-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/47558/#review134295
-----------------------------------------------------------




include/mesos/authorizer/authorizer.hpp (line 35)
<https://reviews.apache.org/r/47558/#comment199096>

    How about we move this inside `ObjectAllower` and just call it `Object`?



include/mesos/authorizer/authorizer.hpp (line 51)
<https://reviews.apache.org/r/47558/#comment199097>

    I'm leaning towards calling this `ObjectAuthorizer`. We would effectively 
have `authorized(subject, action, object)` and `object_authorizer = 
authorized(subject, action); object_authorizer.authorized(object);`. What do 
you think?



include/mesos/authorizer/authorizer.hpp (line 54)
<https://reviews.apache.org/r/47558/#comment199098>

    If we go with `ObjectAuthorizer`, we should call this `authorized`, but at 
the least we should call it `allow` if we were to keep `ObjectAllower`.



include/mesos/authorizer/authorizer.hpp (line 137)
<https://reviews.apache.org/r/47558/#comment199100>

    I think we should call this `authorized`.



include/mesos/authorizer/authorizer.hpp (line 138)
<https://reviews.apache.org/r/47558/#comment199099>

    Since `Request` is `Subject`, `Action`, `Object`, I think it would be 
better for this function to take `Subject` and `Action`. This way we can 
constrain the effected part to be: `Object` -> `ObjectAllower::Object`.



src/authorizer/local/authorizer.cpp (line 59)
<https://reviews.apache.org/r/47558/#comment199102>

    Is this WIP? Are we actually planning to only handle `VIEW_FRAMEWORKS`?



src/authorizer/local/authorizer.cpp (lines 62 - 63)
<https://reviews.apache.org/r/47558/#comment199105>

    ```
      LocalAuthorizerFrameworkObjectAllower(
          const ACLs _acls, const Option<string>& _subject)
        : acls(_acls), subject(_subject) {}
    ```



src/authorizer/local/authorizer.cpp (line 65)
<https://reviews.apache.org/r/47558/#comment199104>

    `s/override{/override {/`



src/authorizer/local/authorizer.cpp (line 73)
<https://reviews.apache.org/r/47558/#comment199103>

    This is unused.



src/authorizer/local/authorizer.cpp (lines 75 - 76)
<https://reviews.apache.org/r/47558/#comment199101>

    Please let's do this now. `matches` and `allows` doesn't even use internal 
state and could have been declared `static`. Shouldn't be hard to pull them out.


- Michael Park


On May 22, 2016, 9:25 p.m., Joerg Schad wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/47558/
> -----------------------------------------------------------
> 
> (Updated May 22, 2016, 9:25 p.m.)
> 
> 
> Review request for mesos, Michael Park and Vinod Kone.
> 
> 
> Bugs: MESOS-5403
>     https://issues.apache.org/jira/browse/MESOS-5403
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Added allower interface to authorizer.
> 
> 
> Diffs
> -----
> 
>   include/mesos/authorizer/authorizer.hpp 
> ed5f9e73661e25a83722cf1e408ae61023cd4a21 
>   src/authorizer/local/authorizer.hpp 
> 61388454025211fd7d53e71a86983fd8479950b6 
>   src/authorizer/local/authorizer.cpp 
> dc53bc4374aea98b5ed41ade5617374d2447229b 
>   src/tests/mesos.hpp 79bf1ff16412ce2a510a9b75ab1ac91c1c182653 
>   src/tests/mesos.cpp 629135f0dc59346f0fcddb2cbe65ca5770fad34e 
> 
> Diff: https://reviews.apache.org/r/47558/diff/
> 
> 
> Testing
> -------
> 
> tested entire chain.
> 
> 
> Thanks,
> 
> Joerg Schad
> 
>

Reply via email to