3 files changed, 20 insertions, 3 deletions

diff --git a/include/rabbit.hrl b/include/rabbit.hrl
index 3fd525686b..e888b43030 100644
--- a/include/rabbit.hrl
+++ b/include/rabbit.hrl
@@ -30,7 +30,7 @@
 %%
 
 -record(user, {username, password}).
--record(permission, {configure, write, read}).
+-record(permission, {check_all, configure, write, read}).
 -record(user_vhost, {username, virtual_host}).
 -record(user_permission, {user_vhost, permission}).
 
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index 7d1839bb6e..a5d624d7cb 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -38,7 +38,7 @@
 -export([add_user/2, delete_user/1, change_password/2, list_users/0,
          lookup_user/1]).
 -export([add_vhost/1, delete_vhost/1, list_vhosts/0]).
--export([set_permissions/5, clear_permissions/2,
+-export([set_permissions/5, set_permissions_all/5, clear_permissions/2,
          list_vhost_permissions/1, list_user_permissions/1]).
 
 %%----------------------------------------------------------------------------
@@ -149,6 +149,7 @@ check_vhost_access(#user{username = Username}, VHostPath) ->
               [VHostPath, Username])
     end.
 
+permission_index(check_all) -> #permission.check_all;
 permission_index(configure) -> #permission.configure;
 permission_index(write)     -> #permission.write;
 permission_index(read)      -> #permission.read.
@@ -306,7 +307,8 @@ validate_regexp(RegexpBin) ->
         {error, Reason} -> throw({error, {invalid_regexp, Regexp, Reason}})
     end.
 
-set_permissions(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
+set_permissions_internal(Username, VHostPath, CheckAll, ConfigurePerm,
+                         WritePerm, ReadPerm) ->
     lists:map(fun validate_regexp/1, [ConfigurePerm, WritePerm, ReadPerm]),
     rabbit_misc:execute_mnesia_transaction(
       rabbit_misc:with_user_and_vhost(
@@ -317,12 +319,21 @@ set_permissions(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
                                             username = Username,
                                             virtual_host = VHostPath},
                                           permission = #permission{
+                                            check_all = CheckAll,
                                             configure = ConfigurePerm,
                                             write = WritePerm,
                                             read = ReadPerm}},
                          write)
         end)).
 
+set_permissions(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
+    set_permissions_internal(Username, VHostPath, 'false', ConfigurePerm,
+                             WritePerm, ReadPerm).
+
+set_permissions_all(Username, VHostPath, ConfigurePerm, WritePerm, ReadPerm) ->
+    set_permissions_internal(Username, VHostPath, 'true', ConfigurePerm,
+                             WritePerm, ReadPerm).
+
 clear_permissions(Username, VHostPath) ->
     rabbit_misc:execute_mnesia_transaction(
       rabbit_misc:with_user_and_vhost(
diff --git a/src/rabbit_control.erl b/src/rabbit_control.erl
index 6e6ad06cb3..8906832998 100644
--- a/src/rabbit_control.erl
+++ b/src/rabbit_control.erl
@@ -276,6 +276,12 @@ action(set_permissions, Node, VHost, [Username, CPerm, WPerm, RPerm], Inform) ->
     call(Node, {rabbit_access_control, set_permissions,
                 [Username, VHost, CPerm, WPerm, RPerm]});
 
+action(set_permissions_all, Node, VHost, [Username, CPerm, WPerm, RPerm], Inform) ->
+    Inform("Setting permissions for all resources for user ~p in vhost ~p",
+           [Username, VHost]),
+    call(Node, {rabbit_access_control, set_permissions_all,
+                [Username, VHost, CPerm, WPerm, RPerm]});
+
 action(clear_permissions, Node, VHost, [Username], Inform) ->
     Inform("Clearing permissions for user ~p in vhost ~p", [Username, VHost]),
     call(Node, {rabbit_access_control, clear_permissions, [Username, VHost]});