ningyougang commented on a change in pull request #4058:
URL: https://github.com/apache/openwhisk/pull/4058#discussion_r641189638
##########
File path:
core/controller/src/main/scala/org/apache/openwhisk/core/entitlement/Entitlement.scala
##########
@@ -231,6 +234,157 @@ protected[core] abstract class EntitlementProvider(
.getOrElse(Future.successful(()))
}
+ /**
+ * Checks if action operation(get/write/execute) whether feasible
+ *
+ * @param operation the action operation, e.g. get/write/execute
+ * @param user the user who get/write/execute the action
+ * @param entityStore store to write the action to
+ * @param entityName entityName
+ * @param permissions the passed permission code
+ * @return a promise that completes with success iff action operation is
feasible
+ */
+ protected[core] def checkActionPermissions(
+ operation: String,
+ user: Identity,
+ entityStore: ArtifactStore[WhiskEntity],
+ entityName: FullyQualifiedEntityName,
+ get: (ArtifactStore[WhiskEntity], DocId, DocRevision, Boolean) =>
Future[WhiskAction],
+ permissions: Option[String] = None)(implicit transid: TransactionId):
Future[Unit] = {
+ if (operation == "create") {
+ permissions
+ .map { value =>
+ if (WhiskAction.permissionList.contains(value)) {
+ Future.successful(())
+ } else {
+ val errorInfo =
+ s"give error permission code: ${value}, available permission is
in ${WhiskAction.permissionList}"
+ Future.failed(RejectRequest(Forbidden,
Some(ErrorResponse(errorInfo, transid))))
+ }
+ }
+ .getOrElse(Future.successful(()))
+ } else if (operation == "update") {
+ get(entityStore, entityName.toDocId, DocRevision.empty, true)
+ .flatMap { whiskAction =>
+ val currentPermissions = whiskAction.annotations
+ .get(WhiskAction.permissionsFieldName)
+ .map(value => value.convertTo[String])
+ .getOrElse(WhiskAction.defaultPermissions)
+
+ val errorInfo = s"have no permission to ${operation} this action"
+ permissions match {
+ case Some(value) =>
+ if (!WhiskAction.permissionList.contains(value)) {
+ val errorInfo =
+ s"give error permission code: ${value}, available permission
is in ${WhiskAction.permissionList}"
+ Future.failed(RejectRequest(Forbidden,
Some(ErrorResponse(errorInfo, transid))))
+ } else {
+ val passedUpdatePermission = value.charAt(1)
+ if (passedUpdatePermission == 'w') { // make it to modifiable
+ Future.successful(())
Review comment:
It seems need to change the permission firstly.
after changed the write permission to available, it can be modified again.
hm..i will check you said whether right.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
