open-vault/vault/capabilities.go

61 lines
1.2 KiB
Go
Raw Normal View History

2016-03-03 02:32:52 +00:00
package vault
2016-03-18 16:40:17 +00:00
import "sort"
// Struct to identify user input errors.
// This is helpful in responding the appropriate status codes to clients
// from the HTTP endpoints.
2016-03-09 02:47:24 +00:00
type StatusBadRequest struct {
Err string
}
// Implementing error interface
func (s *StatusBadRequest) Error() string {
return s.Err
}
2016-03-03 02:32:52 +00:00
// Capabilities is used to fetch the capabilities of the given token on the given path
func (c *Core) Capabilities(token, path string) ([]string, error) {
2016-03-03 02:32:52 +00:00
if path == "" {
return nil, &StatusBadRequest{Err: "missing path"}
2016-03-03 02:32:52 +00:00
}
if token == "" {
return nil, &StatusBadRequest{Err: "missing token"}
2016-03-03 02:32:52 +00:00
}
te, err := c.tokenStore.Lookup(token)
if err != nil {
return nil, err
}
if te == nil {
return nil, &StatusBadRequest{Err: "invalid token"}
2016-03-03 02:32:52 +00:00
}
if te.Policies == nil {
return []string{DenyCapability}, nil
2016-03-03 02:32:52 +00:00
}
var policies []*Policy
2016-03-03 02:32:52 +00:00
for _, tePolicy := range te.Policies {
policy, err := c.policyStore.GetPolicy(tePolicy)
if err != nil {
return nil, err
}
policies = append(policies, policy)
}
if len(policies) == 0 {
return []string{DenyCapability}, nil
}
acl, err := NewACL(policies)
if err != nil {
return nil, err
}
2016-03-18 16:40:17 +00:00
capabilities := acl.Capabilities(path)
sort.Strings(capabilities)
return capabilities, nil
2016-03-03 02:32:52 +00:00
}