You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2018/08/07 05:44:09 UTC

[GitHub] upgle commented on a change in pull request #3880: Modify that web action in the bound package can be accessed.

upgle commented on a change in pull request #3880: Modify that web action in the bound package can be accessed.
URL: https://github.com/apache/incubator-openwhisk/pull/3880#discussion_r208104271
 
 

 ##########
 File path: core/controller/src/main/scala/whisk/core/controller/WebActions.scala
 ##########
 @@ -552,8 +552,11 @@ trait WhiskWebActionsApi extends Directives with ValidateRequestSize with PostAc
         if (a.namespace.defaultPackage) {
           Future.successful(a)
         } else {
-          pkgLookup(a.namespace.toFullyQualifiedEntityName) map { pkg =>
-            (a.inherit(pkg.parameters))
+          // if action is not in the default package, then check entitlement
+          checkEntitlement(actionOwnerIdentity, a) flatMap { _ =>
+            pkgLookup(a.namespace.toFullyQualifiedEntityName) map { pkg =>
+              (a.inherit(pkg.parameters))
+            }
 
 Review comment:
   @rabbah 
   yes, I agree that it looks complicated. so I've changed some codes. (removed `pkgLookup` method which is not necessary anymore)
   
   1. action in a default package no need to resolve, just check entitlement and if it isexported.
   2. action in a bound package(new) is handled by `resolveActionAndMergeParameters()`, it would resolve action and merge parameters. 
   2. check whether action is in a proper package -> It check whether an action is exported by `confirmExportedAction()` method
   3. and all types of action is checked for entitlement and throttle by `checkEntitlement()` method
   
   please check changed code here
   
   ```scala
   private def verifyWebAction(actionName: FullyQualifiedEntityName, authenticated: Boolean)(
       implicit transid: TransactionId) = {
   
       // lookup the identity for the action namespace
       identityLookup(actionName.path.root) flatMap { actionOwnerIdentity =>
         confirmExportedAction(actionLookup(actionName), authenticated) flatMap { a =>
           checkEntitlement(actionOwnerIdentity, a) map { _ => (actionOwnerIdentity, a)}
         }
       }
     }
   ```
   
   https://github.com/apache/incubator-openwhisk/pull/3880/files#diff-a356e6b010b8aeb5ea7b6f7fec395038R535

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services