open-vault/vault/capabilities.go

package vault

import (
	"fmt"

	"github.com/hashicorp/errwrap"
)

// Capabilities is used to fetch the capabilities of the given token on the given path
func (c *Core) Capabilities(token, path string) ([]string, error) {
	if path == "" {
		return nil, errwrap.Wrapf("{{err}}", fmt.Errorf("missing path"))
	}

	if token == "" {
		return nil, errwrap.Wrapf("{{err}}", fmt.Errorf("missing token"))
	}

	te, err := c.tokenStore.Lookup(token)
	if err != nil {
		return nil, err
	}
	if te == nil {
		return nil, errwrap.Wrapf("{{err}}", fmt.Errorf("invalid token"))
	}

	if te.Policies == nil {
		return []string{DenyCapability}, nil
	}

	var policies []*Policy
	for _, tePolicy := range te.Policies {
		policy, err := c.policyStore.GetPolicy(tePolicy)
		if err != nil {
			return nil, err
		}
		policies = append(policies, policy)
	}

	if len(policies) == 0 {
		return []string{DenyCapability}, nil
	}

	acl, err := NewACL(policies)
	if err != nil {
		return nil, err
	}

	return acl.Capabilities(path), nil
}
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`package vault`

use errwrap to check the type of error message, fix typos 2016-03-07 23:36:26 +00:00			`import (`
			`"fmt"`

			`"github.com/hashicorp/errwrap"`
			`)`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00
			`// Capabilities is used to fetch the capabilities of the given token on the given path`
refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`func (c *Core) Capabilities(token, path string) ([]string, error) {`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`if path == "" {`
use errwrap to check the type of error message, fix typos 2016-03-07 23:36:26 +00:00			`return nil, errwrap.Wrapf("{{err}}", fmt.Errorf("missing path"))`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

			`if token == "" {`
use errwrap to check the type of error message, fix typos 2016-03-07 23:36:26 +00:00			`return nil, errwrap.Wrapf("{{err}}", fmt.Errorf("missing token"))`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

			`te, err := c.tokenStore.Lookup(token)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if te == nil {`
use errwrap to check the type of error message, fix typos 2016-03-07 23:36:26 +00:00			`return nil, errwrap.Wrapf("{{err}}", fmt.Errorf("invalid token"))`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

			`if te.Policies == nil {`
refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`return []string{DenyCapability}, nil`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

Adding acl.Capabilities to do the path matching 2016-03-04 17:04:26 +00:00			`var policies []*Policy`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`for _, tePolicy := range te.Policies {`
			`policy, err := c.policyStore.GetPolicy(tePolicy)`
			`if err != nil {`
			`return nil, err`
			`}`
Adding acl.Capabilities to do the path matching 2016-03-04 17:04:26 +00:00			`policies = append(policies, policy)`
			`}`

			`if len(policies) == 0 {`
refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`return []string{DenyCapability}, nil`
Adding acl.Capabilities to do the path matching 2016-03-04 17:04:26 +00:00			`}`

			`acl, err := NewACL(policies)`
			`if err != nil {`
			`return nil, err`
			`}`

refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`return acl.Capabilities(path), nil`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`