noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve permission checking efficiency

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2019-10-03 18:48:13 +01:00
parent cfe0b0c192
commit 6a236b27b2
3 changed files with 21 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
db/check.go
View file

@ -139,15 +139,6 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) {
return true, nil return true, nil
} }
// If this document is being created
// for the first time, then allow this
// check, and recheck after the fields
// have been merged into the document.
if met == _CREATE && !d.current.Exists("id") {
return true, nil
}
// If we are authenticated using DB, NS, // If we are authenticated using DB, NS,
// or KV permissions level, then we can // or KV permissions level, then we can
// ignore all permissions checks, but we // ignore all permissions checks, but we
@ -157,6 +148,15 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) {
return true, nil return true, nil
} }
// If this document is being created
// for the first time, then allow this
// check, and recheck after the fields
// have been merged into the document.
if met == _CREATE && !d.current.Exists("id") {
return true, nil
}
// Otherwise, get the table definition // Otherwise, get the table definition
// so we can check if the permissions // so we can check if the permissions
// allow us to view this document. // allow us to view this document.

8
db/perms.go
View file

@ -33,6 +33,14 @@ func (d *document) perms(ctx context.Context, doc *data.Doc) (err error) {
return nil return nil
} }
// If we are authenticated using DB, NS,
// or KV permissions level, then we can
// ignore all permissions checks.
if perm(ctx) < cnf.AuthSC {
return nil
}
// Get the field definitions so we can // Get the field definitions so we can
// check if the permissions allow us // check if the permissions allow us
// to view each field. // to view each field.

13
db/yield.go
View file

@ -17,7 +17,6 @@ package db
import ( import (
"context" "context"
"github.com/abcum/surreal/cnf"
"github.com/abcum/surreal/sql" "github.com/abcum/surreal/sql"
"github.com/abcum/surreal/util/data" "github.com/abcum/surreal/util/data"
"github.com/abcum/surreal/util/diff" "github.com/abcum/surreal/util/diff"
@ -35,10 +34,8 @@ func (d *document) cold(ctx context.Context) (doc *data.Doc, err error) {
// NS, or KV level, then we need to check // NS, or KV level, then we need to check
// document permissions for this query. // document permissions for this query.
if perm(ctx) == cnf.AuthSC { if err = d.perms(ctx, doc); err != nil {
if err = d.perms(ctx, doc); err != nil { return nil, err
return nil, err
}
} }
return return
@ -57,10 +54,8 @@ func (d *document) cnow(ctx context.Context) (doc *data.Doc, err error) {
// NS, or KV level, then we need to check // NS, or KV level, then we need to check
// document permissions for this query. // document permissions for this query.
if perm(ctx) == cnf.AuthSC { if err = d.perms(ctx, doc); err != nil {
if err = d.perms(ctx, doc); err != nil { return nil, err
return nil, err
}
} }
return return