Skip to content

Commit

Permalink
fix(indexd): only check authz for if its public, don't include in pre…
Browse files Browse the repository at this point in the history 
…v acl list
  • Loading branch information
@Avantol13
Avantol13 committed Jun 28, 2019
1 parent de85db0 commit 1283bbb
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions fence/blueprints/data/indexd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,10 +339,8 @@ def _get_signed_url(self, protocol, action, expires_in, force_signed_url):
)

@cached_property
def authz(self):
if "authz" in self.index_document:
return set(self.index_document["authz"])
elif "acl" in self.index_document:
def set_acls(self):
if "acl" in self.index_document:
return set(self.index_document["acl"])
elif "acls" in self.metadata:
return set(self.metadata["acls"].split(","))
Expand All @@ -367,7 +365,8 @@ def metadata(self):

@cached_property
def public(self):
return "*" in self.authz or "/open" in self.authz
authz_resources = self.index_document.get("authz", []).extend(self.set_acls)
return "*" in authz_resources or "/open" in authz_resources

@login_required({"data"})
def check_authorization(self, action):
Expand Down Expand Up @@ -401,7 +400,7 @@ def check_authorization(self, action):
given_acls = set(
filter_auth_ids(action, flask.g.token["context"]["user"]["projects"])
)
return len(self.authz & given_acls) > 0
return len(self.set_acls & given_acls) > 0

@login_required({"data"})
def delete_files(self, urls=None, delete_all=True):
Expand Down

0 comments on commit 1283bbb

Please sign in to comment.