diff options
author | Simon MacMullen <simon@rabbitmq.com> | 2014-12-05 11:36:11 +0000 |
---|---|---|
committer | Simon MacMullen <simon@rabbitmq.com> | 2014-12-05 11:36:11 +0000 |
commit | 1977561b78a0b75400e683db860bf412445224af (patch) | |
tree | 7c0543204862ea4e0bcc43f3998d10bd1d2bbce8 /src/rabbit_authz_backend.erl | |
parent | f106429bc42ff46944790acc0a8c917db9ff9405 (diff) | |
parent | d205a4285ca02d12493ac0dd0f5256af4294723c (diff) | |
download | rabbitmq-server-1977561b78a0b75400e683db860bf412445224af.tar.gz |
stable to default
Diffstat (limited to 'src/rabbit_authz_backend.erl')
-rw-r--r-- | src/rabbit_authz_backend.erl | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/src/rabbit_authz_backend.erl b/src/rabbit_authz_backend.erl new file mode 100644 index 00000000..ff5f014e --- /dev/null +++ b/src/rabbit_authz_backend.erl @@ -0,0 +1,74 @@ +%% The contents of this file are subject to the Mozilla Public License +%% Version 1.1 (the "License"); you may not use this file except in +%% compliance with the License. You may obtain a copy of the License +%% at http://www.mozilla.org/MPL/ +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and +%% limitations under the License. +%% +%% The Original Code is RabbitMQ. +%% +%% The Initial Developer of the Original Code is GoPivotal, Inc. +%% Copyright (c) 2007-2014 GoPivotal, Inc. All rights reserved. +%% + +-module(rabbit_authz_backend). + +-include("rabbit.hrl"). + +-ifdef(use_specs). + +%% Check a user can log in, when this backend is being used for +%% authorisation only. Authentication has already taken place +%% successfully, but we need to check that the user exists in this +%% backend, and initialise any impl field we will want to have passed +%% back in future calls to check_vhost_access/3 and +%% check_resource_access/3. +%% +%% Possible responses: +%% {ok, Impl} +%% User authorisation succeeded, and here's the impl field. +%% {error, Error} +%% Something went wrong. Log and die. +%% {refused, Msg, Args} +%% User authorisation failed. Log and die. +-callback user_login_authorization(rabbit_types:username()) -> + {'ok', any()} | + {'refused', string(), [any()]} | + {'error', any()}. + +%% Given #auth_user and vhost, can a user log in to a vhost? +%% Possible responses: +%% true +%% false +%% {error, Error} +%% Something went wrong. Log and die. +-callback check_vhost_access(rabbit_types:auth_user(), + rabbit_types:vhost(), rabbit_net:socket()) -> + boolean() | {'error', any()}. + +%% Given #auth_user, resource and permission, can a user access a resource? +%% +%% Possible responses: +%% true +%% false +%% {error, Error} +%% Something went wrong. Log and die. +-callback check_resource_access(rabbit_types:auth_user(), + rabbit_types:r(atom()), + rabbit_access_control:permission_atom()) -> + boolean() | {'error', any()}. + +-else. + +-export([behaviour_info/1]). + +behaviour_info(callbacks) -> + [{user_login_authorization, 1}, + {check_vhost_access, 3}, {check_resource_access, 3}]; +behaviour_info(_Other) -> + undefined. + +-endif. |