eb6f2a8d72
And use it from the subscribe endpoint.
23 lines
595 B
Go
23 lines
595 B
Go
package subscribe
|
|
|
|
import (
|
|
"github.com/hashicorp/consul/acl"
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
|
)
|
|
|
|
// EnforceACL takes an acl.Authorizer and returns the decision for whether the
|
|
// event is allowed to be sent to this client or not.
|
|
func enforceACL(authz acl.Authorizer, e stream.Event) acl.EnforcementDecision {
|
|
switch {
|
|
case e.IsEndOfSnapshot(), e.IsNewSnapshotToFollow():
|
|
return acl.Allow
|
|
}
|
|
|
|
switch p := e.Payload.(type) {
|
|
case state.EventPayloadCheckServiceNode:
|
|
return p.Value.CanRead(authz)
|
|
}
|
|
return acl.Deny
|
|
}
|