Giters

mozilla / mig

Distributed & real time digital forensics at the speed of the cloud

Home Page:http://mig.mozilla.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Permission map with one entry per module ACL

ameihm0912 opened this issue · comments

commented

The ACL type is defined as a list of Permissions:

mig/acl.go

Lines 14 to 22 in d1f33f2

type ACL []Permission
type Permission map[string]struct {
MinimumWeight int
Investigators map[string]struct {
Fingerprint string
Weight int
}
}

In a permission, the key is the module name, and the value of the entry is the ACL configuration for that particular module.

In the ACL verification code, the function walks over the list of permissions, assuming they have been defined as a map with one key, where the key is the module name.

mig/action.go

Lines 387 to 391 in d1f33f2

for _, permission := range acl {
for permName, _ := range permission {
if permName == operation.Module {
return verifyPermission(operation, permName, permission, fingerprints)
}

Should this be defined simply as a map, since we should only have one ACL entry for each module anyway? In the example agent configuration, permissions are a slice of maps where each map only has one key.