Improve permission checking efficiency
This commit is contained in:
Tobie Morgan Hitchcock
parent
cfe0b0c192
commit
6a236b27b2
3 changed files with 21 additions and 18 deletions
18
db/check.go
18
db/check.go
|
|
@ -139,15 +139,6 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) {
|
|||
return true, nil
|
||||
}
|
||||
|
||||
// If this document is being created
|
||||
// for the first time, then allow this
|
||||
// check, and recheck after the fields
|
||||
// have been merged into the document.
|
||||
|
||||
if met == _CREATE && !d.current.Exists("id") {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// If we are authenticated using DB, NS,
|
||||
// or KV permissions level, then we can
|
||||
// ignore all permissions checks, but we
|
||||
|
|
@ -157,6 +148,15 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) {
|
|||
return true, nil
|
||||
}
|
||||
|
||||
// If this document is being created
|
||||
// for the first time, then allow this
|
||||
// check, and recheck after the fields
|
||||
// have been merged into the document.
|
||||
|
||||
if met == _CREATE && !d.current.Exists("id") {
|
||||
return true, nil
|
||||
}
|
||||
|
||||
// Otherwise, get the table definition
|
||||
// so we can check if the permissions
|
||||
// allow us to view this document.
|
||||
|
|
|
|||
|
|
@ -33,6 +33,14 @@ func (d *document) perms(ctx context.Context, doc *data.Doc) (err error) {
|
|||
return nil
|
||||
}
|
||||
|
||||
// If we are authenticated using DB, NS,
|
||||
// or KV permissions level, then we can
|
||||
// ignore all permissions checks.
|
||||
|
||||
if perm(ctx) < cnf.AuthSC {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Get the field definitions so we can
|
||||
// check if the permissions allow us
|
||||
// to view each field.
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ package db
|
|||
import (
|
||||
"context"
|
||||
|
||||
"github.com/abcum/surreal/cnf"
|
||||
"github.com/abcum/surreal/sql"
|
||||
"github.com/abcum/surreal/util/data"
|
||||
"github.com/abcum/surreal/util/diff"
|
||||
|
|
@ -35,11 +34,9 @@ func (d *document) cold(ctx context.Context) (doc *data.Doc, err error) {
|
|||
// NS, or KV level, then we need to check
|
||||
// document permissions for this query.
|
||||
|
||||
if perm(ctx) == cnf.AuthSC {
|
||||
if err = d.perms(ctx, doc); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
|
||||
|
|
@ -57,11 +54,9 @@ func (d *document) cnow(ctx context.Context) (doc *data.Doc, err error) {
|
|||
// NS, or KV level, then we need to check
|
||||
// document permissions for this query.
|
||||
|
||||
if perm(ctx) == cnf.AuthSC {
|
||||
if err = d.perms(ctx, doc); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue