[GitHub] [openwhisk] rabbah commented on a change in pull request #4935: Execute Only for Shared Actions

Wed, 29 Jul 2020 00:32:25 -0700 


rabbah commented on a change in pull request #4935:
URL: https://github.com/apache/openwhisk/pull/4935#discussion_r461656865



##########
File path: 
core/controller/src/main/scala/org/apache/openwhisk/core/controller/Actions.scala
##########
@@ -341,26 +350,58 @@ trait WhiskActionsApi extends WhiskCollectionAPI with 
PostActionActivation with
   override def fetch(user: Identity, entityName: FullyQualifiedEntityName, 
env: Option[Parameters])(
     implicit transid: TransactionId) = {
     parameter('code ? true) { code =>
-      code match {
-        case true =>
-          getEntity(WhiskAction.resolveActionAndMergeParameters(entityStore, 
entityName), Some { action: WhiskAction =>
-            val mergedAction = env map {
-              action inherit _
-            } getOrElse action
-            complete(OK, mergedAction)
-          })
-        case false =>
-          
getEntity(WhiskActionMetaData.resolveActionAndMergeParameters(entityStore, 
entityName), Some {
-            action: WhiskActionMetaData =>
-              val mergedAction = env map {
-                action inherit _
-              } getOrElse action
-              complete(OK, mergedAction)
-          })
-      }
+      //check if execute only is enabled, and if there is a discrepancy 
between the current user's namespace
+      //and that of the entity we are trying to fetch
+     if (executeOnly && user.namespace.name.toString != 
entityName.namespace.toString) {
+        val value = entityName.path
+        terminate(StatusCode.int2StatusCode(403), s"GET not permitted for 
'$value' since it's an action in a shared package")

Review comment:
       Here, please import `StatusCodes.Forbidden` and use that instead.
   
   Also please move the error message to `org.apache.openwhisk.http.Messages` 
which is where error responses are consolidated and to facilitate tests without 
replicating the string.

##########
File path: 
core/controller/src/main/scala/org/apache/openwhisk/core/controller/Actions.scala
##########
@@ -341,26 +350,58 @@ trait WhiskActionsApi extends WhiskCollectionAPI with 
PostActionActivation with
   override def fetch(user: Identity, entityName: FullyQualifiedEntityName, 
env: Option[Parameters])(
     implicit transid: TransactionId) = {
     parameter('code ? true) { code =>
-      code match {
-        case true =>
-          getEntity(WhiskAction.resolveActionAndMergeParameters(entityStore, 
entityName), Some { action: WhiskAction =>
-            val mergedAction = env map {
-              action inherit _
-            } getOrElse action
-            complete(OK, mergedAction)
-          })
-        case false =>
-          
getEntity(WhiskActionMetaData.resolveActionAndMergeParameters(entityStore, 
entityName), Some {
-            action: WhiskActionMetaData =>
-              val mergedAction = env map {
-                action inherit _
-              } getOrElse action
-              complete(OK, mergedAction)
-          })
-      }
+      //check if execute only is enabled, and if there is a discrepancy 
between the current user's namespace
+      //and that of the entity we are trying to fetch
+     if (executeOnly && user.namespace.name.toString != 
entityName.namespace.toString) {
+        val value = entityName.path
+        terminate(StatusCode.int2StatusCode(403), s"GET not permitted for 
'$value' since it's an action in a shared package")
+      } else {
+        code match {

Review comment:
       Nit: I'd suggest the simpler/cleaner if (code) { } else { }.

##########
File path: 
core/controller/src/main/scala/org/apache/openwhisk/core/controller/Actions.scala
##########
@@ -341,26 +350,58 @@ trait WhiskActionsApi extends WhiskCollectionAPI with 
PostActionActivation with
   override def fetch(user: Identity, entityName: FullyQualifiedEntityName, 
env: Option[Parameters])(
     implicit transid: TransactionId) = {
     parameter('code ? true) { code =>
-      code match {
-        case true =>
-          getEntity(WhiskAction.resolveActionAndMergeParameters(entityStore, 
entityName), Some { action: WhiskAction =>
-            val mergedAction = env map {
-              action inherit _
-            } getOrElse action
-            complete(OK, mergedAction)
-          })
-        case false =>
-          
getEntity(WhiskActionMetaData.resolveActionAndMergeParameters(entityStore, 
entityName), Some {
-            action: WhiskActionMetaData =>
-              val mergedAction = env map {
-                action inherit _
-              } getOrElse action
-              complete(OK, mergedAction)
-          })
-      }
+      //check if execute only is enabled, and if there is a discrepancy 
between the current user's namespace
+      //and that of the entity we are trying to fetch
+     if (executeOnly && user.namespace.name.toString != 
entityName.namespace.toString) {

Review comment:
       The toString conversion is is not necessary. `namespace.name` is of type 
`EntityName` and so is `entityName.namespace`. Since `EntityName` is a value 
type `!=` is sufficient. In any case when you want string conversion in the 
code base use `asString` instead of `toString` as this is the idiom used 
throughout.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to