style95 commented on a change in pull request #4058: URL: https://github.com/apache/openwhisk/pull/4058#discussion_r637705135
########## File path: core/controller/src/main/scala/org/apache/openwhisk/core/entitlement/Entitlement.scala ########## @@ -231,6 +234,157 @@ protected[core] abstract class EntitlementProvider( .getOrElse(Future.successful(())) } + /** + * Checks if action operation(get/write/execute) whether feasible + * + * @param operation the action operation, e.g. get/write/execute + * @param user the user who get/write/execute the action + * @param entityStore store to write the action to + * @param entityName entityName + * @param permissions the passed permission code + * @return a promise that completes with success iff action operation is feasible + */ + protected[core] def checkActionPermissions( + operation: String, + user: Identity, + entityStore: ArtifactStore[WhiskEntity], + entityName: FullyQualifiedEntityName, + get: (ArtifactStore[WhiskEntity], DocId, DocRevision, Boolean) => Future[WhiskAction], + permissions: Option[String] = None)(implicit transid: TransactionId): Future[Unit] = { + if (operation == "create") { + permissions + .map { value => + if (WhiskAction.permissionList.contains(value)) { + Future.successful(()) + } else { + val errorInfo = + s"give error permission code: ${value}, available permission is in ${WhiskAction.permissionList}" + Future.failed(RejectRequest(Forbidden, Some(ErrorResponse(errorInfo, transid)))) + } + } + .getOrElse(Future.successful(())) + } else if (operation == "update") { + get(entityStore, entityName.toDocId, DocRevision.empty, true) + .flatMap { whiskAction => + val currentPermissions = whiskAction.annotations + .get(WhiskAction.permissionsFieldName) Review comment: We can depend on permission data in DB rather than relying on action fields. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org