syncbased: Read permissions from flags. If no flag exists, give the
local principal all permissions (Read, Write, Admin, Debug, Resolve).
Change-Id: Id483011ac540b7a5d38400c495c5b31535660ea6
diff --git a/services/syncbase/syncbased/main.go b/services/syncbase/syncbased/main.go
index 38ab2de..35f935a 100644
--- a/services/syncbase/syncbased/main.go
+++ b/services/syncbase/syncbased/main.go
@@ -12,10 +12,12 @@
"flag"
"v.io/v23"
+ "v.io/v23/security"
"v.io/v23/security/access"
"v.io/x/lib/vlog"
"v.io/syncbase/x/ref/services/syncbase/server"
+ "v.io/x/ref/lib/security/securityflag"
"v.io/x/ref/lib/signals"
_ "v.io/x/ref/runtime/factories/generic"
)
@@ -25,6 +27,18 @@
name = flag.String("name", "", "Name to mount at.")
)
+// defaultPerms returns a permissions object that grants all permissions to the
+// provided blessing patterns.
+func defaultPerms(blessingPatterns []security.BlessingPattern) access.Permissions {
+ perms := access.Permissions{}
+ for _, tag := range access.AllTypicalTags() {
+ for _, bp := range blessingPatterns {
+ perms.Add(bp, string(tag))
+ }
+ }
+ return perms
+}
+
func main() {
ctx, shutdown := v23.Init()
defer shutdown()
@@ -37,8 +51,19 @@
vlog.Fatal("s.Listen() failed: ", err)
}
- // TODO(sadovsky): Use a real Permissions.
- service, err := server.NewService(nil, nil, access.Permissions{})
+ perms, err := securityflag.PermissionsFromFlag()
+ if err != nil {
+ vlog.Fatal("securityflag.PermissionsFromFlag() failed: ", err)
+ }
+
+ if perms != nil {
+ vlog.Info("Using permissions from command line flag.")
+ } else {
+ vlog.Info("No permissions flag provided. Giving local principal all permissions.")
+ perms = defaultPerms(security.DefaultBlessingPatterns(v23.GetPrincipal(ctx)))
+ }
+
+ service, err := server.NewService(nil, nil, perms)
if err != nil {
vlog.Fatal("server.NewService() failed: ", err)
}
