diff options
| author | Alexandru Scvortov <alexandru@rabbitmq.com> | 2010-07-14 12:52:28 +0100 |
|---|---|---|
| committer | Alexandru Scvortov <alexandru@rabbitmq.com> | 2010-07-14 12:52:28 +0100 |
| commit | 230b712847a1dd8ab1c497bee381da701f997166 (patch) | |
| tree | b2fba9d39abfe97166ae03f938b8bb1bededcbfd | |
| parent | c352c9cde25e776aeeb923e0adfc3f89340beaec (diff) | |
| download | rabbitmq-server-git-230b712847a1dd8ab1c497bee381da701f997166.tar.gz | |
scope is not set via the -s flag
| -rw-r--r-- | docs/rabbitmqctl.1.xml | 11 | ||||
| -rw-r--r-- | include/rabbit.hrl | 2 | ||||
| -rw-r--r-- | src/rabbit_access_control.erl | 34 | ||||
| -rw-r--r-- | src/rabbit_control.erl | 10 | ||||
| -rw-r--r-- | src/rabbit_tests.erl | 8 |
5 files changed, 32 insertions, 33 deletions
diff --git a/docs/rabbitmqctl.1.xml b/docs/rabbitmqctl.1.xml index 74ac95686b..836af26432 100644 --- a/docs/rabbitmqctl.1.xml +++ b/docs/rabbitmqctl.1.xml @@ -547,7 +547,7 @@ </varlistentry> <varlistentry> - <term><cmdsynopsis><command>set_permissions</command> <arg choice="opt">-p <replaceable>vhostpath</replaceable></arg> <arg choice="opt">-<replaceable>check</replaceable></arg> <arg choice="req"><replaceable>user</replaceable></arg> <arg choice="req"><replaceable>conf</replaceable></arg> <arg choice="req"><replaceable>write</replaceable></arg> <arg choice="req"><replaceable>read</replaceable></arg></cmdsynopsis></term> + <term><cmdsynopsis><command>set_permissions</command> <arg choice="opt">-p <replaceable>vhostpath</replaceable></arg> <arg choice="opt">-s <replaceable>scope</replaceable></arg> <arg choice="req"><replaceable>user</replaceable></arg> <arg choice="req"><replaceable>conf</replaceable></arg> <arg choice="req"><replaceable>write</replaceable></arg> <arg choice="req"><replaceable>read</replaceable></arg></cmdsynopsis></term> <listitem> <variablelist> <varlistentry> @@ -555,11 +555,10 @@ <listitem><para>The name of the virtual host to which to grant the user access, defaulting to <command>/</command>.</para></listitem> </varlistentry> <varlistentry> - <term>check</term> - <listitem><para>Which resources should permissions be - checked for? Either - <command>check_user_named</command> (the default) or - <command>check_all_resources</command>.</para></listitem> + <term>scope</term> + <listitem><para>Scope of the permissions: either + <command>client</command> (the default) or + <command>all</command>.</para></listitem> </varlistentry> <varlistentry> <term>user</term> diff --git a/include/rabbit.hrl b/include/rabbit.hrl index 653ad2fd73..490399787d 100644 --- a/include/rabbit.hrl +++ b/include/rabbit.hrl @@ -30,7 +30,7 @@ %% -record(user, {username, password}). --record(permission, {check, configure, write, read}). +-record(permission, {scope, configure, write, read}). -record(user_vhost, {username, virtual_host}). -record(user_permission, {user_vhost, permission}). diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index e4f557cc1a..5578e24bcc 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -51,7 +51,7 @@ -type(username() :: binary()). -type(password() :: binary()). -type(regexp() :: binary()). --type(check_flag() :: binary()). +-type(scope() :: binary()). -spec(check_login/2 :: (binary(), binary()) -> rabbit_types:user()). -spec(user_pass_login/2 :: (username(), password()) -> rabbit_types:user()). @@ -71,7 +71,7 @@ -spec(list_vhosts/0 :: () -> [rabbit_types:vhost()]). -spec(set_permissions/5 ::(username(), rabbit_types:vhost(), regexp(), regexp(), regexp()) -> 'ok'). --spec(set_permissions/6 ::(check_flag(), username(), rabbit_types:vhost(), +-spec(set_permissions/6 ::(scope(), username(), rabbit_types:vhost(), regexp(), regexp(), regexp()) -> 'ok'). -spec(clear_permissions/2 :: (username(), rabbit_types:vhost()) -> 'ok'). -spec(list_vhost_permissions/1 :: @@ -152,7 +152,7 @@ check_vhost_access(#user{username = Username}, VHostPath) -> [VHostPath, Username]) end. -permission_index(check) -> #permission.check; +permission_index(scope) -> #permission.scope; permission_index(configure) -> #permission.configure; permission_index(write) -> #permission.write; permission_index(read) -> #permission.read. @@ -165,7 +165,7 @@ check_resource_access(Username, Permission); check_resource_access(_Username, #resource{name = <<"amq.gen",_/binary>>}, - #permission{check = 'check_user_named'}) -> + #permission{scope = 'client'}) -> ok; check_resource_access(Username, R = #resource{virtual_host = VHostPath, name = Name}, @@ -311,15 +311,15 @@ validate_regexp(RegexpBin) -> end. set_permissions(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) -> - set_permissions(<<"check_user_named">>, Username, VHostPath, ConfigurePerm, + set_permissions(<<"client">>, Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm). -set_permissions(Check, Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) -> +set_permissions(Scope, Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) -> lists:map(fun validate_regexp/1, [ConfigurePerm, WritePerm, ReadPerm]), - Check1 = case Check of - <<"check_user_named">> -> check_user_named; - <<"check_all_resources">> -> check_all_resources; - _ -> throw({error, {invalid_check_flag, Check}}) + Scope1 = case Scope of + <<"client">> -> client; + <<"all">> -> all; + _ -> throw({error, {invalid_scope, Scope}}) end, rabbit_misc:execute_mnesia_transaction( rabbit_misc:with_user_and_vhost( @@ -330,7 +330,7 @@ set_permissions(Check, Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) username = Username, virtual_host = VHostPath}, permission = #permission{ - check = Check1, + scope = Scope1, configure = ConfigurePerm, write = WritePerm, read = ReadPerm}}, @@ -349,23 +349,23 @@ clear_permissions(Username, VHostPath) -> end)). list_vhost_permissions(VHostPath) -> - [{Username, ConfigurePerm, WritePerm, ReadPerm, Check} || - {Username, _, ConfigurePerm, WritePerm, ReadPerm, Check} <- + [{Username, ConfigurePerm, WritePerm, ReadPerm, Scope} || + {Username, _, ConfigurePerm, WritePerm, ReadPerm, Scope} <- list_permissions(rabbit_misc:with_vhost( VHostPath, match_user_vhost('_', VHostPath)))]. list_user_permissions(Username) -> - [{VHostPath, ConfigurePerm, WritePerm, ReadPerm, Check} || - {_, VHostPath, ConfigurePerm, WritePerm, ReadPerm, Check} <- + [{VHostPath, ConfigurePerm, WritePerm, ReadPerm, Scope} || + {_, VHostPath, ConfigurePerm, WritePerm, ReadPerm, Scope} <- list_permissions(rabbit_misc:with_user( Username, match_user_vhost(Username, '_')))]. list_permissions(QueryThunk) -> - [{Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm, Check} || + [{Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm, Scope} || #user_permission{user_vhost = #user_vhost{username = Username, virtual_host = VHostPath}, permission = #permission{ - check = Check, + scope = Scope, configure = ConfigurePerm, write = WritePerm, read = ReadPerm}} <- diff --git a/src/rabbit_control.erl b/src/rabbit_control.erl index 602b4660fc..21d88bbc73 100644 --- a/src/rabbit_control.erl +++ b/src/rabbit_control.erl @@ -272,16 +272,16 @@ action(Command, Node, Args, Inform) -> action(Command, Node, VHost, RemainingArgs, Inform). action(set_permissions, Node, VHost, Args, Inform) -> - {Check, [Username, CPerm, WPerm, RPerm]} = + {Scope, [Username, CPerm, WPerm, RPerm]} = case Args of - [[$- | Flag] | RemainingArgs] -> - {Flag, RemainingArgs}; + ["-s", ScopeArg | RemainingArgs] -> + {ScopeArg, RemainingArgs}; RemainingArgs -> - {"check_user_named", RemainingArgs} + {"client", RemainingArgs} end, Inform("Setting permissions for user ~p in vhost ~p", [Username, VHost]), call(Node, {rabbit_access_control, set_permissions, - [Check, Username, VHost, CPerm, WPerm, RPerm]}); + [Scope, Username, VHost, CPerm, WPerm, RPerm]}); action(clear_permissions, Node, VHost, [Username], Inform) -> Inform("Clearing permissions for user ~p in vhost ~p", [Username, VHost]), diff --git a/src/rabbit_tests.erl b/src/rabbit_tests.erl index e1c4db33da..71d7902f40 100644 --- a/src/rabbit_tests.erl +++ b/src/rabbit_tests.erl @@ -747,8 +747,8 @@ test_user_management() -> control_action(list_permissions, ["-p", "/testhost"]), {error, {invalid_regexp, _, _}} = control_action(set_permissions, ["guest", "+foo", ".*", ".*"]), - {error, {invalid_check_flag, _}} = - control_action(set_permissions, ["-check_mate", "guest", "foo", ".*", ".*"]), + {error, {invalid_scope, _}} = + control_action(set_permissions, ["-s", "cilent", "guest", "foo", ".*", ".*"]), %% user creation ok = control_action(add_user, ["foo", "bar"]), @@ -769,10 +769,10 @@ test_user_management() -> ok = control_action(set_permissions, ["-p", "/testhost", "foo", ".*", ".*", ".*"]), ok = control_action(set_permissions, ["-p", "/testhost", - "-check_user_named", + "-s", "client", "foo", ".*", ".*", ".*"]), ok = control_action(set_permissions, ["-p", "/testhost", - "-check_all_resources", + "-s", "all", "foo", ".*", ".*", ".*"]), ok = control_action(list_permissions, ["-p", "/testhost"]), ok = control_action(list_permissions, ["-p", "/testhost"]), |