add permission checks for ume configuration

author: Matthias Radestock <matthias@lshift.net> 2009-05-20 08:45:37 +0100
committer: Matthias Radestock <matthias@lshift.net> 2009-05-20 08:45:37 +0100
commit: 66334eef00d807f40c1e1f76a273207418ac552c (patch)
tree: c2ac0c8cc00cbc82a3b4fc58844050008246b115 /src
parent: 5560bd99752526f0c8ab6f5fe145e052d7ab98be (diff)
download: rabbitmq-server-66334eef00d807f40c1e1f76a273207418ac552c.tar.gz
3 files changed, 24 insertions, 9 deletions
diff --git a/src/rabbit_channel.erl b/src/rabbit_channel.erl
index 8ec25ad5..10bf0445 100644
--- a/src/rabbit_channel.erl
+++ b/src/rabbit_channel.erl
@@ -570,6 +570,12 @@ handle_method(#'exchange.declare'{exchange = ExchangeNameBin,
             {ok, FoundX} -> FoundX;
             {error, not_found} ->
                 check_name('exchange', ExchangeNameBin),
+                case rabbit_misc:r_arg(VHostPath, exchange, Args, <<"ume">>) of
+                    undefined -> ok;
+                    UmeName   -> check_read_permitted(ExchangeName, State),
+                                 check_write_permitted(UmeName, State),
+                                 ok
+                end,
                 rabbit_exchange:declare(ExchangeName,
                                         CheckedType,
                                         Durable,
diff --git a/src/rabbit_exchange.erl b/src/rabbit_exchange.erl
index f644d710..c760329e 100644
--- a/src/rabbit_exchange.erl
+++ b/src/rabbit_exchange.erl
@@ -208,9 +208,10 @@ publish(X, Mandatory, Immediate, Txn,
     end.
 
 handle_unrouted(#exchange{name = XName, arguments = Args}, Txn, Message) ->
-    case lists:keysearch(<<"ume">>, 1, Args) of
-        {value, {_, longstr, UmeNameBin}} ->
-            UmeName = rabbit_misc:r(XName, exchange, UmeNameBin),
+    case rabbit_misc:r_arg(XName, exchange, Args, <<"ume">>) of
+        undefined ->
+            {routed, []};
+        UmeName ->
             case lookup(UmeName) of
                 {ok, Ume} ->
                     publish(Ume, false, false, Txn, Message);
@@ -219,9 +220,7 @@ handle_unrouted(#exchange{name = XName, arguments = Args}, Txn, Message) ->
                       "unroutable message exchange for ~s does not exist: ~s",
                       [rabbit_misc:rs(XName), rabbit_misc:rs(UmeName)]),
                     {routed, []}
-            end;
-        false ->
-            {routed, []}
+            end
     end.
 
 %% Usable by Erlang code that wants to publish messages.
diff --git a/src/rabbit_misc.erl b/src/rabbit_misc.erl
index eced0b3c..233c867c 100644
--- a/src/rabbit_misc.erl
+++ b/src/rabbit_misc.erl
@@ -38,7 +38,7 @@
 -export([die/1, frame_error/2, protocol_error/3, protocol_error/4]).
 -export([get_config/1, get_config/2, set_config/2]).
 -export([dirty_read/1]).
--export([r/3, r/2, rs/1]).
+-export([r/3, r/2, r_arg/4, rs/1]).
 -export([enable_cover/0, report_cover/0]).
 -export([throw_on_error/2, with_exit_handler/2, filter_exit_map/2]).
 -export([with_user/2, with_vhost/2, with_user_and_vhost/3]).
@@ -76,12 +76,14 @@
 -spec(get_config/2 :: (atom(), A) -> A).
 -spec(set_config/2 :: (atom(), any()) -> 'ok').
 -spec(dirty_read/1 :: ({atom(), any()}) -> {'ok', any()} | not_found()).
--spec(r/3 :: (vhost() | r(atom()), K, resource_name()) -> r(K) 
-              when is_subtype(K, atom())).
+-spec(r/3 :: (vhost() | r(atom()), K, resource_name()) ->
+             r(K) when is_subtype(K, atom())).
 -spec(r/2 :: (vhost(), K) -> #resource{virtual_host :: vhost(),
                                        kind         :: K,
                                        name         :: '_'}
                                  when is_subtype(K, atom())).
+-spec(r_arg/4 :: (vhost() | r(atom()), K, amqp_table(), binary()) ->
+             r(K)  when is_subtype(K, atom())).
 -spec(rs/1 :: (r(atom())) -> string()).
 -spec(enable_cover/0 :: () -> 'ok' | {'error', any()}).
 -spec(report_cover/0 :: () -> 'ok').
@@ -169,6 +171,14 @@ r(VHostPath, Kind, Name) when is_binary(Name) andalso is_binary(VHostPath) ->
 r(VHostPath, Kind) when is_binary(VHostPath) ->
     #resource{virtual_host = VHostPath, kind = Kind, name = '_'}.
 
+r_arg(#resource{virtual_host = VHostPath}, Kind, Table, Key) ->
+    r_arg(VHostPath, Kind, Table, Key);
+r_arg(VHostPath, Kind, Table, Key) ->
+    case lists:keysearch(Key, 1, Table) of
+        {value, {_, longstr, NameBin}} -> r(VHostPath, Kind, NameBin);
+        false                          -> undefined
+    end.
+
 rs(#resource{virtual_host = VHostPath, kind = Kind, name = Name}) ->
     lists:flatten(io_lib:format("~s '~s' in vhost '~s'",
                                 [Kind, Name, VHostPath])).
author	Matthias Radestock <matthias@lshift.net>	2009-05-20 08:45:37 +0100
committer	Matthias Radestock <matthias@lshift.net>	2009-05-20 08:45:37 +0100
commit	66334eef00d807f40c1e1f76a273207418ac552c (patch)
tree	c2ac0c8cc00cbc82a3b4fc58844050008246b115 /src
parent	5560bd99752526f0c8ab6f5fe145e052d7ab98be (diff)
download	rabbitmq-server-66334eef00d807f40c1e1f76a273207418ac552c.tar.gz