You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2020/08/06 17:03:35 UTC

[GitHub] [openwhisk] bkemburu commented on a change in pull request #4935: Execute Only for Shared Actions

bkemburu commented on a change in pull request #4935:
URL: https://github.com/apache/openwhisk/pull/4935#discussion_r466556037



##########
File path: core/controller/src/main/scala/org/apache/openwhisk/core/controller/Actions.scala
##########
@@ -341,26 +350,58 @@ trait WhiskActionsApi extends WhiskCollectionAPI with PostActionActivation with
   override def fetch(user: Identity, entityName: FullyQualifiedEntityName, env: Option[Parameters])(
     implicit transid: TransactionId) = {
     parameter('code ? true) { code =>
-      code match {
-        case true =>
-          getEntity(WhiskAction.resolveActionAndMergeParameters(entityStore, entityName), Some { action: WhiskAction =>
-            val mergedAction = env map {
-              action inherit _
-            } getOrElse action
-            complete(OK, mergedAction)
-          })
-        case false =>
-          getEntity(WhiskActionMetaData.resolveActionAndMergeParameters(entityStore, entityName), Some {
-            action: WhiskActionMetaData =>
-              val mergedAction = env map {
-                action inherit _
-              } getOrElse action
-              complete(OK, mergedAction)
-          })
-      }
+      //check if execute only is enabled, and if there is a discrepancy between the current user's namespace
+      //and that of the entity we are trying to fetch
+     if (executeOnly && user.namespace.name.toString != entityName.namespace.toString) {
+        val value = entityName.path
+        terminate(StatusCode.int2StatusCode(403), s"GET not permitted for '$value' since it's an action in a shared package")
+      } else {
+        code match {

Review comment:
       Code originally had code match structure so I didn't modify this.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org