open-vault/vault/capabilities.go

package vault

// Struct to identify user input errors.
// This is helpful in responding the appropriate status codes to clients
// from the HTTP endpoints.
type StatusBadRequest struct {
	Err string
}

// Implementing error interface
func (s *StatusBadRequest) Error() string {
	return s.Err
}

// Capabilities is used to fetch the capabilities of the given token on the given path
func (c *Core) Capabilities(token, path string) ([]string, error) {
	if path == "" {
		return nil, &StatusBadRequest{Err: "missing path"}
	}

	if token == "" {
		return nil, &StatusBadRequest{Err: "missing token"}
	}

	te, err := c.tokenStore.Lookup(token)
	if err != nil {
		return nil, err
	}
	if te == nil {
		return nil, &StatusBadRequest{Err: "invalid token"}
	}

	if te.Policies == nil {
		return []string{DenyCapability}, nil
	}

	var policies []*Policy
	for _, tePolicy := range te.Policies {
		policy, err := c.policyStore.GetPolicy(tePolicy)
		if err != nil {
			return nil, err
		}
		policies = append(policies, policy)
	}

	if len(policies) == 0 {
		return []string{DenyCapability}, nil
	}

	acl, err := NewACL(policies)
	if err != nil {
		return nil, err
	}

	return acl.Capabilities(path), nil
}
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`package vault`

Introduced ErrUserInput to distinguish user error from server error 2016-03-08 03:16:09 +00:00			`// Struct to identify user input errors.`
			`// This is helpful in responding the appropriate status codes to clients`
			`// from the HTTP endpoints.`
ErrUserInput --> StatusBadRequest 2016-03-09 02:47:24 +00:00			`type StatusBadRequest struct {`
Error text corrections and minor refactoring 2016-03-09 03:27:24 +00:00			`Err string`
Introduced ErrUserInput to distinguish user error from server error 2016-03-08 03:16:09 +00:00			`}`
use errwrap to check the type of error message, fix typos 2016-03-07 23:36:26 +00:00
Introduced ErrUserInput to distinguish user error from server error 2016-03-08 03:16:09 +00:00			`// Implementing error interface`
Error text corrections and minor refactoring 2016-03-09 03:27:24 +00:00			`func (s *StatusBadRequest) Error() string {`
			`return s.Err`
Introduced ErrUserInput to distinguish user error from server error 2016-03-08 03:16:09 +00:00			`}`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00
			`// Capabilities is used to fetch the capabilities of the given token on the given path`
refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`func (c *Core) Capabilities(token, path string) ([]string, error) {`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`if path == "" {`
Error text corrections and minor refactoring 2016-03-09 03:27:24 +00:00			`return nil, &StatusBadRequest{Err: "missing path"}`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

			`if token == "" {`
Error text corrections and minor refactoring 2016-03-09 03:27:24 +00:00			`return nil, &StatusBadRequest{Err: "missing token"}`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

			`te, err := c.tokenStore.Lookup(token)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if te == nil {`
Error text corrections and minor refactoring 2016-03-09 03:27:24 +00:00			`return nil, &StatusBadRequest{Err: "invalid token"}`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

			`if te.Policies == nil {`
refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`return []string{DenyCapability}, nil`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`

Adding acl.Capabilities to do the path matching 2016-03-04 17:04:26 +00:00			`var policies []*Policy`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`for _, tePolicy := range te.Policies {`
			`policy, err := c.policyStore.GetPolicy(tePolicy)`
			`if err != nil {`
			`return nil, err`
			`}`
Adding acl.Capabilities to do the path matching 2016-03-04 17:04:26 +00:00			`policies = append(policies, policy)`
			`}`

			`if len(policies) == 0 {`
refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`return []string{DenyCapability}, nil`
Adding acl.Capabilities to do the path matching 2016-03-04 17:04:26 +00:00			`}`

			`acl, err := NewACL(policies)`
			`if err != nil {`
			`return nil, err`
			`}`

refactoring changes due to acl.Capabilities 2016-03-04 18:21:07 +00:00			`return acl.Capabilities(path), nil`
Add vault/capabilities.go 2016-03-03 02:32:52 +00:00			`}`