Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #5590 from xiang90/user

auth: add getuser
Xiang Li 9 years ago
parent
3e057129e2 c6496dcff6
commit
4d56f54898
1 changed files with 32 additions and 43 deletions
Split View Show Diff Stats
  1. 32 43
      auth/store.go

+ 32 - 43
auth/store.go
View File 

@@ -194,9 +194,9 @@ func (as *authStore) UserAdd(r *pb.AuthUserAddRequest) (*pb.AuthUserAddResponse,
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0)
 
-	if len(vs) != 0 {
 
-		return &pb.AuthUserAddResponse{}, ErrUserAlreadyExist
 
+	user := getUser(tx, r.Name)
 
+	if user != nil {
 
+		return nil, ErrUserAlreadyExist
 
 	}
 
 
 	newUser := authpb.User{
 
@@ -222,9 +222,9 @@ func (as *authStore) UserDelete(r *pb.AuthUserDeleteRequest) (*pb.AuthUserDelete
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0)
 
-	if len(vs) != 1 {
 
-		return &pb.AuthUserDeleteResponse{}, ErrUserNotFound
 
+	user := getUser(tx, r.Name)
 
+	if user == nil {
 
+		return nil, ErrUserNotFound
 
 	}
 
 
 	tx.UnsafeDelete(authUsersBucketName, []byte(r.Name))
 
@@ -247,9 +247,9 @@ func (as *authStore) UserChangePassword(r *pb.AuthUserChangePasswordRequest) (*p
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0)
 
-	if len(vs) != 1 {
 
-		return &pb.AuthUserChangePasswordResponse{}, ErrUserNotFound
 
+	user := getUser(tx, r.Name)
 
+	if user == nil {
 
+		return nil, ErrUserNotFound
 
 	}
 
 
 	updatedUser := authpb.User{
 
@@ -275,18 +275,12 @@ func (as *authStore) UserGrantRole(r *pb.AuthUserGrantRoleRequest) (*pb.AuthUser
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.User), nil, 0)
 
-	if len(vs) != 1 {
 
+	user := getUser(tx, r.User)
 
+	if user == nil {
 
 		return nil, ErrUserNotFound
 
 	}
 
 
-	user := &authpb.User{}
 
-	err := user.Unmarshal(vs[0])
 
-	if err != nil {
 
-		return nil, err
 
-	}
 
-
 
-	_, vs = tx.UnsafeRange(authRolesBucketName, []byte(r.Role), nil, 0)
 
+	_, vs := tx.UnsafeRange(authRolesBucketName, []byte(r.Role), nil, 0)
 
 	if len(vs) != 1 {
 
 		return nil, ErrRoleNotFound
 
 	}
 
@@ -316,17 +310,11 @@ func (as *authStore) UserGet(r *pb.AuthUserGetRequest) (*pb.AuthUserGetResponse,
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0)
 
-	if len(vs) != 1 {
 
+	user := getUser(tx, r.Name)
 
+	if user == nil {
 
 		return nil, ErrUserNotFound
 
 	}
 
 
-	user := &authpb.User{}
 
-	err := user.Unmarshal(vs[0])
 
-	if err != nil {
 
-		return nil, err
 
-	}
 
-
 
 	var resp pb.AuthUserGetResponse
 
 	for _, role := range user.Roles {
 
 		resp.Roles = append(resp.Roles, role)
 
@@ -340,17 +328,11 @@ func (as *authStore) UserRevokeRole(r *pb.AuthUserRevokeRoleRequest) (*pb.AuthUs
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(r.Name), nil, 0)
 
-	if len(vs) != 1 {
 
+	user := getUser(tx, r.Name)
 
+	if user == nil {
 
 		return nil, ErrUserNotFound
 
 	}
 
 
-	user := &authpb.User{}
 
-	err := user.Unmarshal(vs[0])
 
-	if err != nil {
 
-		return nil, err
 
-	}
 
-
 
 	updatedUser := &authpb.User{}
 
 	updatedUser.Name = user.Name
 
 	updatedUser.Password = user.Password
 
@@ -579,19 +561,12 @@ func (as *authStore) isOpPermitted(userName string, key string, write bool, read
 
 	tx.Lock()
 
 	defer tx.Unlock()
 
 
-	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(userName), nil, 0)
 
-	if len(vs) != 1 {
 
+	user := getUser(tx, userName)
 
+	if user == nil {
 
 		plog.Errorf("invalid user name %s for permission checking", userName)
 
 		return false
 
 	}
 
 
-	user := &authpb.User{}
 
-	err := user.Unmarshal(vs[0])
 
-	if err != nil {
 
-		plog.Errorf("failed to unmarshal user struct (name: %s): %s", userName, err)
 
-		return false
 
-	}
 
-
 
 	for _, roleName := range user.Roles {
 
 		_, vs := tx.UnsafeRange(authRolesBucketName, []byte(roleName), nil, 0)
 
 		if len(vs) != 1 {
 
@@ -634,6 +609,20 @@ func (as *authStore) IsRangePermitted(header *pb.RequestHeader, key string) bool
 
 	return as.isOpPermitted(header.Username, key, false, true)
 
 }
 
 
+func getUser(tx backend.BatchTx, username string) *authpb.User {
 
+	_, vs := tx.UnsafeRange(authUsersBucketName, []byte(username), nil, 0)
 
+	if len(vs) == 0 {
 
+		return nil
 
+	}
 
+
 
+	user := &authpb.User{}
 
+	err := user.Unmarshal(vs[0])
 
+	if err != nil {
 
+		plog.Panicf("failed to unmarshal user struct (name: %s): %s", username, err)
 
+	}
 
+	return user
 
+}
 
+
 
 func (as *authStore) isAuthEnabled() bool {
 
 	as.enabledMu.RLock()
 
 	defer as.enabledMu.RUnlock()