From 1c9b22ff42959f2024e43da3ce310e09f1907407 Mon Sep 17 00:00:00 2001 From: Ayan George Date: Wed, 15 Apr 2020 08:59:52 -0400 Subject: [PATCH] refactor(http): Simplify Authorizer (#17704) Have AuthorizerIsOpen() assert if a given authizer has an AuthorizeUnrestricted() method and if so, call that to provide the result of AuthorizerIsOpen(). Otherwise we check if the supplied Authorizer is nil. This preserves the fast-path for checking tag-level (and other) tsdb operations. This simplifies how we handle such authorizers by handling this case in only one place. --- query/executor.go | 3 +++ services/httpd/handler.go | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/query/executor.go b/query/executor.go index bd2fa3e75af..c961086c74b 100644 --- a/query/executor.go +++ b/query/executor.go @@ -111,6 +111,9 @@ func (a openAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { retu // function should be preferred over directly checking if an Authorizer is nil // or not. func AuthorizerIsOpen(a Authorizer) bool { + if u, ok := a.(interface{ AuthorizeUnrestricted() bool }); ok { + return u.AuthorizeUnrestricted() + } return a == nil || a == OpenAuthorizer } diff --git a/services/httpd/handler.go b/services/httpd/handler.go index b631cf52a60..5ea33f982c8 100644 --- a/services/httpd/handler.go +++ b/services/httpd/handler.go @@ -587,12 +587,8 @@ func (h *Handler) serveQuery(w http.ResponseWriter, r *http.Request, user meta.U } if h.Config.AuthEnabled { - if user != nil && user.AuthorizeUnrestricted() { - opts.Authorizer = query.OpenAuthorizer - } else { - // The current user determines the authorized actions. - opts.Authorizer = user - } + // The current user determines the authorized actions. + opts.Authorizer = user } else { // Auth is disabled, so allow everything. opts.Authorizer = query.OpenAuthorizer