Never pass the #user{} record into auth backends, they should only see their own stuff. Get rid of authN_backend, it has little reason for existing. Flatten case of authZ_backend.

author: Simon MacMullen <simon@rabbitmq.com> 2014-11-13 16:18:20 +0000
committer: Simon MacMullen <simon@rabbitmq.com> 2014-11-13 16:18:20 +0000
commit: 751b440de2846a87814a2d926043958968a33a7e (patch)
tree: ef889c313f6683105d0b93799844180a101e5bc0 /include/rabbit.hrl
parent: 1f1aeb21df22abb740483dd011ccec1a25c299b7 (diff)
download: rabbitmq-server-git-751b440de2846a87814a2d926043958968a33a7e.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/include/rabbit.hrl b/include/rabbit.hrl
index 627d0479b5..86c30fc581 100644
--- a/include/rabbit.hrl
+++ b/include/rabbit.hrl
@@ -14,12 +14,17 @@
 %% Copyright (c) 2007-2014 GoPivotal, Inc.  All rights reserved.
 %%
 
+%% Passed around most places
 -record(user, {username,
                tags,
-               authN_backend, %% Authentication module this user came from
-               authZ_backends %% List of authorization modules
-              }).
+               authz_backends}). %% List of {Module, AuthUser} pairs
 
+%% Passed to auth backends
+-record(auth_user, {username,
+                    tags,
+                    impl}).
+
+%% Implementation for the internal auth backend
 -record(internal_user, {username, password_hash, tags}).
 -record(permission, {configure, write, read}).
 -record(user_vhost, {username, virtual_host}).
author	Simon MacMullen <simon@rabbitmq.com>	2014-11-13 16:18:20 +0000
committer	Simon MacMullen <simon@rabbitmq.com>	2014-11-13 16:18:20 +0000
commit	751b440de2846a87814a2d926043958968a33a7e (patch)
tree	ef889c313f6683105d0b93799844180a101e5bc0 /include/rabbit.hrl
parent	1f1aeb21df22abb740483dd011ccec1a25c299b7 (diff)
download	rabbitmq-server-git-751b440de2846a87814a2d926043958968a33a7e.tar.gz