You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@teaclave.apache.org by GitBox <gi...@apache.org> on 2020/06/02 23:07:14 UTC
[GitHub] [incubator-teaclave] m4sterchain commented on a change in pull request #330: Solve the problem that the external link of the input file or output …
m4sterchain commented on a change in pull request #330:
URL: https://github.com/apache/incubator-teaclave/pull/330#discussion_r434221570
##########
File path: services/management/enclave/src/service.rs
##########
@@ -90,6 +91,37 @@ impl TeaclaveManagement for TeaclaveManagementService {
Ok(response)
}
+ // access control: none
+ fn update_input_file(
+ &self,
+ request: Request<UpdateInputFileRequest>,
+ ) -> TeaclaveServiceResponseResult<UpdateInputFileResponse> {
+ let user_id = self.get_request_user_id(request.metadata())?;
+ let request = request.message;
+
+ let old_input_file: TeaclaveInputFile = self
+ .read_from_db(&request.data_id)
+ .map_err(|_| ServiceError::PermissionDenied)?;
+
+ ensure!(
+ old_input_file.owner.contains(&user_id),
Review comment:
file.owner == vec![user_id]
##########
File path: services/management/enclave/src/service.rs
##########
@@ -106,6 +138,33 @@ impl TeaclaveManagement for TeaclaveManagementService {
Ok(response)
}
+ // access control: none
Review comment:
Same as above.
##########
File path: services/management/enclave/src/service.rs
##########
@@ -90,6 +91,37 @@ impl TeaclaveManagement for TeaclaveManagementService {
Ok(response)
}
+ // access control: none
Review comment:
// 1. exisiting_file.owner_list.len() == 1
// 2. user_id in existing_file.owner_list
##########
File path: services/management/enclave/src/service.rs
##########
@@ -90,6 +91,37 @@ impl TeaclaveManagement for TeaclaveManagementService {
Ok(response)
}
+ // access control: none
+ fn update_input_file(
+ &self,
+ request: Request<UpdateInputFileRequest>,
+ ) -> TeaclaveServiceResponseResult<UpdateInputFileResponse> {
+ let user_id = self.get_request_user_id(request.metadata())?;
+ let request = request.message;
+
+ let old_input_file: TeaclaveInputFile = self
+ .read_from_db(&request.data_id)
+ .map_err(|_| ServiceError::PermissionDenied)?;
+
+ ensure!(
+ old_input_file.owner.contains(&user_id),
+ ServiceError::PermissionDenied
+ );
+
+ let input_file = TeaclaveInputFile::new(
+ request.url,
+ old_input_file.cmac,
+ old_input_file.crypto_info,
+ vec![user_id],
Review comment:
We should preserve the old_input_file's owner list, update only the url field.
##########
File path: services/management/enclave/src/service.rs
##########
@@ -106,6 +138,33 @@ impl TeaclaveManagement for TeaclaveManagementService {
Ok(response)
}
+ // access control: none
+ fn update_output_file(
+ &self,
+ request: Request<UpdateOutputFileRequest>,
+ ) -> TeaclaveServiceResponseResult<UpdateOutputFileResponse> {
+ let user_id = self.get_request_user_id(request.metadata())?;
+ let request = request.message;
+
+ let old_output_file: TeaclaveOutputFile = self
+ .read_from_db(&request.data_id)
+ .map_err(|_| ServiceError::PermissionDenied)?;
+
+ ensure!(
+ old_output_file.owner.contains(&user_id),
+ ServiceError::PermissionDenied
+ );
+
+ let output_file =
+ TeaclaveOutputFile::new(request.url, old_output_file.crypto_info, vec![user_id]);
Review comment:
We should preserve the old_input_file's owner list, update only the url field.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@teaclave.apache.org
For additional commands, e-mail: notifications-help@teaclave.apache.org