Fixed Policy Permissions intergration and spelling.

This commit is contained in:
ChaseLEngel 2016-10-14 10:22:00 -07:00
parent 12342c1d05
commit d480df7141
2 changed files with 19 additions and 16 deletions

View File

@ -60,13 +60,13 @@ func NewACL(policies []*Policy) (*ACL, error) {
case pc.Permissions.CapabilitiesBitmap&DenyCapabilityInt > 0:
// If this new policy explicitly denies, only save the deny value
pc.Permissions.CapabilitesBitmap = DenyCapabilityInt
pc.Permissions.CapabilitiesBitmap = DenyCapabilityInt
tree.Insert(pc.Prefix, pc.Permissions)
default:
// Insert the capabilities in this new policy into the existing
// value
pc.Permissions.CapabilitesBitmap = existing | pc.Permissions.CapabilitesBitmap
pc.Permissions.CapabilitiesBitmap = existing | pc.Permissions.CapabilitiesBitmap
tree.Insert(pc.Prefix, pc.Permissions)
}
}
@ -86,7 +86,7 @@ func (a *ACL) Capabilities(path string) (pathCapabilities []string) {
if ok {
perm := raw.(Permissions)
capbilities := perm.CapabilitiesBitmap
capabilities = perm.CapabilitiesBitmap
goto CHECK
}
@ -96,7 +96,7 @@ func (a *ACL) Capabilities(path string) (pathCapabilities []string) {
return []string{DenyCapability}
} else {
perm := raw.(Permissions)
capbilities := perm.CapabilitiesBitmap
capabilities = perm.CapabilitiesBitmap
}
CHECK:
@ -143,8 +143,8 @@ func (a *ACL) AllowOperation(op logical.Operation, path string) (allowed bool, s
///////////////////////////////////////////////////////////////////////////////////
// Parse Request and set variables to check on
///////////////////////////////////////////////////////////////////////////////////
op := req.Operation
path := req.Path
//op = req.Operation
//path = req.Path
// Help is always allowed
if op == logical.HelpOperation {

View File

@ -56,11 +56,6 @@ type Policy struct {
Raw string
}
type Permissions struct {
CapabilitiesBitmap uint32 `hcl:"-"`
AllowedParams map[string]bool
DisallowedParams map[string]bool
}
/*
*/
@ -69,11 +64,16 @@ type PathCapabilities struct {
Prefix string
Policy string
Capabilities []string
//CapabilitiesBitmap uint32 `hcl:"-"`
AclCapabilites *Permissions
Permissions *Permissions
Glob bool
}
type Permissions struct {
CapabilitiesBitmap uint32 `hcl:"-"`
AllowedParams map[string]bool
DisallowedParams map[string]bool
}
// Parse is used to parse the specified ACL rules into an
// intermediary set of policies, before being compiled into
// the ACL
@ -118,6 +118,7 @@ func Parse(rules string) (*Policy, error) {
func parsePaths(result *Policy, list *ast.ObjectList) error {
// specifically how can we access the key value pairs for
// permissions
fmt.Println(list);
paths := make([]*PathCapabilities, 0, len(list.Items))
for _, item := range list.Items {
key := "path"
@ -167,6 +168,8 @@ func parsePaths(result *Policy, list *ast.ObjectList) error {
}
}
pc.Permissions = new(Permissions)
// Initialize the map
pc.Permissions.CapabilitiesBitmap = 0
for _, cap := range pc.Capabilities {