You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ra...@apache.org on 2017/07/15 23:19:12 UTC
[incubator-openwhisk] branch master updated: Remove redundancy in
entitlement checks. (#2496)
This is an automated email from the ASF dual-hosted git repository.
rabbah pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 0757ded Remove redundancy in entitlement checks. (#2496)
0757ded is described below
commit 0757ded2f183429596b68171fb220a5e2d0b91f1
Author: Markus Thömmes <ma...@me.com>
AuthorDate: Sun Jul 16 01:19:09 2017 +0200
Remove redundancy in entitlement checks. (#2496)
Checking proper package access rights is done on a deeper level. Disambiguating here is redundant.
---
.../src/main/scala/whisk/core/controller/Actions.scala | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/core/controller/src/main/scala/whisk/core/controller/Actions.scala b/core/controller/src/main/scala/whisk/core/controller/Actions.scala
index 6c1db7c..eeb0b6a 100644
--- a/core/controller/src/main/scala/whisk/core/controller/Actions.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/Actions.scala
@@ -28,7 +28,6 @@ import org.apache.kafka.common.errors.RecordTooLargeException
import akka.actor.ActorSystem
import spray.http.HttpMethod
-import spray.http.HttpMethods._
import spray.http.StatusCodes._
import spray.httpx.SprayJsonSupport._
import spray.httpx.unmarshalling._
@@ -133,24 +132,19 @@ trait WhiskActionsApi
// matched /namespace/collection/package-name/action-name
// this is an action in a named package
val packageDocId = FullyQualifiedEntityName(ns, EntityName(outername)).toDocId
- val packageResource = Resource(ns, Collection(Collection.PACKAGES), Some(outername))
+ val packageResource = Resource(ns.addPath(EntityName(outername)), collection, Some(innername))
- val right = if (m == GET || m == POST) Privilege.READ else collection.determineRight(m, Some(innername))
+ val right = collection.determineRight(m, Some(innername))
onComplete(entitlementProvider.check(user, right, packageResource)) {
case Success(_) =>
getEntity(WhiskPackage, entityStore, packageDocId, Some {
- if (right == Privilege.READ) {
+ if (right == Privilege.READ || right == Privilege.ACTIVATE) {
// need to merge package with action, hence authorize subject for package
// access (if binding, then subject must be authorized for both the binding
// and the referenced package)
//
// NOTE: it is an error if either the package or the action does not exist,
// the former manifests as unauthorized and the latter as not found
- //
- // a GET (READ) and POST (ACTIVATE) resolve to a READ right on the package;
- // it may be desirable to separate these but currently the PACKAGES collection
- // does not allow ACTIVATE since it does not make sense to activate a package
- // but rather an action in the package
mergeActionWithPackageAndDispatch(m, user, EntityName(innername)) _
} else {
// these packaged action operations do not need merging with the package,
--
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].