Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Read only facade check #4003
Conversation
howbazaar
added some commits
Dec 11, 2015
mjs
reviewed
Dec 20, 2015
| + // At this stage, any facade that is part of the restricted root | ||
| + // (those that are accessable outside of environments) are OK | ||
| + // because the user would have access to those facades if the went | ||
| + // through the controller API endpoint rather than an environme |
mjs
reviewed
Dec 20, 2015
| + | ||
| +// isCallAllowableByReadOnlyUser returns whether or not the method on the facade | ||
| +// can be called by a read only user. | ||
| +func isCallAllowableByReadOnlyUser(facade, _ /*method*/ string) bool { |
mjs
Dec 20, 2015
Contributor
This is ok but it might be clearer if you could specify entire facades (e.g. "foo.*" in the list of allowed read only methods used by isCallReadOnly.
|
LGTM! |
howbazaar
added some commits
Jan 14, 2016
|
$$merge$$ |
|
Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju |
added a commit
that referenced
this pull request
Feb 5, 2016
jujubot
merged commit 0296a83
into
juju:master
Feb 5, 2016
howbazaar
deleted the
howbazaar:read-only-facade-check
branch
Feb 5, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
howbazaar commentedDec 20, 2015
When an environment user has only read access to the environment, the apiserver adds an extra method lookup filter.
The read only check has been kept quite separate from the user lookup as the read only code will also be used for model migrations.