forked from TrueCloudLab/frostfs-s3-gw
[#406] authmate: update default bearer rules
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
4047a47457
commit
69a03c5bbe
1 changed files with 16 additions and 4 deletions
|
@ -320,16 +320,28 @@ func buildEACLTable(eaclTable []byte) (*eacl.Table, error) {
|
|||
record := eacl.NewRecord()
|
||||
record.SetOperation(eacl.OperationGet)
|
||||
record.SetAction(eacl.ActionAllow)
|
||||
// TODO: Change this later.
|
||||
// from := eacl.HeaderFromObject
|
||||
// matcher := eacl.MatchStringEqual
|
||||
// record.AddFilter(from eacl.FilterHeaderType, matcher eacl.Match, name string, value string)
|
||||
eacl.AddFormedTarget(record, eacl.RoleOthers)
|
||||
table.AddRecord(record)
|
||||
|
||||
for _, rec := range restrictedRecords() {
|
||||
table.AddRecord(rec)
|
||||
}
|
||||
|
||||
return table, nil
|
||||
}
|
||||
|
||||
func restrictedRecords() (records []*eacl.Record) {
|
||||
for op := eacl.OperationGet; op <= eacl.OperationRangeHash; op++ {
|
||||
record := eacl.NewRecord()
|
||||
record.SetOperation(op)
|
||||
record.SetAction(eacl.ActionDeny)
|
||||
eacl.AddFormedTarget(record, eacl.RoleOthers)
|
||||
records = append(records, record)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
func buildContext(rules []byte) ([]*session.ContainerContext, error) {
|
||||
var sessionCtxs []*session.ContainerContext
|
||||
|
||||
|
|
Loading…
Reference in a new issue