63 log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter"); |
63 log_ereport(LOG_MISCONFIG, "require-access: missing mask parameter"); |
64 protocol_status(sn, rq, 500, NULL); |
64 protocol_status(sn, rq, 500, NULL); |
65 return REQ_ABORTED; |
65 return REQ_ABORTED; |
66 } |
66 } |
67 |
67 |
|
68 char *method = pblock_findval("method", pb); |
|
69 if(method) { |
|
70 char *m = pblock_findkeyval(pb_key_method, rq->reqpb); |
|
71 if(strcmp(method, m)) { |
|
72 return REQ_NOACTION; |
|
73 } |
|
74 } |
|
75 |
68 uint32_t access_mask = 0; |
76 uint32_t access_mask = 0; |
69 ssize_t n = 0; |
77 ssize_t n = 0; |
70 sstr_t *rights = sstrsplit(sstr(mask_str), sstrn(",", 1), &n); |
78 sstr_t *rights = sstrsplit(sstr(mask_str), sstrn(",", 1), &n); |
71 for(int i=0;i<n;i++) { |
79 for(int i=0;i<n;i++) { |
72 sstr_t right = rights[i]; |
80 sstr_t right = rights[i]; |
73 access_mask = access_mask | accstr2int(right); |
81 access_mask = access_mask | accstr2int(right); |
74 } |
82 } |
|
83 |
|
84 rq->aclreqaccess = access_mask; |
75 |
85 |
76 return REQ_PROCEED; |
86 return REQ_PROCEED; |
77 } |
87 } |
78 |
88 |
79 int append_acl(pblock *pb, Session *sn, Request *rq) { |
89 int append_acl(pblock *pb, Session *sn, Request *rq) { |
98 return REQ_PROCEED; |
108 return REQ_PROCEED; |
99 } |
109 } |
100 |
110 |
101 |
111 |
102 int check_acl(pblock *pb, Session *sn, Request *rq) { |
112 int check_acl(pblock *pb, Session *sn, Request *rq) { |
103 int access_mask = ACL_READ_DATA; // TODO: check method and path |
113 int access_mask = ACL_READ_DATA | rq->aclreqaccess; // TODO: check method and path |
104 |
114 |
105 int ret = acl_evaluate(sn, rq, access_mask); |
115 int ret = acl_evaluate(sn, rq, access_mask); |
106 if(ret == REQ_ABORTED) { |
116 if(ret == REQ_ABORTED) { |
107 // TODO: status, error, ... |
117 // TODO: status, error, ... |
108 return REQ_ABORTED; |
118 return REQ_ABORTED; |