本文整理汇总了Golang中github.com/tsuru/tsuru/permission.Check函数的典型用法代码示例。如果您正苦于以下问题:Golang Check函数的具体用法?Golang Check怎么用?Golang Check使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了Check函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: listContainersHandler
func listContainersHandler(w http.ResponseWriter, r *http.Request, t auth.Token) error {
address := r.URL.Query().Get(":address")
if address != "" {
node, err := mainDockerProvisioner.Cluster().GetNode(address)
if err != nil {
return err
}
hasAccess := permission.Check(t, permission.PermNodeRead,
permission.Context(permission.CtxPool, node.Metadata["pool"]))
if !hasAccess {
return permission.ErrUnauthorized
}
containerList, err := mainDockerProvisioner.listContainersByHost(address)
if err != nil {
return err
}
return json.NewEncoder(w).Encode(containerList)
}
appName := r.URL.Query().Get(":appname")
a, err := app.GetByName(appName)
if err != nil {
return err
}
hasAccess := permission.Check(t, permission.PermNodeRead,
permission.Context(permission.CtxPool, a.Pool))
if !hasAccess {
return permission.ErrUnauthorized
}
containerList, err := mainDockerProvisioner.listContainersByApp(appName)
if err != nil {
return err
}
return json.NewEncoder(w).Encode(containerList)
}示例2: nodeHealingUpdate
func nodeHealingUpdate(w http.ResponseWriter, r *http.Request, t auth.Token) error {
err := r.ParseForm()
if err != nil {
return err
}
poolName := r.FormValue("pool")
if poolName == "" {
if !permission.Check(t, permission.PermHealingUpdate) {
return permission.ErrUnauthorized
}
} else {
if !permission.Check(t, permission.PermHealingUpdate,
permission.Context(permission.CtxPool, poolName)) {
return permission.ErrUnauthorized
}
}
var config healer.NodeHealerConfig
delete(r.Form, "pool")
dec := form.NewDecoder(nil)
dec.IgnoreUnknownKeys(true)
err = dec.DecodeValues(&config, r.Form)
if err != nil {
return err
}
return healer.UpdateConfig(poolName, config)
}示例3: nodeContainerUpgrade
func nodeContainerUpgrade(w http.ResponseWriter, r *http.Request, t auth.Token) error {
name := r.URL.Query().Get(":name")
poolName := r.FormValue("pool")
if poolName == "" {
if !permission.Check(t, permission.PermNodecontainerUpdateUpgrade) {
return permission.ErrUnauthorized
}
} else {
if !permission.Check(t, permission.PermNodecontainerUpdateUpgrade,
permission.Context(permission.CtxPool, poolName)) {
return permission.ErrUnauthorized
}
}
config, err := nodecontainer.LoadNodeContainer("", name)
if err != nil {
return err
}
err = config.ResetImage()
if err != nil {
return err
}
keepAliveWriter := tsuruIo.NewKeepAliveWriter(w, 15*time.Second, "")
defer keepAliveWriter.Stop()
writer := &tsuruIo.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
err = nodecontainer.RecreateContainers(mainDockerProvisioner, writer)
if err != nil {
writer.Encode(tsuruIo.SimpleJsonMessage{Error: err.Error()})
}
return nil
}示例4: logsConfigSetHandler
func logsConfigSetHandler(w http.ResponseWriter, r *http.Request, t auth.Token) error {
var requestData logsSetData
err := json.NewDecoder(r.Body).Decode(&requestData)
if err != nil {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: fmt.Sprintf("unable to parse body as json: %s", err),
}
}
requestConfig := requestData.Config
if len(requestConfig.Envs) > 0 && !permission.Check(t, permission.PermPoolUpdateLogs) {
return permission.ErrUnauthorized
}
for _, poolEnv := range requestConfig.Pools {
hasPermission := permission.Check(t, permission.PermPoolUpdateLogs,
permission.Context(permission.CtxPool, poolEnv.Name))
if !hasPermission {
return permission.ErrUnauthorized
}
}
dockerLog := container.DockerLog{}
err = dockerLog.Update(&requestConfig)
if err != nil {
return err
}
if requestData.Restart {
//TODO(cezarsa): restart containers
}
w.WriteHeader(http.StatusOK)
return nil
}示例5: addNodeHandler
// addNodeHandler can provide an machine and/or register a node address.
// If register flag is true, it will just register a node.
// It checks if node address is valid and accessible.
func addNodeHandler(w http.ResponseWriter, r *http.Request, t auth.Token) error {
params, err := unmarshal(r.Body)
if err != nil {
return err
}
if templateName, ok := params["template"]; ok {
params, err = iaas.ExpandTemplate(templateName)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
return json.NewEncoder(w).Encode(map[string]string{"error": err.Error()})
}
}
pool := params["pool"]
if pool == "" {
w.WriteHeader(http.StatusBadRequest)
return json.NewEncoder(w).Encode(map[string]string{"error": "pool is required"})
}
if !permission.Check(t, permission.PermNodeCreate, permission.Context(permission.CtxPool, pool)) {
return permission.ErrUnauthorized
}
isRegister, _ := strconv.ParseBool(r.URL.Query().Get("register"))
if !isRegister {
canCreateMachine := permission.Check(t, permission.PermMachineCreate,
permission.Context(permission.CtxIaaS, params["iaas"]))
if !canCreateMachine {
return permission.ErrUnauthorized
}
}
response, err := mainDockerProvisioner.addNodeForParams(params, isRegister)
if err != nil {
w.WriteHeader(http.StatusBadRequest)
response["error"] = err.Error()
}
return json.NewEncoder(w).Encode(response)
}示例6: roleInfo
// title: role info
// path: /roles/{name}
// method: GET
// produce: application/json
// responses:
// 200: OK
// 401: Unauthorized
// 404: Role not found
func roleInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !(permission.Check(t, permission.PermRoleUpdate) ||
permission.Check(t, permission.PermRoleUpdateAssign) ||
permission.Check(t, permission.PermRoleUpdateDissociate) ||
permission.Check(t, permission.PermRoleCreate) ||
permission.Check(t, permission.PermRoleDelete)) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
role, err := permission.FindRole(roleName)
if err == permission.ErrRoleNotFound {
return &errors.HTTP{
Code: http.StatusNotFound,
Message: err.Error(),
}
}
if err != nil {
return err
}
b, err := json.Marshal(role)
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")
_, err = w.Write(b)
return err
}示例7: nodeHealingDelete
func nodeHealingDelete(w http.ResponseWriter, r *http.Request, t auth.Token) error {
err := r.ParseForm()
if err != nil {
return err
}
poolName := r.FormValue("pool")
if poolName == "" {
if !permission.Check(t, permission.PermHealingUpdate) {
return permission.ErrUnauthorized
}
} else {
if !permission.Check(t, permission.PermHealingUpdate,
permission.Context(permission.CtxPool, poolName)) {
return permission.ErrUnauthorized
}
}
if len(r.Form["name"]) == 0 {
return healer.RemoveConfig(poolName, "")
}
for _, v := range r.Form["name"] {
err = healer.RemoveConfig(poolName, v)
if err != nil {
return err
}
}
return nil
}示例8: createServiceInstance
// title: service instance create
// path: /services/{service}/instances
// method: POST
// consume: application/x-www-form-urlencoded
// responses:
// 201: Service created
// 400: Invalid data
// 401: Unauthorized
// 409: Service already exists
func createServiceInstance(w http.ResponseWriter, r *http.Request, t auth.Token) error {
serviceName := r.URL.Query().Get(":service")
user, err := t.User()
if err != nil {
return err
}
srv, err := getService(serviceName)
if err != nil {
return err
}
instance := service.ServiceInstance{
Name: r.FormValue("name"),
PlanName: r.FormValue("plan"),
TeamOwner: r.FormValue("owner"),
Description: r.FormValue("description"),
}
var teamOwner string
if instance.TeamOwner == "" {
teamOwner, err = permission.TeamForPermission(t, permission.PermServiceInstanceCreate)
if err != nil {
return err
}
instance.TeamOwner = teamOwner
}
allowed := permission.Check(t, permission.PermServiceInstanceCreate,
permission.Context(permission.CtxTeam, instance.TeamOwner),
)
if !allowed {
return permission.ErrUnauthorized
}
if srv.IsRestricted {
allowed := permission.Check(t, permission.PermServiceRead,
append(permission.Contexts(permission.CtxTeam, srv.Teams),
permission.Context(permission.CtxService, srv.Name))...,
)
if !allowed {
return permission.ErrUnauthorized
}
}
rec.Log(user.Email, "create-service-instance", fmt.Sprintf("%#v", instance))
err = service.CreateServiceInstance(instance, &srv, user)
if err == service.ErrInstanceNameAlreadyExists {
return &errors.HTTP{
Code: http.StatusConflict,
Message: err.Error(),
}
}
if err == service.ErrInvalidInstanceName {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
if err == nil {
w.WriteHeader(http.StatusCreated)
}
return err
}示例9: bsEnvSetHandler
func bsEnvSetHandler(w http.ResponseWriter, r *http.Request, t auth.Token) error {
var requestConfig bs.Config
err := json.NewDecoder(r.Body).Decode(&requestConfig)
if err != nil {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: fmt.Sprintf("unable to parse body as json: %s", err),
}
}
if len(requestConfig.Envs) > 0 && !permission.Check(t, permission.PermNodeBs) {
return permission.ErrUnauthorized
}
for _, poolEnv := range requestConfig.Pools {
hasPermission := permission.Check(t, permission.PermNodeBs,
permission.Context(permission.CtxPool, poolEnv.Name))
if !hasPermission {
return permission.ErrUnauthorized
}
}
currentConfig, err := bs.LoadConfig(nil)
if err != nil {
if err != mgo.ErrNotFound {
return err
}
currentConfig = &bs.Config{}
}
envMap := bs.EnvMap{}
poolEnvMap := bs.PoolEnvMap{}
err = currentConfig.UpdateEnvMaps(envMap, poolEnvMap)
if err != nil {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
err = requestConfig.UpdateEnvMaps(envMap, poolEnvMap)
if err != nil {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
err = bs.SaveEnvs(envMap, poolEnvMap)
if err != nil {
return err
}
keepAliveWriter := tsuruIo.NewKeepAliveWriter(w, 15*time.Second, "")
defer keepAliveWriter.Stop()
writer := &tsuruIo.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
err = bs.RecreateContainers(mainDockerProvisioner, writer)
if err != nil {
writer.Encode(tsuruIo.SimpleJsonMessage{Error: err.Error()})
}
return nil
}示例10: updateNodeHandler
func updateNodeHandler(w http.ResponseWriter, r *http.Request, t auth.Token) error {
params, err := unmarshal(r.Body)
if err != nil {
return err
}
address, _ := params["address"]
if address == "" {
return &errors.HTTP{Code: http.StatusBadRequest, Message: "address is required"}
}
nodes, err := mainDockerProvisioner.Cluster().UnfilteredNodes()
if err != nil {
return err
}
var oldNode *cluster.Node
for i := range nodes {
if nodes[i].Address == address {
oldNode = &nodes[i]
break
}
}
oldPool, _ := oldNode.Metadata["pool"]
allowedOldPool := permission.Check(t, permission.PermNodeUpdate,
permission.Context(permission.CtxPool, oldPool),
)
if !allowedOldPool {
return permission.ErrUnauthorized
}
newPool, ok := params["pool"]
if ok {
allowedNewPool := permission.Check(t, permission.PermNodeUpdate,
permission.Context(permission.CtxPool, newPool),
)
if !allowedNewPool {
return permission.ErrUnauthorized
}
}
delete(params, "address")
node := cluster.Node{Address: address, Metadata: params}
disabled, _ := strconv.ParseBool(r.URL.Query().Get("disabled"))
enabled, _ := strconv.ParseBool(r.URL.Query().Get("enabled"))
if disabled && enabled {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: "You can't make a node enable and disable at the same time.",
}
}
if disabled {
node.CreationStatus = cluster.NodeCreationStatusDisabled
}
if enabled {
node.CreationStatus = cluster.NodeStatusReady
}
_, err = mainDockerProvisioner.Cluster().UpdateNode(node)
return err
}示例11: removeNodeHandler
// removeNodeHandler calls scheduler.Unregister to unregistering a node into it.
func removeNodeHandler(w http.ResponseWriter, r *http.Request, t auth.Token) error {
params, err := unmarshal(r.Body)
if err != nil {
return err
}
address, _ := params["address"]
if address == "" {
return fmt.Errorf("Node address is required.")
}
node, err := mainDockerProvisioner.Cluster().GetNode(address)
if err != nil {
return err
}
allowedNodeRemove := permission.Check(t, permission.PermNodeDelete,
permission.Context(permission.CtxPool, node.Metadata["pool"]),
)
if !allowedNodeRemove {
return permission.ErrUnauthorized
}
removeIaaS, _ := strconv.ParseBool(params["remove_iaas"])
if removeIaaS {
allowedIaasRemove := permission.Check(t, permission.PermMachineDelete,
permission.Context(permission.CtxIaaS, node.Metadata["iaas"]),
)
if !allowedIaasRemove {
return permission.ErrUnauthorized
}
}
node.CreationStatus = cluster.NodeCreationStatusDisabled
_, err = mainDockerProvisioner.Cluster().UpdateNode(node)
if err != nil {
return err
}
noRebalance, err := strconv.ParseBool(r.URL.Query().Get("no-rebalance"))
if !noRebalance {
err = mainDockerProvisioner.rebalanceContainersByHost(urlToHost(address), w)
if err != nil {
return err
}
}
err = mainDockerProvisioner.Cluster().Unregister(address)
if err != nil {
return err
}
if removeIaaS {
var m iaas.Machine
m, err = iaas.FindMachineByIdOrAddress(node.Metadata["iaas-id"], urlToHost(address))
if err != nil && err != mgo.ErrNotFound {
return err
}
return m.Destroy()
}
return nil
}示例12: listDefaultRoles
// title: list default roles
// path: /role/default
// method: GET
// produce: application/json
// responses:
// 200: Ok
// 401: Unauthorized
func listDefaultRoles(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleDefaultCreate) &&
!permission.Check(t, permission.PermRoleDefaultDelete) {
return permission.ErrUnauthorized
}
roles, err := permission.ListRolesWithEvents()
if err != nil {
return err
}
w.Header().Set("Content-Type", "application/json")
return json.NewEncoder(w).Encode(roles)
}示例13: bindServiceInstance
// title: bind service instance
// path: /services/{service}/instances/{instance}/{app}
// method: PUT
// consume: application/x-www-form-urlencoded
// produce: application/x-json-stream
// responses:
// 200: Ok
// 400: Invalid data
// 401: Unauthorized
// 404: App not found
func bindServiceInstance(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
instanceName := r.URL.Query().Get(":instance")
appName := r.URL.Query().Get(":app")
serviceName := r.URL.Query().Get(":service")
noRestart, _ := strconv.ParseBool(r.FormValue("noRestart"))
instance, a, err := getServiceInstance(serviceName, instanceName, appName)
if err != nil {
return err
}
allowed := permission.Check(t, permission.PermServiceInstanceUpdateBind,
append(permission.Contexts(permission.CtxTeam, instance.Teams),
permission.Context(permission.CtxServiceInstance, instance.Name),
)...,
)
if !allowed {
return permission.ErrUnauthorized
}
allowed = permission.Check(t, permission.PermAppUpdateBind,
contextsForApp(a)...,
)
if !allowed {
return permission.ErrUnauthorized
}
evt, err := event.New(&event.Opts{
Target: appTarget(appName),
Kind: permission.PermAppUpdateBind,
Owner: t,
CustomData: event.FormToCustomData(r.Form),
Allowed: event.Allowed(permission.PermAppReadEvents, contextsForApp(a)...),
})
if err != nil {
return err
}
defer func() { evt.Done(err) }()
w.Header().Set("Content-Type", "application/x-json-stream")
keepAliveWriter := tsuruIo.NewKeepAliveWriter(w, 30*time.Second, "")
defer keepAliveWriter.Stop()
writer := &tsuruIo.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
err = instance.BindApp(a, !noRestart, writer)
if err != nil {
return err
}
fmt.Fprintf(writer, "\nInstance %q is now bound to the app %q.\n", instanceName, appName)
envs := a.InstanceEnv(instanceName)
if len(envs) > 0 {
fmt.Fprintf(writer, "The following environment variables are available for use in your app:\n\n")
for k := range envs {
fmt.Fprintf(writer, "- %s\n", k)
}
fmt.Fprintf(writer, "- %s\n", app.TsuruServicesEnvVar)
}
return nil
}示例14: platformList
// title: platform list
// path: /platforms
// method: GET
// produce: application/json
// responses:
// 200: List platforms
// 204: No content
// 401: Unauthorized
func platformList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
canUsePlat := permission.Check(t, permission.PermPlatformUpdate) ||
permission.Check(t, permission.PermPlatformCreate)
platforms, err := app.Platforms(!canUsePlat)
if err != nil {
return err
}
if len(platforms) == 0 {
w.WriteHeader(http.StatusNoContent)
return nil
}
w.Header().Set("Content-Type", "application/json")
return json.NewEncoder(w).Encode(platforms)
}示例15: createServiceInstance
func createServiceInstance(w http.ResponseWriter, r *http.Request, t auth.Token) error {
b, err := ioutil.ReadAll(r.Body)
if err != nil {
return err
}
var body map[string]string
err = json.Unmarshal(b, &body)
if err != nil {
return err
}
serviceName := body["service_name"]
user, err := t.User()
if err != nil {
return err
}
srv, err := getService(serviceName)
if err != nil {
return err
}
instance := service.ServiceInstance{
Name: body["name"],
PlanName: body["plan"],
TeamOwner: body["owner"],
Description: body["description"],
}
if instance.TeamOwner == "" {
teamOwner, err := permission.TeamForPermission(t, permission.PermServiceInstanceCreate)
if err != nil {
return err
}
instance.TeamOwner = teamOwner
}
allowed := permission.Check(t, permission.PermServiceInstanceCreate,
permission.Context(permission.CtxTeam, instance.TeamOwner),
)
if !allowed {
return permission.ErrUnauthorized
}
if srv.IsRestricted {
allowed := permission.Check(t, permission.PermServiceRead,
append(permission.Contexts(permission.CtxTeam, srv.Teams),
permission.Context(permission.CtxService, srv.Name))...,
)
if !allowed {
return permission.ErrUnauthorized
}
}
rec.Log(user.Email, "create-service-instance", string(b))
return service.CreateServiceInstance(instance, &srv, user)
}