From 69a03c5bbe25376e62898bf01809834e2fdc7a57 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Tue, 26 Apr 2022 17:35:12 +0300 Subject: [PATCH] [#406] authmate: update default bearer rules Signed-off-by: Denis Kirillov --- authmate/authmate.go | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/authmate/authmate.go b/authmate/authmate.go index 127b9323..b146c409 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -320,16 +320,28 @@ func buildEACLTable(eaclTable []byte) (*eacl.Table, error) { record := eacl.NewRecord() record.SetOperation(eacl.OperationGet) record.SetAction(eacl.ActionAllow) - // TODO: Change this later. - // from := eacl.HeaderFromObject - // matcher := eacl.MatchStringEqual - // record.AddFilter(from eacl.FilterHeaderType, matcher eacl.Match, name string, value string) eacl.AddFormedTarget(record, eacl.RoleOthers) table.AddRecord(record) + for _, rec := range restrictedRecords() { + table.AddRecord(rec) + } + return table, nil } +func restrictedRecords() (records []*eacl.Record) { + for op := eacl.OperationGet; op <= eacl.OperationRangeHash; op++ { + record := eacl.NewRecord() + record.SetOperation(op) + record.SetAction(eacl.ActionDeny) + eacl.AddFormedTarget(record, eacl.RoleOthers) + records = append(records, record) + } + + return +} + func buildContext(rules []byte) ([]*session.ContainerContext, error) { var sessionCtxs []*session.ContainerContext