diff options
| author | Michael Klishin <michael@novemberain.com> | 2015-10-05 21:47:43 +0300 |
|---|---|---|
| committer | Michael Klishin <michael@novemberain.com> | 2015-10-05 21:47:43 +0300 |
| commit | 6a65e1343bb1412f2c99366712b8eb593b73659f (patch) | |
| tree | a2acada452fb7377d7ac0d8030e5303d863d788c /src | |
| parent | e09b99351721b7498f8fe0afc2fbae76aa6840ef (diff) | |
| parent | 0f7eb9d44040d5147cbb5a6646aa69d3afe1f9d8 (diff) | |
| download | rabbitmq-server-git-6a65e1343bb1412f2c99366712b8eb593b73659f.tar.gz | |
Merge pull request #345 from rabbitmq/rabbitmq-server-338
Collect tags from all authz backends
Diffstat (limited to 'src')
| -rw-r--r-- | src/rabbit_access_control.erl | 13 | ||||
| -rw-r--r-- | src/rabbit_auth_backend_internal.erl | 4 | ||||
| -rw-r--r-- | src/rabbit_authz_backend.erl | 4 |
3 files changed, 12 insertions, 9 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index fc7a59c743..d9dd9cc3dc 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -76,7 +76,7 @@ check_user_login(Username, AuthProps) -> %% it gives us case try_authenticate(Mod, Username, AuthProps) of {ok, ModNUser = #auth_user{impl = Impl}} -> - user(ModNUser, {ok, [{Mod, Impl}]}); + user(ModNUser, {ok, [{Mod, Impl}], []}); Else -> Else end; @@ -98,9 +98,10 @@ try_authenticate(Module, Username, AuthProps) -> try_authorize(Modules, Username) -> lists:foldr( - fun (Module, {ok, ModsImpls}) -> + fun (Module, {ok, ModsImpls, ModsTags}) -> case Module:user_login_authorization(Username) of - {ok, Impl} -> {ok, [{Module, Impl} | ModsImpls]}; + {ok, Impl, Tags}-> {ok, [{Module, Impl} | ModsImpls], ModsTags ++ Tags}; + {ok, Impl} -> {ok, [{Module, Impl} | ModsImpls], ModsTags}; {error, E} -> {refused, Username, "~s failed authorizing ~s: ~p~n", [Module, Username, E]}; @@ -108,11 +109,11 @@ try_authorize(Modules, Username) -> end; (_, {refused, F, A}) -> {refused, Username, F, A} - end, {ok, []}, Modules). + end, {ok, [], []}, Modules). -user(#auth_user{username = Username, tags = Tags}, {ok, ModZImpls}) -> +user(#auth_user{username = Username, tags = Tags}, {ok, ModZImpls, ModZTags}) -> {ok, #user{username = Username, - tags = Tags, + tags = Tags ++ ModZTags, authz_backends = ModZImpls}}; user(_AuthUser, Error) -> Error. diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl index e53ce50c22..2b2a0ba20e 100644 --- a/src/rabbit_auth_backend_internal.erl +++ b/src/rabbit_auth_backend_internal.erl @@ -92,8 +92,8 @@ user_login_authentication(Username, AuthProps) -> user_login_authorization(Username) -> case user_login_authentication(Username, []) of - {ok, #auth_user{impl = Impl}} -> {ok, Impl}; - Else -> Else + {ok, #auth_user{impl = Impl, tags = Tags}} -> {ok, Impl, Tags}; + Else -> Else end. internal_check_user_login(Username, Fun) -> diff --git a/src/rabbit_authz_backend.erl b/src/rabbit_authz_backend.erl index 12364b654b..495a79695d 100644 --- a/src/rabbit_authz_backend.erl +++ b/src/rabbit_authz_backend.erl @@ -29,13 +29,15 @@ %% %% Possible responses: %% {ok, Impl} -%% User authorisation succeeded, and here's the impl field. +%% {ok, Impl, Tags} +%% User authorisation succeeded, and here's the impl and potential extra tags fields. %% {error, Error} %% Something went wrong. Log and die. %% {refused, Msg, Args} %% User authorisation failed. Log and die. -callback user_login_authorization(rabbit_types:username()) -> {'ok', any()} | + {'ok', any(), any()} | {'refused', string(), [any()]} | {'error', any()}. |