Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes #24558: Upmerge removed breaks 8.1 - api acl plugin #5501

Merged
merged 1 commit into from
Mar 21, 2024
Merged

Fixes #24558: Upmerge removed breaks 8.1 - api acl plugin #5501

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 8 additions & 7 deletions ...p/sources/rudder/rudder-core/src/main/scala/com/normation/rudder/api/DataStructures.scala
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ final case object HttpAction extends Enum[Ht

/*
* An authorization control is done in a path (so we are managing
* tree by essense).
* tree by essence).
*
* The path can be composed of 3 kinds of segments (as called in rfc3986):
* - a named segment (ie the name of resources)
Expand Down Expand Up @@ -220,7 +220,7 @@ object AclPath {
}

/**
* A compare method on path that sort them from "most specific" to "most genereric"
* A compare method on path that sort them from "most specific" to "most generic"
* so that!
* - Segment < Wildcard < DoubleWildcard
*/
Expand All @@ -245,7 +245,7 @@ object AclPath {

/*
* one API authorization is an API with a set of authorized action.
* A path may have 0 authorized action, which explicity mean that there
* A path may have 0 authorized action, which explicitly means that there
* is no authorization for that path.
*/
final case class ApiAclElement(path: AclPath, actions: Set[HttpAction]) {
Expand All @@ -272,7 +272,7 @@ object ApiAuthorizationKind extends Enum[ApiAuthorizationKind] {
def parse(s: String): Either[String, ApiAuthorizationKind] = {
withNameInsensitiveOption(s)
.toRight(
s"Unserialization error: '${s}' is not a known API authorization kind, possible values are '${values.map(_.name).mkString("', '")}'"
s"Deserialization error: '${s}' is not a known API authorization kind, possible values are '${values.map(_.name).mkString("', '")}'"
)
}

Expand All @@ -292,6 +292,7 @@ object ApiAuthorization {
case object RO extends ApiAuthorization { override val kind: ApiAuthorizationKind = ApiAuthorizationKind.RO }
final case class ACL(acl: List[ApiAclElement]) extends ApiAuthorization {
override def kind: ApiAuthorizationKind = ApiAuthorizationKind.ACL
def debugString: String = acl.map(_.display).mkString(";")
}

/**
Expand All @@ -303,11 +304,11 @@ object ApiAuthorization {

/**
* We have several kind of API accounts:
* - the "system" account is a success in-memory one, whose token is genererated at each start.
* - the "system" account is a success in-memory one, whose token is generated at each start.
* It has super authz.
* - User API accounts are linked to a given user. They get the same rights has their user.
* They are only available when a spcecific plugin enable them.
* - Standard account are used for public API acess.
* They are only available when a specific plugin enable them.
* - Standard account are used for public API access.
*
*/
sealed trait ApiAccountType extends EnumEntry { def name: String }
Expand Down