Skip to content

Commit

Permalink
feat: change permission or DescribeCluster to Read
Browse files Browse the repository at this point in the history
  • Loading branch information
jiaxuyang committed Jun 3, 2024
1 parent e03809a commit a93871a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
7 changes: 7 additions & 0 deletions service/frontend/templates/accesscontrolled.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ import (
{{$permissionMap = set $permissionMap "RefreshWorkflowTasks" "PermissionWrite"}}
{{$permissionMap = set $permissionMap "UpdateDomain" "PermissionAdmin"}}

{{$adminPermissionMap := dict }}
{{$adminPermissionMap = set $adminPermissionMap "DescribeCluster" "PermissionRead"}}

{{$nonDomainAuthAPIs := list "RegisterDomain" "DescribeDomain" "UpdateDomain" "DeprecateDomain" "ListDomains" "GetSearchAttributes" "GetClusterInfo" "RecordActivityTaskHeartbeat" "RespondActivityTaskCanceled" "RespondActivityTaskCompleted" "RespondActivityTaskFailed" "RespondDecisionTaskCompleted" "RespondDecisionTaskFailed" "RespondQueryTaskCompleted"}}
{{$taskListAuthAPIs := list "PollForActivityTask" "PollForDecisionTask"}}
{{$workflowTypeAuthAPIs := list "SignalWithStartWorkflowExecution" "StartWorkflowExecution"}}
Expand Down Expand Up @@ -92,7 +95,11 @@ func (a *{{$decorator}}) {{$method.Declaration}} {
attr := &authorization.Attributes{
APIName: "{{$method.Name}}",
{{- if eq $interfaceType "admin.Handler"}}
{{- if hasKey $adminPermissionMap $method.Name}}
Permission: authorization.{{get $adminPermissionMap $method.Name}},
{{- else}}
Permission: authorization.PermissionAdmin,
{{- end}}
{{- else if hasKey $permissionMap $method.Name}}
Permission: authorization.{{get $permissionMap $method.Name}},
{{- end}}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit a93871a

Please sign in to comment.