diff options
| author | Simon MacMullen <simon@rabbitmq.com> | 2010-11-22 16:04:47 +0000 |
|---|---|---|
| committer | Simon MacMullen <simon@rabbitmq.com> | 2010-11-22 16:04:47 +0000 |
| commit | 51163cd8e2d931d22eb1ff69983ad6e520d8122e (patch) | |
| tree | 197c26630d0135a2ba1706e632724c22e6875683 | |
| parent | fb056d19c4c79a0cb36eeafb561a20846a16126b (diff) | |
| download | rabbitmq-server-51163cd8e2d931d22eb1ff69983ad6e520d8122e.tar.gz | |
Let an auth plugin specify which vhosts a user can see.
| -rw-r--r-- | src/rabbit_access_control.erl | 9 | ||||
| -rw-r--r-- | src/rabbit_auth_backend.erl | 2 | ||||
| -rw-r--r-- | src/rabbit_auth_backend_internal.erl | 8 |
3 files changed, 13 insertions, 6 deletions
diff --git a/src/rabbit_access_control.erl b/src/rabbit_access_control.erl index 0c399cd0..40e3cb7e 100644 --- a/src/rabbit_access_control.erl +++ b/src/rabbit_access_control.erl @@ -35,7 +35,7 @@ -export([user_pass_login/2, check_user_pass_login/2, check_user_login/2, make_salt/0, check_password/2, check_vhost_access/2, - check_resource_access/3]). + check_resource_access/3, list_vhosts/1]). -export([add_user/2, delete_user/1, change_password/2, set_admin/1, clear_admin/1, list_users/0, lookup_user/1]). -export([change_password_hash/2]). @@ -131,7 +131,7 @@ check_user_login(Username, AuthProps) -> check_vhost_access(User = #user{ username = Username, auth_backend = Module }, VHostPath) -> ?LOGDEBUG("Checking VHost access for ~p to ~p~n", [Username, VHostPath]), - case Module:check_vhost_access(User, VHostPath) of + case Module:check_vhost_access(User, VHostPath, write) of true -> ok; false -> @@ -153,6 +153,11 @@ check_resource_access(User = #user{username = Username, auth_backend = Module}, [rabbit_misc:rs(Resource), Username]) end. +list_vhosts(User = #user{auth_backend = Module}) -> + lists:filter(fun(VHost) -> + Module:check_vhost_access(User, VHost, read) + end, list_vhosts()). + %%---------------------------------------------------------------------------- add_user(Username, Password) -> diff --git a/src/rabbit_auth_backend.erl b/src/rabbit_auth_backend.erl index 3fb5f1b6..18f32873 100644 --- a/src/rabbit_auth_backend.erl +++ b/src/rabbit_auth_backend.erl @@ -40,7 +40,7 @@ behaviour_info(callbacks) -> {check_user_login, 2}, - {check_vhost_access, 2}, + {check_vhost_access, 3}, {check_resource_access, 3} ]; diff --git a/src/rabbit_auth_backend_internal.erl b/src/rabbit_auth_backend_internal.erl index bf736775..c582c0d1 100644 --- a/src/rabbit_auth_backend_internal.erl +++ b/src/rabbit_auth_backend_internal.erl @@ -35,8 +35,7 @@ -behaviour(rabbit_auth_backend). -export([description/0]). --export([check_user_login/2, check_vhost_access/2, - check_resource_access/3]). +-export([check_user_login/2, check_vhost_access/3, check_resource_access/3]). %%-include("rabbit_auth_backend_spec.hrl"). @@ -71,7 +70,10 @@ internal_check_user_login(Username, Fun) -> {refused, Username} end. -check_vhost_access(#user{username = Username}, VHostPath) -> +check_vhost_access(#user{is_admin = true}, _VHostPath, read) -> + true; + +check_vhost_access(#user{username = Username}, VHostPath, write) -> %% TODO: use dirty ops instead rabbit_misc:execute_mnesia_transaction( fun () -> |