Google Git
Sign in
vanadium / release.go.x.ref / 491aa9635f0d83571c5c234eea352f1c8f4257ef
commit491aa9635f0d83571c5c234eea352f1c8f4257ef[log] [tgz]
authorAsim Shankar <ashankar@google.com>Fri Sep 11 14:01:58 2015 -0400
committerAsim Shankar <ashankar@google.com>Fri Sep 11 14:01:58 2015 -0400
tree2472628b49dbeb2f4e7b1195dd18c168bab7e183
parent1b055e4fa860bc227b05f66b0ef390ee1b965d87 [diff]
services/groups: Authorization fixes.

(1) NewManager was incorrectly using the default authorization policy
(by returning nil in Lookup), that is more restrictive and was
inconsistent with the intent specified in the comment. The result
of this was that no operations on the group server (i.e., any operation
on any group) was possible unless the client was a delegate of the
principal running the group server. Switched to security.AllowEveryone
to be consistent with the comment.

(2) Enable authorization checks on the creation operation - NewManager
is provided with an authorization policy for Create operations (via an
Authorizer implementation).

(3) Implement an experimental authorization policy for creates: Group
names must begin with the "user id" of the creator.

Change-Id: I3575b5b4d35dcdaa8da5e9b2997710ae1d618dac
4 files changed
tree: 2472628b49dbeb2f4e7b1195dd18c168bab7e183
  1. cmd/
  2. examples/
  3. internal/
  4. lib/
  5. runtime/
  6. services/
  7. test/
  8. .gitignore
  9. AUTHORS
  10. CONTRIBUTORS
  11. envvar.go
  12. envvar_test.go
  13. LICENSE
  14. PATENTS
  15. README.md
  16. VERSION
README.md

Vanadium

This repository contains a reference implementation of the Vanadium APIs.

Unlike the APIs in https://github.com/vanadium/go.v23, which promises to provide backward compatibility this repository makes no such promises.