[#406] authmate: update default bearer rules

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2022-04-26 17:35:12 +03:00 committed by Alex Vanin
parent 4047a47457
commit 69a03c5bbe

View file

@ -320,16 +320,28 @@ func buildEACLTable(eaclTable []byte) (*eacl.Table, error) {
record := eacl.NewRecord() record := eacl.NewRecord()
record.SetOperation(eacl.OperationGet) record.SetOperation(eacl.OperationGet)
record.SetAction(eacl.ActionAllow) record.SetAction(eacl.ActionAllow)
// TODO: Change this later.
// from := eacl.HeaderFromObject
// matcher := eacl.MatchStringEqual
// record.AddFilter(from eacl.FilterHeaderType, matcher eacl.Match, name string, value string)
eacl.AddFormedTarget(record, eacl.RoleOthers) eacl.AddFormedTarget(record, eacl.RoleOthers)
table.AddRecord(record) table.AddRecord(record)
for _, rec := range restrictedRecords() {
table.AddRecord(rec)
}
return table, nil return table, nil
} }
func restrictedRecords() (records []*eacl.Record) {
for op := eacl.OperationGet; op <= eacl.OperationRangeHash; op++ {
record := eacl.NewRecord()
record.SetOperation(op)
record.SetAction(eacl.ActionDeny)
eacl.AddFormedTarget(record, eacl.RoleOthers)
records = append(records, record)
}
return
}
func buildContext(rules []byte) ([]*session.ContainerContext, error) { func buildContext(rules []byte) ([]*session.ContainerContext, error) {
var sessionCtxs []*session.ContainerContext var sessionCtxs []*session.ContainerContext