ACL: ignore modules commands when adding categories.
We can't trust modules commands flagging, so module commands must be always explicitly added, with the exception of +@all that will include everything. However something like +@readonly should not include command from modules that may be potentially dangerous: our categories must be safe and reliable and modules may not be like that.
This commit is contained in:
parent
af8761e4f2
commit
d4890c20c1
@ -313,6 +313,7 @@ int ACLSetUserCommandBitsForCategory(user *u, const char *category, int value) {
|
|||||||
dictEntry *de;
|
dictEntry *de;
|
||||||
while ((de = dictNext(di)) != NULL) {
|
while ((de = dictNext(di)) != NULL) {
|
||||||
struct redisCommand *cmd = dictGetVal(de);
|
struct redisCommand *cmd = dictGetVal(de);
|
||||||
|
if (cmd->flags & CMD_MODULE) continue; /* Ignore modules commands. */
|
||||||
if (cmd->flags & cflag) {
|
if (cmd->flags & cflag) {
|
||||||
ACLSetUserCommandBit(u,cmd->id,value);
|
ACLSetUserCommandBit(u,cmd->id,value);
|
||||||
ACLResetSubcommandsForCommand(u,cmd->id);
|
ACLResetSubcommandsForCommand(u,cmd->id);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user