Use logical operations instead of strings for comparison
This commit is contained in:
parent
d949043cac
commit
f9bbe0fb04
|
@ -134,10 +134,6 @@ const (
|
||||||
RollbackOperation = "rollback"
|
RollbackOperation = "rollback"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (o Operation) String() string {
|
|
||||||
return string(o)
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
// ErrUnsupportedOperation is returned if the operation is not supported
|
// ErrUnsupportedOperation is returned if the operation is not supported
|
||||||
// by the logical backend.
|
// by the logical backend.
|
||||||
|
|
14
vault/acl.go
14
vault/acl.go
|
@ -107,20 +107,20 @@ CHECK:
|
||||||
// If "deny" has been explicitly set, only deny will be in the map, so we
|
// If "deny" has been explicitly set, only deny will be in the map, so we
|
||||||
// only need to check for the existence of other values
|
// only need to check for the existence of other values
|
||||||
sudo = capabilities&SudoCapabilityInt > 0
|
sudo = capabilities&SudoCapabilityInt > 0
|
||||||
switch op.String() {
|
switch op {
|
||||||
case "read":
|
case logical.ReadOperation:
|
||||||
allowed = capabilities&ReadCapabilityInt > 0
|
allowed = capabilities&ReadCapabilityInt > 0
|
||||||
case "list":
|
case logical.ListOperation:
|
||||||
allowed = capabilities&ListCapabilityInt > 0
|
allowed = capabilities&ListCapabilityInt > 0
|
||||||
case "update":
|
case logical.UpdateOperation:
|
||||||
allowed = capabilities&UpdateCapabilityInt > 0
|
allowed = capabilities&UpdateCapabilityInt > 0
|
||||||
case "delete":
|
case logical.DeleteOperation:
|
||||||
allowed = capabilities&DeleteCapabilityInt > 0
|
allowed = capabilities&DeleteCapabilityInt > 0
|
||||||
case "create":
|
case logical.CreateOperation:
|
||||||
allowed = capabilities&CreateCapabilityInt > 0
|
allowed = capabilities&CreateCapabilityInt > 0
|
||||||
|
|
||||||
// These three re-use UpdateCapabilityInt since that's the most appropraite capability/operation mapping
|
// These three re-use UpdateCapabilityInt since that's the most appropraite capability/operation mapping
|
||||||
case "revoke", "renew", "rollback":
|
case logical.RevokeOperation, logical.RenewOperation, logical.RollbackOperation:
|
||||||
allowed = capabilities&UpdateCapabilityInt > 0
|
allowed = capabilities&UpdateCapabilityInt > 0
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
Loading…
Reference in a new issue