projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
20862: Merge branch 'main' into 20862-google-api-client
[arvados.git]
/
services
/
ws
/
permission.go
diff --git
a/services/ws/permission.go
b/services/ws/permission.go
index 78158b12a1921748d46bfe579ded1d3ed1c5982e..f71ca61167dc70d7dded2623e6edfde6c1f3cb7c 100644
(file)
--- a/
services/ws/permission.go
+++ b/
services/ws/permission.go
@@
-24,10
+24,10
@@
type permChecker interface {
Check(ctx context.Context, uuid string) (bool, error)
}
Check(ctx context.Context, uuid string) (bool, error)
}
-func newPermChecker(ac arvados.Client) permChecker {
- ac.AuthToken = ""
+func newPermChecker(ac *arvados.Client) permChecker {
return &cachingPermChecker{
return &cachingPermChecker{
- Client: &ac,
+ ac: ac,
+ token: "-",
cache: make(map[string]cacheEnt),
maxCurrent: 16,
}
cache: make(map[string]cacheEnt),
maxCurrent: 16,
}
@@
-39,7
+39,8
@@
type cacheEnt struct {
}
type cachingPermChecker struct {
}
type cachingPermChecker struct {
- *arvados.Client
+ ac *arvados.Client
+ token string
cache map[string]cacheEnt
maxCurrent int
cache map[string]cacheEnt
maxCurrent int
@@
-49,17
+50,17
@@
type cachingPermChecker struct {
}
func (pc *cachingPermChecker) SetToken(token string) {
}
func (pc *cachingPermChecker) SetToken(token string) {
- if pc.
Client.AuthT
oken == token {
+ if pc.
t
oken == token {
return
}
return
}
- pc.
Client.AuthT
oken = token
+ pc.
t
oken = token
pc.cache = make(map[string]cacheEnt)
}
func (pc *cachingPermChecker) Check(ctx context.Context, uuid string) (bool, error) {
pc.nChecks++
logger := ctxlog.FromContext(ctx).
pc.cache = make(map[string]cacheEnt)
}
func (pc *cachingPermChecker) Check(ctx context.Context, uuid string) (bool, error) {
pc.nChecks++
logger := ctxlog.FromContext(ctx).
- WithField("token", pc.
Client.AuthT
oken).
+ WithField("token", pc.
t
oken).
WithField("uuid", uuid)
pc.tidy()
now := time.Now()
WithField("uuid", uuid)
pc.tidy()
now := time.Now()
@@
-67,17
+68,19
@@
func (pc *cachingPermChecker) Check(ctx context.Context, uuid string) (bool, err
logger.WithField("allowed", perm.allowed).Debug("cache hit")
return perm.allowed, nil
}
logger.WithField("allowed", perm.allowed).Debug("cache hit")
return perm.allowed, nil
}
- var buf map[string]interface{}
- path, err := pc.PathForUUID("get", uuid)
+
+ path, err := pc.
ac.
PathForUUID("get", uuid)
if err != nil {
pc.nInvalid++
return false, err
}
pc.nMisses++
if err != nil {
pc.nInvalid++
return false, err
}
pc.nMisses++
- ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(time.Minute))
+ ctx = arvados.ContextWithAuthorization(ctx, "Bearer "+pc.token)
+ ctx, cancel := context.WithDeadline(ctx, time.Now().Add(time.Minute))
defer cancel()
defer cancel()
- err = pc.RequestAndDecodeContext(ctx, &buf, "GET", path, nil, url.Values{
+ var buf map[string]interface{}
+ err = pc.ac.RequestAndDecodeContext(ctx, &buf, "GET", path, nil, url.Values{
"include_trash": {"true"},
"select": {`["uuid"]`},
})
"include_trash": {"true"},
"select": {`["uuid"]`},
})
@@
-88,6
+91,9
@@
func (pc *cachingPermChecker) Check(ctx context.Context, uuid string) (bool, err
} else if txErr, ok := err.(*arvados.TransactionError); ok && pc.isNotAllowed(txErr.StatusCode) {
allowed = false
} else {
} else if txErr, ok := err.(*arvados.TransactionError); ok && pc.isNotAllowed(txErr.StatusCode) {
allowed = false
} else {
+ // If "context deadline exceeded", "client
+ // disconnected", HTTP 5xx, network error, etc., don't
+ // cache the result.
logger.WithError(err).Error("lookup error")
return false, err
}
logger.WithError(err).Error("lookup error")
return false, err
}