ducky/devices
ducky/devices/vendor/github.com/pborman/uuid/dce.go
Validate device creation. Update our uuid package to the latest, which is now based on the GitHub fork instead of the Google Code. Also, update our api package to its latest version, which now needs the pqarrays package as a dependency. We fleshed out the validateDeviceCreation. We now pass in the scopes we have (for broad access control) and the user ID (for fine-grained access control). This helper returns the first error it encounters, though it should probably return a slice so we can return multiple errors all at once. Before we even decode the request to create a Device, let's check if the user is even logged in. If we can't ascertain that or they're not, there's no point in even consuming the memory necessary to read the request, because we know we're not going to use it anyways. Finally actually validate the devices we're creating, and return an appropriate error for each error we can get. Also, the api.CheckScopes helper function now takes the scopes passed in as a string slice, and we have an api.GetScopes helper function to retrieve the scopes associated with the request. Let's not keep parsing that. We need two new scopes to control access for device creation; ScopeImport lets users import devices in and is pretty much admin access. ScopeCreateOtherUserDevices allows a user to create Devices that are owned by another user.
| paddy@0 | 1 // Copyright 2011 Google Inc. All rights reserved. |
| paddy@0 | 2 // Use of this source code is governed by a BSD-style |
| paddy@0 | 3 // license that can be found in the LICENSE file. |
| paddy@0 | 4 |
| paddy@0 | 5 package uuid |
| paddy@0 | 6 |
| paddy@0 | 7 import ( |
| paddy@0 | 8 "encoding/binary" |
| paddy@0 | 9 "fmt" |
| paddy@0 | 10 "os" |
| paddy@0 | 11 ) |
| paddy@0 | 12 |
| paddy@0 | 13 // A Domain represents a Version 2 domain |
| paddy@0 | 14 type Domain byte |
| paddy@0 | 15 |
| paddy@0 | 16 // Domain constants for DCE Security (Version 2) UUIDs. |
| paddy@0 | 17 const ( |
| paddy@0 | 18 Person = Domain(0) |
| paddy@0 | 19 Group = Domain(1) |
| paddy@0 | 20 Org = Domain(2) |
| paddy@0 | 21 ) |
| paddy@0 | 22 |
| paddy@0 | 23 // NewDCESecurity returns a DCE Security (Version 2) UUID. |
| paddy@0 | 24 // |
| paddy@0 | 25 // The domain should be one of Person, Group or Org. |
| paddy@0 | 26 // On a POSIX system the id should be the users UID for the Person |
| paddy@0 | 27 // domain and the users GID for the Group. The meaning of id for |
| paddy@0 | 28 // the domain Org or on non-POSIX systems is site defined. |
| paddy@0 | 29 // |
| paddy@0 | 30 // For a given domain/id pair the same token may be returned for up to |
| paddy@0 | 31 // 7 minutes and 10 seconds. |
| paddy@0 | 32 func NewDCESecurity(domain Domain, id uint32) UUID { |
| paddy@0 | 33 uuid := NewUUID() |
| paddy@0 | 34 if uuid != nil { |
| paddy@0 | 35 uuid[6] = (uuid[6] & 0x0f) | 0x20 // Version 2 |
| paddy@0 | 36 uuid[9] = byte(domain) |
| paddy@0 | 37 binary.BigEndian.PutUint32(uuid[0:], id) |
| paddy@0 | 38 } |
| paddy@0 | 39 return uuid |
| paddy@0 | 40 } |
| paddy@0 | 41 |
| paddy@0 | 42 // NewDCEPerson returns a DCE Security (Version 2) UUID in the person |
| paddy@0 | 43 // domain with the id returned by os.Getuid. |
| paddy@0 | 44 // |
| paddy@0 | 45 // NewDCEPerson(Person, uint32(os.Getuid())) |
| paddy@0 | 46 func NewDCEPerson() UUID { |
| paddy@0 | 47 return NewDCESecurity(Person, uint32(os.Getuid())) |
| paddy@0 | 48 } |
| paddy@0 | 49 |
| paddy@0 | 50 // NewDCEGroup returns a DCE Security (Version 2) UUID in the group |
| paddy@0 | 51 // domain with the id returned by os.Getgid. |
| paddy@0 | 52 // |
| paddy@0 | 53 // NewDCEGroup(Group, uint32(os.Getgid())) |
| paddy@0 | 54 func NewDCEGroup() UUID { |
| paddy@0 | 55 return NewDCESecurity(Group, uint32(os.Getgid())) |
| paddy@0 | 56 } |
| paddy@0 | 57 |
| paddy@0 | 58 // Domain returns the domain for a Version 2 UUID or false. |
| paddy@0 | 59 func (uuid UUID) Domain() (Domain, bool) { |
| paddy@0 | 60 if v, _ := uuid.Version(); v != 2 { |
| paddy@0 | 61 return 0, false |
| paddy@0 | 62 } |
| paddy@0 | 63 return Domain(uuid[9]), true |
| paddy@0 | 64 } |
| paddy@0 | 65 |
| paddy@0 | 66 // Id returns the id for a Version 2 UUID or false. |
| paddy@0 | 67 func (uuid UUID) Id() (uint32, bool) { |
| paddy@0 | 68 if v, _ := uuid.Version(); v != 2 { |
| paddy@0 | 69 return 0, false |
| paddy@0 | 70 } |
| paddy@0 | 71 return binary.BigEndian.Uint32(uuid[0:4]), true |
| paddy@0 | 72 } |
| paddy@0 | 73 |
| paddy@0 | 74 func (d Domain) String() string { |
| paddy@0 | 75 switch d { |
| paddy@0 | 76 case Person: |
| paddy@0 | 77 return "Person" |
| paddy@0 | 78 case Group: |
| paddy@0 | 79 return "Group" |
| paddy@0 | 80 case Org: |
| paddy@0 | 81 return "Org" |
| paddy@0 | 82 } |
| paddy@0 | 83 return fmt.Sprintf("Domain%d", int(d)) |
| paddy@0 | 84 } |