Future<bool> authorize(const ACL::ShutdownFramework& request) { // TODO(gyliu513): Remove this shutdown_frameworks acl logic at the // end of the deprecation cycle on 0.27. foreach (const ACL::ShutdownFramework& acl, acls.shutdown_frameworks()) { // ACL matches if both subjects and objects match. if (matches(request.principals(), acl.principals()) && matches(request.framework_principals(), acl.framework_principals())) { // ACL is allowed if both subjects and objects are allowed. return allows(request.principals(), acl.principals()) && allows(request.framework_principals(), acl.framework_principals()); } } foreach (const ACL::TeardownFramework& acl, acls.teardown_frameworks()) { // ACL matches if both subjects and objects match. if (matches(request.principals(), acl.principals()) && matches(request.framework_principals(), acl.framework_principals())) { // ACL is allowed if both subjects and objects are allowed. return allows(request.principals(), acl.principals()) && allows(request.framework_principals(), acl.framework_principals()); } } return acls.permissive(); // None of the ACLs match. }
Future<bool> authorize(const ACL::ShutdownFramework& request) { foreach (const ACL::ShutdownFramework& acl, acls.shutdown_frameworks()) { // ACL matches if both subjects and objects match. if (matches(request.principals(), acl.principals()) && matches(request.framework_principals(), acl.framework_principals())) { // ACL is allowed if both subjects and objects are allowed. return allows(request.principals(), acl.principals()) && allows(request.framework_principals(), acl.framework_principals()); } } return acls.permissive(); // None of the ACLs match. }