summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/rabbit.erl6
-rw-r--r--src/rabbit_access_control.erl78
-rw-r--r--src/rabbit_control.erl42
-rw-r--r--src/rabbit_mnesia.erl6
-rw-r--r--src/rabbit_tests.erl26
5 files changed, 96 insertions, 62 deletions
diff --git a/src/rabbit.erl b/src/rabbit.erl
index 30b8c39475..7ad13a7d28 100644
--- a/src/rabbit.erl
+++ b/src/rabbit.erl
@@ -264,9 +264,13 @@ insert_default_data() ->
{ok, DefaultUser} = application:get_env(default_user),
{ok, DefaultPass} = application:get_env(default_pass),
{ok, DefaultVHost} = application:get_env(default_vhost),
+ {ok, [DefaultConfigurationPerm, DefaultMessagingPerm]} =
+ application:get_env(default_permissions),
ok = rabbit_access_control:add_vhost(DefaultVHost),
ok = rabbit_access_control:add_user(DefaultUser, DefaultPass),
- ok = rabbit_access_control:map_user_vhost(DefaultUser, DefaultVHost),
+ ok = rabbit_access_control:set_permissions(DefaultUser, DefaultVHost,
+ DefaultConfigurationPerm,
+ DefaultMessagingPerm),
ok.
start_builtin_amq_applications() ->
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl
index e248575b60..177e6f20c0 100644
--- a/src/rabbit_access_control.erl
+++ b/src/rabbit_access_control.erl
@@ -38,7 +38,7 @@
-export([add_user/2, delete_user/1, change_password/2, list_users/0,
lookup_user/1]).
-export([add_vhost/1, delete_vhost/1, list_vhosts/0, list_vhost_users/1]).
--export([list_user_vhosts/1, map_user_vhost/2, unmap_user_vhost/2]).
+-export([list_user_vhosts/1, set_permissions/4, clear_permissions/2]).
%%----------------------------------------------------------------------------
@@ -57,8 +57,8 @@
-spec(list_vhosts/0 :: () -> [vhost()]).
-spec(list_vhost_users/1 :: (vhost()) -> [username()]).
-spec(list_user_vhosts/1 :: (username()) -> [vhost()]).
--spec(map_user_vhost/2 :: (username(), vhost()) -> 'ok').
--spec(unmap_user_vhost/2 :: (username(), vhost()) -> 'ok').
+-spec(set_permissions/4 :: (username(), vhost(), regexp(), regexp()) -> 'ok').
+-spec(clear_permissions/2 :: (username(), vhost()) -> 'ok').
-endif.
@@ -112,10 +112,9 @@ internal_lookup_vhost_access(Username, VHostPath) ->
%% TODO: use dirty ops instead
rabbit_misc:execute_mnesia_transaction(
fun () ->
- case mnesia:match_object(
- #user_permission{username = Username,
- virtual_host = VHostPath,
- _ = '_'}) of
+ case mnesia:read({user_permission,
+ #user_vhost{username = Username,
+ virtual_host = VHostPath}}) of
[] -> not_found;
[R] -> {ok, R}
end
@@ -152,7 +151,13 @@ delete_user(Username) ->
Username,
fun () ->
ok = mnesia:delete({user, Username}),
- ok = mnesia:delete({user_permission, Username})
+ [ok = mnesia:delete_object(R) ||
+ R <- mnesia:match_object(
+ #user_permission{user_vhost = #user_vhost{
+ username = Username,
+ virtual_host = '_'},
+ permission = '_'})],
+ ok
end)),
rabbit_log:info("Deleted user ~p~n", [Username]),
R.
@@ -222,7 +227,7 @@ internal_delete_vhost(VHostPath) ->
end,
rabbit_exchange:list(VHostPath)),
lists:foreach(fun (Username) ->
- ok = unmap_user_vhost(Username, VHostPath)
+ ok = clear_permissions(Username, VHostPath)
end,
list_vhost_users(VHostPath)),
ok = mnesia:delete({vhost, VHostPath}),
@@ -233,47 +238,62 @@ list_vhosts() ->
list_vhost_users(VHostPath) ->
[Username ||
- #user_permission{username = Username} <-
+ #user_permission{user_vhost = #user_vhost{username = Username}} <-
%% TODO: use dirty ops instead
rabbit_misc:execute_mnesia_transaction(
rabbit_misc:with_vhost(
VHostPath,
- fun () -> mnesia:index_read(user_permission, VHostPath,
- #user_permission.virtual_host)
+ fun () -> mnesia:match_object(
+ #user_permission{user_vhost = #user_vhost{
+ username = '_',
+ virtual_host = VHostPath},
+ permission = '_'})
end))].
list_user_vhosts(Username) ->
[VHostPath ||
- #user_permission{virtual_host = VHostPath} <-
+ #user_permission{user_vhost = #user_vhost{virtual_host = VHostPath}} <-
%% TODO: use dirty ops instead
rabbit_misc:execute_mnesia_transaction(
rabbit_misc:with_user(
Username,
- fun () -> mnesia:read({user_permission, Username}) end))].
+ fun () -> mnesia:match_object(
+ #user_permission{user_vhost = #user_vhost{
+ username = Username,
+ virtual_host = '_'},
+ permission = '_'})
+ end))].
+
+validate_regexp(RegexpBin) ->
+ Regexp = binary_to_list(RegexpBin),
+ case regexp:parse(Regexp) of
+ {ok, _} -> ok;
+ {error, Reason} -> throw({error, {invalid_regexp, Regexp, Reason}})
+ end.
-map_user_vhost(Username, VHostPath) ->
+set_permissions(Username, VHostPath, ConfigurationPerm, MessagingPerm) ->
+ validate_regexp(ConfigurationPerm),
+ validate_regexp(MessagingPerm),
rabbit_misc:execute_mnesia_transaction(
rabbit_misc:with_user_and_vhost(
Username, VHostPath,
- fun () ->
- ok = mnesia:write(
- #user_permission{username = Username,
- virtual_host = VHostPath,
- permission = #permission{
- configuration = ".*",
- messaging = ".*"}})
+ fun () -> ok = mnesia:write(
+ #user_permission{user_vhost = #user_vhost{
+ username = Username,
+ virtual_host = VHostPath},
+ permission = #permission{
+ configuration = ConfigurationPerm,
+ messaging = MessagingPerm}})
end)).
-unmap_user_vhost(Username, VHostPath) ->
+
+clear_permissions(Username, VHostPath) ->
rabbit_misc:execute_mnesia_transaction(
rabbit_misc:with_user_and_vhost(
Username, VHostPath,
fun () ->
- [ok = mnesia:delete_object(R) ||
- R <- mnesia:match_object(
- #user_permission{username = Username,
- virtual_host = VHostPath,
- _ = '_'})],
- ok
+ ok = mnesia:delete({user_permission,
+ #user_vhost{username = Username,
+ virtual_host = VHostPath}})
end)).
diff --git a/src/rabbit_control.erl b/src/rabbit_control.erl
index cbc11b4031..d897b3e9f8 100644
--- a/src/rabbit_control.erl
+++ b/src/rabbit_control.erl
@@ -114,8 +114,8 @@ Available commands:
delete_vhost <VHostPath>
list_vhosts
- map_user_vhost <UserName> <VHostPath>
- unmap_user_vhost <UserName> <VHostPath>
+ set_permissions [-p <VHostPath>] <UserName> <Permission> <Permission>
+ clear_permissions [-p <VHostPath>] <UserName>
list_user_vhosts <UserName>
list_vhost_users <VHostPath>
@@ -223,13 +223,17 @@ action(list_vhosts, Node, [], Inform) ->
Inform("Listing vhosts", []),
display_list(call(Node, {rabbit_access_control, list_vhosts, []}));
-action(map_user_vhost, Node, Args = [_Username, _VHostPath], Inform) ->
- Inform("Mapping user ~p to vhost ~p", Args),
- call(Node, {rabbit_access_control, map_user_vhost, Args});
+action(set_permissions, Node, Args, Inform) ->
+ {VHost, [Username, ConfigurationPerm, MessagingPerm]} =
+ parse_vhost_flag(Args),
+ Inform("Setting permissions for user ~p in vhost ~p", [Username, VHost]),
+ call(Node, {rabbit_access_control, set_permissions,
+ [Username, VHost, ConfigurationPerm, MessagingPerm]});
-action(unmap_user_vhost, Node, Args = [_Username, _VHostPath], Inform) ->
- Inform("Unmapping user ~p from vhost ~p", Args),
- call(Node, {rabbit_access_control, unmap_user_vhost, Args});
+action(clear_permissions, Node, Args, Inform) ->
+ {VHost, [Username]} = parse_vhost_flag(Args),
+ Inform("Clearing permissions for user ~p in vhost ~p", [Username, VHost]),
+ call(Node, {rabbit_access_control, clear_permissions, [Username, VHost]});
action(list_user_vhosts, Node, Args = [_Username], Inform) ->
Inform("Listing vhosts for user ~p", Args),
@@ -241,7 +245,7 @@ action(list_vhost_users, Node, Args = [_VHostPath], Inform) ->
action(list_queues, Node, Args, Inform) ->
Inform("Listing queues", []),
- {VHostArg, RemainingArgs} = parse_vhost_flag(Args),
+ {VHostArg, RemainingArgs} = parse_vhost_flag_bin(Args),
ArgAtoms = list_replace(node, pid,
default_if_empty(RemainingArgs, [name, messages])),
display_info_list(rpc_call(Node, rabbit_amqqueue, info_all,
@@ -250,7 +254,7 @@ action(list_queues, Node, Args, Inform) ->
action(list_exchanges, Node, Args, Inform) ->
Inform("Listing exchanges", []),
- {VHostArg, RemainingArgs} = parse_vhost_flag(Args),
+ {VHostArg, RemainingArgs} = parse_vhost_flag_bin(Args),
ArgAtoms = default_if_empty(RemainingArgs, [name, type]),
display_info_list(rpc_call(Node, rabbit_exchange, info_all,
[VHostArg, ArgAtoms]),
@@ -258,7 +262,7 @@ action(list_exchanges, Node, Args, Inform) ->
action(list_bindings, Node, Args, Inform) ->
Inform("Listing bindings", []),
- {VHostArg, _} = parse_vhost_flag(Args),
+ {VHostArg, _} = parse_vhost_flag_bin(Args),
InfoKeys = [exchange_name, routing_key, queue_name, args],
display_info_list(
[lists:zip(InfoKeys, tuple_to_list(X)) ||
@@ -275,12 +279,16 @@ action(list_connections, Node, Args, Inform) ->
ArgAtoms).
parse_vhost_flag(Args) when is_list(Args) ->
- case Args of
- ["-p", VHost | RemainingArgs] ->
- {list_to_binary(VHost), RemainingArgs};
- RemainingArgs ->
- {<<"/">>, RemainingArgs}
- end.
+ case Args of
+ ["-p", VHost | RemainingArgs] ->
+ {VHost, RemainingArgs};
+ RemainingArgs ->
+ {"/", RemainingArgs}
+ end.
+
+parse_vhost_flag_bin(Args) ->
+ {VHost, RemainingArgs} = parse_vhost_flag(Args),
+ {list_to_binary(VHost), RemainingArgs}.
default_if_empty(List, Default) when is_list(List) ->
if List == [] ->
diff --git a/src/rabbit_mnesia.erl b/src/rabbit_mnesia.erl
index 31c0efbed7..b7f3dd0a89 100644
--- a/src/rabbit_mnesia.erl
+++ b/src/rabbit_mnesia.erl
@@ -102,10 +102,8 @@ force_reset() -> reset(true).
table_definitions() ->
[{user, [{disc_copies, [node()]},
{attributes, record_info(fields, user)}]},
- {user_permission, [{type, bag},
- {disc_copies, [node()]},
- {attributes, record_info(fields, user_permission)},
- {index, [virtual_host]}]},
+ {user_permission, [{disc_copies, [node()]},
+ {attributes, record_info(fields, user_permission)}]},
{vhost, [{disc_copies, [node()]},
{attributes, record_info(fields, vhost)}]},
{rabbit_config, [{disc_copies, [node()]}]},
diff --git a/src/rabbit_tests.erl b/src/rabbit_tests.erl
index df2e71d9e6..26398f9b46 100644
--- a/src/rabbit_tests.erl
+++ b/src/rabbit_tests.erl
@@ -444,17 +444,18 @@ test_user_management() ->
{error, {no_such_vhost, _}} =
control_action(delete_vhost, ["/testhost"]),
{error, {no_such_user, _}} =
- control_action(map_user_vhost, ["foo", "/"]),
+ control_action(set_permissions, ["foo", ".*", ".*"]),
{error, {no_such_user, _}} =
- control_action(unmap_user_vhost, ["foo", "/"]),
+ control_action(clear_permissions, ["foo"]),
{error, {no_such_user, _}} =
control_action(list_user_vhosts, ["foo"]),
{error, {no_such_vhost, _}} =
- control_action(map_user_vhost, ["guest", "/testhost"]),
- {error, {no_such_vhost, _}} =
- control_action(unmap_user_vhost, ["guest", "/testhost"]),
- {error, {no_such_vhost, _}} =
control_action(list_vhost_users, ["/testhost"]),
+ {error, {invalid_regexp, _, _}} =
+ control_action(set_permissions, ["guest", "+foo", ".*"]),
+ {error, {invalid_regexp, _, _}} =
+ control_action(set_permissions, ["guest", ".*", "+foo"]),
+
%% user creation
ok = control_action(add_user, ["foo", "bar"]),
{error, {user_already_exists, _}} =
@@ -469,13 +470,15 @@ test_user_management() ->
ok = control_action(list_vhosts, []),
%% user/vhost mapping
- ok = control_action(map_user_vhost, ["foo", "/testhost"]),
- ok = control_action(map_user_vhost, ["foo", "/testhost"]),
+ ok = control_action(set_permissions, ["-p", "/testhost",
+ "foo", ".*", ".*"]),
+ ok = control_action(set_permissions, ["-p", "/testhost",
+ "foo", ".*", ".*"]),
ok = control_action(list_user_vhosts, ["foo"]),
%% user/vhost unmapping
- ok = control_action(unmap_user_vhost, ["foo", "/testhost"]),
- ok = control_action(unmap_user_vhost, ["foo", "/testhost"]),
+ ok = control_action(clear_permissions, ["-p", "/testhost", "foo"]),
+ ok = control_action(clear_permissions, ["-p", "/testhost", "foo"]),
%% vhost deletion
ok = control_action(delete_vhost, ["/testhost"]),
@@ -484,7 +487,8 @@ test_user_management() ->
%% deleting a populated vhost
ok = control_action(add_vhost, ["/testhost"]),
- ok = control_action(map_user_vhost, ["foo", "/testhost"]),
+ ok = control_action(set_permissions, ["-p", "/testhost",
+ "foo", ".*", ".*"]),
ok = control_action(delete_vhost, ["/testhost"]),
%% user deletion
View Lorry Controller Status