Merge pull request #2 from ChaseLEngel/permissions-fixup

Permissions fixup
hashicorp · Oct 14, 2016 · 404d30b · 404d30b
2 parents a433f41 + 6151526
commit 404d30b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 17 deletions.
diff --git a/vault/acl.go b/vault/acl.go
@@ -60,13 +60,13 @@ func NewACL(policies []*Policy) (*ACL, error) {
 
 			case pc.Permissions.CapabilitiesBitmap&DenyCapabilityInt > 0:
 				// If this new policy explicitly denies, only save the deny value
-				pc.Permissions.CapabilitesBitmap = DenyCapabilityInt
+				pc.Permissions.CapabilitiesBitmap = DenyCapabilityInt
 				tree.Insert(pc.Prefix, pc.Permissions)
 
 			default:
 				// Insert the capabilities in this new policy into the existing
 				// value
-				pc.Permissions.CapabilitesBitmap = existing | pc.Permissions.CapabilitesBitmap
+				pc.Permissions.CapabilitiesBitmap = existing | pc.Permissions.CapabilitiesBitmap
 				tree.Insert(pc.Prefix, pc.Permissions)
 			}
 		}
@@ -85,8 +85,8 @@ func (a *ACL) Capabilities(path string) (pathCapabilities []string) {
 	raw, ok := a.exactRules.Get(path)
 
 	if ok {
-		perm := raw.(Permissions)
-		capbilities := perm.CapabilitiesBitmap
+    perm := raw.(Permissions)
+    capabilities = perm.CapabilitiesBitmap
 		goto CHECK
 	}
 
@@ -95,8 +95,8 @@ func (a *ACL) Capabilities(path string) (pathCapabilities []string) {
 	if !ok {
 		return []string{DenyCapability}
 	} else {
-		perm := raw.(Permissions)
-		capbilities := perm.CapabilitiesBitmap
+    perm := raw.(Permissions)
+		capabilities = perm.CapabilitiesBitmap
 	}
 
 CHECK:
@@ -143,8 +143,8 @@ func (a *ACL) AllowOperation(op logical.Operation, path string) (allowed bool, s
 	///////////////////////////////////////////////////////////////////////////////////
 	// Parse Request and set variables to check on
 	///////////////////////////////////////////////////////////////////////////////////
-	op := req.Operation
-	path := req.Path
+	//op = req.Operation
+	//path = req.Path
 
 	// Help is always allowed
 	if op == logical.HelpOperation {

diff --git a/vault/policy.go b/vault/policy.go
@@ -56,22 +56,21 @@ type Policy struct {
 	Raw   string
 }
 
-type Permissions struct {
-	CapabilitiesBitmap uint32 `hcl:"-"`
-	AllowedParams      map[string]bool
-	DisallowedParams   map[string]bool
-}
-
 /*
  */
 // PathCapabilities represents a policy for a path in the namespace.
 type PathCapabilities struct {
 	Prefix       string
 	Policy       string
 	Capabilities []string
-	//CapabilitiesBitmap uint32 `hcl:"-"`
-	AclCapabilites *Permissions
-	Glob           bool
+	Permissions  *Permissions
+	Glob         bool
+}
+
+type Permissions struct {
+	CapabilitiesBitmap uint32 `hcl:"-"`
+	AllowedParams      map[string]bool
+	DisallowedParams   map[string]bool
 }
 
 // Parse is used to parse the specified ACL rules into an
@@ -118,6 +117,10 @@ func Parse(rules string) (*Policy, error) {
 func parsePaths(result *Policy, list *ast.ObjectList) error {
 	// specifically how can we access the key value pairs for
 	// permissions
+<<<<<<< HEAD
+  fmt.Println(list);
+=======
+>>>>>>> a433f41cfb5b15b98e662f10654cc56f8cba8fd9
 	paths := make([]*PathCapabilities, 0, len(list.Items))
 	for _, item := range list.Items {
 		key := "path"
@@ -167,6 +170,8 @@ func parsePaths(result *Policy, list *ast.ObjectList) error {
 			}
 		}
 
+    pc.Permissions = new(Permissions)
+
 		// Initialize the map
 		pc.Permissions.CapabilitiesBitmap = 0
 		for _, cap := range pc.Capabilities {