summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAlexandru Scvortov <alexandru@rabbitmq.com>2010-07-14 10:56:38 +0100
committerAlexandru Scvortov <alexandru@rabbitmq.com>2010-07-14 10:56:38 +0100
commit1849d6af7ea940f557a643c30ff67e091a3f863e (patch)
treee195e6cb6c9a62b97e96c8e741daa47144734322 /src
parent74a64a59adc4515f08c7a61034be9ec6bad08210 (diff)
downloadrabbitmq-server-git-1849d6af7ea940f557a643c30ff67e091a3f863e.tar.gz
added a flag to set_permissions to control their scope
set_permissions -check_user_named is the default and checks permissions only for user named permissions. I.e. server generated names are not checked. set_permissions -check_all_resources enables the check for server generated names. I had to shorten the argument names in the man page because otherwise the set_permissions line would have exceeded 80 characters. All parameters passed from rabbit_control to rabbit_access_control are binary(), hence why we're passing <<"check_user_name">> rather than 'check_user_named'. Rabbit_access_control:set_permissions now takes 6 parameters. There's also a 5 parameter version that sets the default value for Check and calls the other one. I've added it because I don't want the default value for Check in 10 different places.
Diffstat (limited to 'src')
-rw-r--r--src/rabbit_access_control.erl26
-rw-r--r--src/rabbit_control.erl17
2 files changed, 24 insertions, 19 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index 4863c9d9ea..e4f557cc1a 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -38,7 +38,7 @@
-export([add_user/2, delete_user/1, change_password/2, list_users/0,
lookup_user/1]).
-export([add_vhost/1, delete_vhost/1, list_vhosts/0]).
--export([set_permissions/5, set_permissions_all/5, clear_permissions/2,
+-export([set_permissions/5, set_permissions/6, clear_permissions/2,
list_vhost_permissions/1, list_user_permissions/1]).
%%----------------------------------------------------------------------------
@@ -51,6 +51,7 @@
-type(username() :: binary()).
-type(password() :: binary()).
-type(regexp() :: binary()).
+-type(check_flag() :: binary()).
-spec(check_login/2 :: (binary(), binary()) -> rabbit_types:user()).
-spec(user_pass_login/2 :: (username(), password()) -> rabbit_types:user()).
@@ -70,6 +71,8 @@
-spec(list_vhosts/0 :: () -> [rabbit_types:vhost()]).
-spec(set_permissions/5 ::(username(), rabbit_types:vhost(), regexp(),
regexp(), regexp()) -> 'ok').
+-spec(set_permissions/6 ::(check_flag(), username(), rabbit_types:vhost(),
+ regexp(), regexp(), regexp()) -> 'ok').
-spec(clear_permissions/2 :: (username(), rabbit_types:vhost()) -> 'ok').
-spec(list_vhost_permissions/1 ::
(rabbit_types:vhost())
@@ -307,9 +310,17 @@ validate_regexp(RegexpBin) ->
{error, Reason} -> throw({error, {invalid_regexp, Regexp, Reason}})
end.
-set_permissions_internal(Username, VHostPath, Check, ConfigurePerm,
- WritePerm, ReadPerm) ->
+set_permissions(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
+ set_permissions(<<"check_user_named">>, Username, VHostPath, ConfigurePerm,
+ WritePerm, ReadPerm).
+
+set_permissions(Check, Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
lists:map(fun validate_regexp/1, [ConfigurePerm, WritePerm, ReadPerm]),
+ Check1 = case Check of
+ <<"check_user_named">> -> check_user_named;
+ <<"check_all_resources">> -> check_all_resources;
+ _ -> throw({error, {invalid_check_flag, Check}})
+ end,
rabbit_misc:execute_mnesia_transaction(
rabbit_misc:with_user_and_vhost(
Username, VHostPath,
@@ -319,20 +330,13 @@ set_permissions_internal(Username, VHostPath, Check, ConfigurePerm,
username = Username,
virtual_host = VHostPath},
permission = #permission{
- check = Check,
+ check = Check1,
configure = ConfigurePerm,
write = WritePerm,
read = ReadPerm}},
write)
end)).
-set_permissions(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
- set_permissions_internal(Username, VHostPath, 'check_user_named', ConfigurePerm,
- WritePerm, ReadPerm).
-
-set_permissions_all(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
- set_permissions_internal(Username, VHostPath, 'check_all_resources', ConfigurePerm,
- WritePerm, ReadPerm).
clear_permissions(Username, VHostPath) ->
rabbit_misc:execute_mnesia_transaction(
diff --git a/src/rabbit_control.erl b/src/rabbit_control.erl
index 2f13a0a6d4..602b4660fc 100644
--- a/src/rabbit_control.erl
+++ b/src/rabbit_control.erl
@@ -271,16 +271,17 @@ action(Command, Node, Args, Inform) ->
{VHost, RemainingArgs} = parse_vhost_flag(Args),
action(Command, Node, VHost, RemainingArgs, Inform).
-action(set_permissions, Node, VHost, [Username, CPerm, WPerm, RPerm], Inform) ->
+action(set_permissions, Node, VHost, Args, Inform) ->
+ {Check, [Username, CPerm, WPerm, RPerm]} =
+ case Args of
+ [[$- | Flag] | RemainingArgs] ->
+ {Flag, RemainingArgs};
+ RemainingArgs ->
+ {"check_user_named", RemainingArgs}
+ end,
Inform("Setting permissions for user ~p in vhost ~p", [Username, VHost]),
call(Node, {rabbit_access_control, set_permissions,
- [Username, VHost, CPerm, WPerm, RPerm]});
-
-action(set_permissions_all, Node, VHost, [Username, CPerm, WPerm, RPerm], Inform) ->
- Inform("Setting permissions for all resources for user ~p in vhost ~p",
- [Username, VHost]),
- call(Node, {rabbit_access_control, set_permissions_all,
- [Username, VHost, CPerm, WPerm, RPerm]});
+ [Check, Username, VHost, CPerm, WPerm, RPerm]});
action(clear_permissions, Node, VHost, [Username], Inform) ->
Inform("Clearing permissions for user ~p in vhost ~p", [Username, VHost]),
View Lorry Controller Status