[GitHub] [openwhisk] ningyougang commented on a change in pull request #4058: Add protect feature to avoid update or delete actions by mistake

GitBox Mon, 08 Jun 2020 02:03:13 -0700


ningyougang commented on a change in pull request #4058:
URL: https://github.com/apache/openwhisk/pull/4058#discussion_r436552166




##########
File path: 
common/scala/src/main/scala/org/apache/openwhisk/core/entity/WhiskAction.scala
##########
@@ -350,6 +360,31 @@ object WhiskAction extends DocumentFactory[WhiskAction] 
with WhiskEntityQueries[
   val execFieldName = "exec"
   val requireWhiskAuthHeader = "x-require-whisk-auth"
 
+  // annotation permission key name
+  val permissionsFieldName = "permissions"
+
+  val defaultPermissions = "rwxr-x"
+
+  // notes on users, just have 2 type users,
+  // 1. the action's owner
+  // 2. the user (not the owner) who used the shared action directly(e.g. get, 
invoke)
+  //
+  // Notes on permission control
+  // 1. the action's read permission should open forever, because under invoke 
action or update action and so on,
+  //    need to use `fetch` api to get the action to judge it whether exist.
+  // 2. the user(not the owner) can't update/delete the action forever.
+  // 3. the owner's permission can affect other user's permission, e.g
+  //    if the owner is not given execute permission, the user(not the owner) 
can't have execute permission as well.
+  //
+  // Notes on permission values, include below permission value
+  // 1. permission code:rwxr-x: owner:read(yes)/write(yes)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(yes), this is default
+  // 2. permission code:rwxr--: owner:read(yes)/write(yes)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  // 3. permission code:r-xr-x: owner:read(yes)/write(no)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(yes)
+  // 4. permission code:r-xr--: owner:read(yes)/write(no)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  // 5. permission code:r--r--: owner:read(yes)/write(no)/execute(no)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  // 6. permission code:rw-r--: owner:read(yes)/write(yes)/execute(no)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  val permissionList = List(defaultPermissions, "rwxr--", "r-xr-x", "r-xr--", 
"r--r--", "rw-r--")

Review comment:
       for the shared user, the `r` means `download the code`

##########
File path: 
common/scala/src/main/scala/org/apache/openwhisk/core/entity/WhiskAction.scala
##########
@@ -350,6 +360,31 @@ object WhiskAction extends DocumentFactory[WhiskAction] 
with WhiskEntityQueries[
   val execFieldName = "exec"
   val requireWhiskAuthHeader = "x-require-whisk-auth"
 
+  // annotation permission key name
+  val permissionsFieldName = "permissions"
+
+  val defaultPermissions = "rwxr-x"
+
+  // notes on users, just have 2 type users,
+  // 1. the action's owner
+  // 2. the user (not the owner) who used the shared action directly(e.g. get, 
invoke)
+  //
+  // Notes on permission control
+  // 1. the action's read permission should open forever, because under invoke 
action or update action and so on,
+  //    need to use `fetch` api to get the action to judge it whether exist.
+  // 2. the user(not the owner) can't update/delete the action forever.
+  // 3. the owner's permission can affect other user's permission, e.g
+  //    if the owner is not given execute permission, the user(not the owner) 
can't have execute permission as well.
+  //
+  // Notes on permission values, include below permission value
+  // 1. permission code:rwxr-x: owner:read(yes)/write(yes)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(yes), this is default
+  // 2. permission code:rwxr--: owner:read(yes)/write(yes)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  // 3. permission code:r-xr-x: owner:read(yes)/write(no)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(yes)
+  // 4. permission code:r-xr--: owner:read(yes)/write(no)/execute(yes)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  // 5. permission code:r--r--: owner:read(yes)/write(no)/execute(no)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  // 6. permission code:rw-r--: owner:read(yes)/write(yes)/execute(no)|the 
shared action's user:read(yes)/write(no)/execute(no)
+  val permissionList = List(defaultPermissions, "rwxr--", "r-xr-x", "r-xr--", 
"r--r--", "rw-r--")

Review comment:
       `r` means `readable`




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [openwhisk] ningyougang commented on a change in pull request #4058: Add protect feature to avoid update or delete actions by mistake

Reply via email to