func checkTxnAuth(as auth.AuthStore, ai *auth.AuthInfo, rt *pb.TxnRequest) error { for _, c := range rt.Compare { if err := as.IsRangePermitted(ai, c.Key, nil); err != nil { return err } } if err := checkTxnReqsPermission(as, ai, rt.Success); err != nil { return err } if err := checkTxnReqsPermission(as, ai, rt.Failure); err != nil { return err } return nil }
func checkTxnReqsPermission(as auth.AuthStore, ai *auth.AuthInfo, reqs []*pb.RequestOp) error { for _, requ := range reqs { switch tv := requ.Request.(type) { case *pb.RequestOp_RequestRange: if tv.RequestRange == nil { continue } if err := as.IsRangePermitted(ai, tv.RequestRange.Key, tv.RequestRange.RangeEnd); err != nil { return err } case *pb.RequestOp_RequestPut: if tv.RequestPut == nil { continue } if err := as.IsPutPermitted(ai, tv.RequestPut.Key); err != nil { return err } case *pb.RequestOp_RequestDeleteRange: if tv.RequestDeleteRange == nil { continue } if tv.RequestDeleteRange.PrevKv { err := as.IsRangePermitted(ai, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd) if err != nil { return err } } err := as.IsDeleteRangePermitted(ai, tv.RequestDeleteRange.Key, tv.RequestDeleteRange.RangeEnd) if err != nil { return err } } } return nil }