccf6fd5b (patch) | |
| tree | 528c6ab5fac22ad0da7ecaa7995a8ee12c440df0 | |
| parent | 31a4b251e4ce303458031d09f29730a8c27aff6d (diff) | |
| download | rabbitmq-server-git-0f8947bebed309cff647a8ae566ef9f8ccf6fd5b.tar.gz | |
Add the permission tags from an explicit separate authorization step into the user record.
| -rw-r--r-- | src/rabbit_access_control.erl | 12 | ||||
| -rw-r--r-- | src/rabbit_auth_backend_internal.erl | 4 |
2 files changed, 8 insertions, 8 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index fc7a59c743..9ad177f318 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -76,7 +76,7 @@ check_user_login(Username, AuthProps) -> %% it gives us case try_authenticate(Mod, Username, AuthProps) of {ok, ModNUser = #auth_user{impl = Impl}} -> - user(ModNUser, {ok, [{Mod, Impl}]}); + user(ModNUser, {ok, [{Mod, Impl}], []}); Else -> Else end; @@ -98,9 +98,9 @@ try_authenticate(Module, Username, AuthProps) -> try_authorize(Modules, Username) -> lists:foldr( - fun (Module, {ok, ModsImpls}) -> + fun (Module, {ok, ModsImpls, ModsTags}) -> case Module:user_login_authorization(Username) of - {ok, Impl} -> {ok, [{Module, Impl} | ModsImpls]}; + {ok, Impl, Tags}-> {ok, [{Module, Impl} | ModsImpls], ModsTags++Tags}; {error, E} -> {refused, Username, "~s failed authorizing ~s: ~p~n", [Module, Username, E]}; @@ -108,11 +108,11 @@ try_authorize(Modules, Username) -> end; (_, {refused, F, A}) -> {refused, Username, F, A} - end, {ok, []}, Modules). + end, {ok, [], []}, Modules). -user(#auth_user{username = Username, tags = Tags}, {ok, ModZImpls}) -> +user(#auth_user{username = Username, tags = Tags}, {ok, ModZImpls, ModZTags}) -> {ok, #user{username = Username, - tags = Tags, + tags = Tags++ModZTags, authz_backends = ModZImpls}}; user(_AuthUser, Error) -> Error. diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl index e53ce50c22..2b2a0ba20e 100644 --- a/src/rabbit_auth_backend_internal.erl +++ b/src/rabbit_auth_backend_internal.erl @@ -92,8 +92,8 @@ user_login_authentication(Username, AuthProps) -> user_login_authorization(Username) -> case user_login_authentication(Username, []) of - {ok, #auth_user{impl = Impl}} -> {ok, Impl}; - Else -> Else + {ok, #auth_user{impl = Impl, tags = Tags}} -> {ok, Impl, Tags}; + Else -> Else end. internal_check_user_login(Username, Fun) -> |