diff options
author | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-04-11 18:58:56 +0200 |
---|---|---|
committer | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-04-23 20:52:02 +0200 |
commit | 22b82abcd27834e43426f2758fba5728c146be61 (patch) | |
tree | 0ff8d542a0a1baf4bcfbecbc92a43455680d3671 /lib/puppet/rails | |
parent | 15abe1709aa52bb45fe228139f4c0352dc8905df (diff) | |
download | puppet-22b82abcd27834e43426f2758fba5728c146be61.tar.gz puppet-22b82abcd27834e43426f2758fba5728c146be61.tar.xz puppet-22b82abcd27834e43426f2758fba5728c146be61.zip |
Add dynamic authorization to authstore
The idea is to have allow/deny authorization directives
that are dynamic: their evaluation is deferred until
we perform the authorization checking in allowed?.
This is done to allow replacing backreferences in allow/deny
directives by parameters of the match that selected this right.
For instance, it is possible to:
allow $1.$2
And using Right::interpolate() with the result of a regex match
using 2 captures, will evaluate $1.$2 to those captures.
For instance, if we captured [host, reductivelabs.com], then the
allow directive is replaced by:
allow host.reductivelabs.com
It is then safe to call allowed?, after which we can reset the
interpolation.
This interpolation is thread-safe.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
authconfig regex support
Diffstat (limited to 'lib/puppet/rails')
0 files changed, 0 insertions, 0 deletions