3 files changed, 16 insertions, 47 deletions

diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index 59c008489a..7fce7bd080 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -19,16 +19,15 @@
 -include("rabbit.hrl").
 
 -export([check_user_pass_login/2, check_user_login/2,
-         check_vhost_access/2, check_resource_access/3, list_vhosts/2]).
+         check_vhost_access/2, check_resource_access/3]).
 
 %%----------------------------------------------------------------------------
 
 -ifdef(use_specs).
 
--export_type([permission_atom/0, vhost_permission_atom/0]).
+-export_type([permission_atom/0]).
 
 -type(permission_atom() :: 'configure' | 'read' | 'write').
--type(vhost_permission_atom() :: 'read' | 'write').
 
 -spec(check_user_pass_login/2 ::
         (rabbit_types:username(), rabbit_types:password())
@@ -39,8 +38,6 @@
 -spec(check_resource_access/3 ::
         (rabbit_types:user(), rabbit_types:r(atom()), permission_atom())
         -> 'ok' | rabbit_types:channel_exit()).
--spec(list_vhosts/2 :: (rabbit_types:user(), vhost_permission_atom())
-                       -> [rabbit_types:vhost()]).
 
 -endif.
 
@@ -104,21 +101,3 @@ check_access(Fun, ErrStr, ErrArgs, RefStr, RefArgs) ->
         false ->
             rabbit_misc:protocol_error(access_refused, RefStr, RefArgs)
     end.
-
-%% Permission = write -> log in
-%% Permission = read  -> learn of the existence of (only relevant for
-%%                       management plugin)
-list_vhosts(User = #user{username = Username, auth_backend = Module},
-            Permission) ->
-    lists:filter(
-      fun(VHost) ->
-              case Module:check_vhost_access(User, VHost, Permission) of
-                  {error, _} = E ->
-                      rabbit_log:warning("~w failed checking vhost access "
-                                         "to ~s for ~s: ~p~n",
-                                         [Module, VHost, Username, E]),
-                      false;
-                  Else ->
-                      Else
-              end
-      end, rabbit_vhost:list()).
diff --git a/src/rabbit_auth_backend.erl b/src/rabbit_auth_backend.erl
index 09820c5b11..ade158bb8c 100644
--- a/src/rabbit_auth_backend.erl
+++ b/src/rabbit_auth_backend.erl
@@ -36,17 +36,13 @@ behaviour_info(callbacks) ->
      %%     Client failed authentication. Log and die.
      {check_user_login, 2},
 
-     %% Given #user, vhost path and permission, can a user access a vhost?
-     %% Permission is read  - learn of the existence of (only relevant for
-     %%                       management plugin)
-     %%            or write - log in
-     %%
+     %% Given #user and vhost, can a user log in to a vhost?
      %% Possible responses:
      %% true
      %% false
      %% {error, Error}
      %%     Something went wrong. Log and die.
-     {check_vhost_access, 3},
+     {check_vhost_access, 2},
 
      %% Given #user, resource and permission, can a user access a resource?
      %%
diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl
index 96ada60381..6a018bd16d 100644
--- a/src/rabbit_auth_backend_internal.erl
+++ b/src/rabbit_auth_backend_internal.erl
@@ -20,7 +20,7 @@
 -behaviour(rabbit_auth_backend).
 
 -export([description/0]).
--export([check_user_login/2, check_vhost_access/3, check_resource_access/3]).
+-export([check_user_login/2, check_vhost_access/2, check_resource_access/3]).
 
 -export([add_user/2, delete_user/1, change_password/2, set_tags/2,
          list_users/0, user_info_keys/0, lookup_user/1, clear_password/1]).
@@ -110,23 +110,17 @@ internal_check_user_login(Username, Fun) ->
             Refused
     end.
 
-check_vhost_access(#user{username = Username, tags = Tags}, VHost, Mode) ->
-    Admin = lists:any(fun(T) -> lists:member(T, [administrator]) end, Tags),
-    case {Admin, Mode} of
-        {true, read} ->
-            true;
-        _ ->
-            %% TODO: use dirty ops instead
-            rabbit_misc:execute_mnesia_transaction(
-              fun () ->
-                      case mnesia:read({rabbit_user_permission,
-                                        #user_vhost{username     = Username,
-                                                    virtual_host = VHost}}) of
-                          []   -> false;
-                          [_R] -> true
-                      end
-              end)
-    end.
+check_vhost_access(#user{username = Username}, VHost) ->
+    %% TODO: use dirty ops instead
+    rabbit_misc:execute_mnesia_transaction(
+      fun () ->
+              case mnesia:read({rabbit_user_permission,
+                                #user_vhost{username     = Username,
+                                            virtual_host = VHost}}) of
+                  []   -> false;
+                  [_R] -> true
+              end
+      end).
 
 check_resource_access(#user{username = Username},
                       #resource{virtual_host = VHostPath, name = Name},