diff options
author | Madelyn Olson <34459052+madolson@users.noreply.github.com> | 2022-01-20 13:05:27 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-01-20 13:05:27 -0800 |
commit | 55c81f2cd3da82f9f570000875e006b9046ddef3 (patch) | |
tree | eeb2a2f7d9403ddd2026b448da541da4a874b783 /src/redismodule.h | |
parent | 10bbeb68377bc2b20442e6578183dbc61fb57ec3 (diff) | |
download | redis-55c81f2cd3da82f9f570000875e006b9046ddef3.tar.gz |
ACL V2 - Selectors and key based permissions (#9974)
* Implemented selectors which provide multiple different sets of permissions to users
* Implemented key based permissions
* Added a new ACL dry-run command to test permissions before execution
* Updated module APIs to support checking key based permissions
Co-authored-by: Oran Agra <oran@redislabs.com>
Diffstat (limited to 'src/redismodule.h')
-rw-r--r-- | src/redismodule.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/redismodule.h b/src/redismodule.h index 15990a04f..4bcad5111 100644 --- a/src/redismodule.h +++ b/src/redismodule.h @@ -261,6 +261,12 @@ typedef enum { #define REDISMODULE_CMD_ARG_MULTIPLE (1<<1) /* The argument may repeat itself (like key in DEL) */ #define REDISMODULE_CMD_ARG_MULTIPLE_TOKEN (1<<2) /* The argument may repeat itself, and so does its token (like `GET pattern` in SORT) */ +/* Redis ACL key permission flags, which specify which permissions a module + * needs on a key. */ +#define REDISMODULE_KEY_PERMISSION_READ (1<<0) +#define REDISMODULE_KEY_PERMISSION_WRITE (1<<1) +#define REDISMODULE_KEY_PERMISSION_ALL (REDISMODULE_KEY_PERMISSION_READ | REDISMODULE_KEY_PERMISSION_WRITE) + /* Eventloop definitions. */ #define REDISMODULE_EVENTLOOP_READABLE 1 #define REDISMODULE_EVENTLOOP_WRITABLE 2 @@ -978,7 +984,7 @@ REDISMODULE_API int (*RedisModule_SetModuleUserACL)(RedisModuleUser *user, const REDISMODULE_API RedisModuleString * (*RedisModule_GetCurrentUserName)(RedisModuleCtx *ctx) REDISMODULE_ATTR; REDISMODULE_API RedisModuleUser * (*RedisModule_GetModuleUserFromUserName)(RedisModuleString *name) REDISMODULE_ATTR; REDISMODULE_API int (*RedisModule_ACLCheckCommandPermissions)(RedisModuleUser *user, RedisModuleString **argv, int argc) REDISMODULE_ATTR; -REDISMODULE_API int (*RedisModule_ACLCheckKeyPermissions)(RedisModuleUser *user, RedisModuleString *key) REDISMODULE_ATTR; +REDISMODULE_API int (*RedisModule_ACLCheckKeyPermissions)(RedisModuleUser *user, RedisModuleString *key, int flags) REDISMODULE_ATTR; REDISMODULE_API int (*RedisModule_ACLCheckChannelPermissions)(RedisModuleUser *user, RedisModuleString *ch, int literal) REDISMODULE_ATTR; REDISMODULE_API void (*RedisModule_ACLAddLogEntry)(RedisModuleCtx *ctx, RedisModuleUser *user, RedisModuleString *object) REDISMODULE_ATTR; REDISMODULE_API int (*RedisModule_AuthenticateClientWithACLUser)(RedisModuleCtx *ctx, const char *name, size_t len, RedisModuleUserChangedFunc callback, void *privdata, uint64_t *client_id) REDISMODULE_ATTR; |