projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
11652: Add "recursive" flag to groups#contents controller.
[arvados.git]
/
services
/
ws
/
permission.go
diff --git
a/services/ws/permission.go
b/services/ws/permission.go
index 30276e4f6fa8ca75d4eabfd7ddc7368a0082d800..8bfcfcb9e69cf1699b2f335e766dd71c636b733c 100644
(file)
--- a/
services/ws/permission.go
+++ b/
services/ws/permission.go
@@
-18,7
+18,7
@@
type permChecker interface {
Check(uuid string) (bool, error)
}
Check(uuid string) (bool, error)
}
-func
N
ewPermChecker(ac arvados.Client) permChecker {
+func
n
ewPermChecker(ac arvados.Client) permChecker {
ac.AuthToken = ""
return &cachingPermChecker{
Client: &ac,
ac.AuthToken = ""
return &cachingPermChecker{
Client: &ac,
@@
-36,13
+36,22
@@
type cachingPermChecker struct {
*arvados.Client
cache map[string]cacheEnt
maxCurrent int
*arvados.Client
cache map[string]cacheEnt
maxCurrent int
+
+ nChecks uint64
+ nMisses uint64
+ nInvalid uint64
}
func (pc *cachingPermChecker) SetToken(token string) {
}
func (pc *cachingPermChecker) SetToken(token string) {
+ if pc.Client.AuthToken == token {
+ return
+ }
pc.Client.AuthToken = token
pc.Client.AuthToken = token
+ pc.cache = make(map[string]cacheEnt)
}
func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
}
func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
+ pc.nChecks++
logger := logger(nil).
WithField("token", pc.Client.AuthToken).
WithField("uuid", uuid)
logger := logger(nil).
WithField("token", pc.Client.AuthToken).
WithField("uuid", uuid)
@@
-55,8
+64,11
@@
func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
var buf map[string]interface{}
path, err := pc.PathForUUID("get", uuid)
if err != nil {
var buf map[string]interface{}
path, err := pc.PathForUUID("get", uuid)
if err != nil {
+ pc.nInvalid++
return false, err
}
return false, err
}
+
+ pc.nMisses++
err = pc.RequestAndDecode(&buf, "GET", path, nil, url.Values{
"select": {`["uuid"]`},
})
err = pc.RequestAndDecode(&buf, "GET", path, nil, url.Values{
"select": {`["uuid"]`},
})
@@
-64,7
+76,7
@@
func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
var allowed bool
if err == nil {
allowed = true
var allowed bool
if err == nil {
allowed = true
- } else if txErr, ok := err.(*arvados.TransactionError); ok &&
txErr.StatusCode == http.StatusNotFound
{
+ } else if txErr, ok := err.(*arvados.TransactionError); ok &&
pc.isNotAllowed(txErr.StatusCode)
{
allowed = false
} else {
logger.WithError(err).Error("lookup error")
allowed = false
} else {
logger.WithError(err).Error("lookup error")
@@
-75,6
+87,15
@@
func (pc *cachingPermChecker) Check(uuid string) (bool, error) {
return allowed, nil
}
return allowed, nil
}
+func (pc *cachingPermChecker) isNotAllowed(status int) bool {
+ switch status {
+ case http.StatusForbidden, http.StatusUnauthorized, http.StatusNotFound:
+ return true
+ default:
+ return false
+ }
+}
+
func (pc *cachingPermChecker) tidy() {
if len(pc.cache) <= pc.maxCurrent*2 {
return
func (pc *cachingPermChecker) tidy() {
if len(pc.cache) <= pc.maxCurrent*2 {
return