fix(auth): use init to read envvar once (#19314)

* chore: remove logging * fix(auth): use init to read envvar once * chore: re-add logging
2020-08-12 16:51:31 -04:00 · 2020-08-12 16:51:31 -04:00 · 6bbb2a18f2
parent 2c8b5f5bd4
commit 6bbb2a18f2
1 changed files with 15 additions and 2 deletions
--- a/authz.go
+++ b/authz.go
@ -219,9 +219,15 @@ type Permission struct {
 	Resource Resource `json:"resource"`
 }

+var newMatchBehavior bool
+
+func init() {
+	_, newMatchBehavior = os.LookupEnv("MATCHER_BEHAVIOR")
+}
+
 // Matches returns whether or not one permission matches the other.
 func (p Permission) Matches(perm Permission) bool {
-	if _, set := os.LookupEnv("MATCHER_BEHAVIOR"); set {
+	if newMatchBehavior {
 		return p.matchesV2(perm)
 	}
 	return p.matchesV1(perm)
@ -242,7 +248,7 @@ func (p Permission) matchesV1(perm Permission) bool {

 	if p.Resource.OrgID != nil && perm.Resource.OrgID != nil && p.Resource.ID != nil && perm.Resource.ID != nil {
 		if *p.Resource.OrgID != *perm.Resource.OrgID && *p.Resource.ID == *perm.Resource.ID {
-			fmt.Printf("Old match used: p.Resource.OrgID=%s perm.Resource.OrgID=%s p.Resource.ID=%s",
+			fmt.Printf("v1: old match used: p.Resource.OrgID=%s perm.Resource.OrgID=%s p.Resource.ID=%s",
 				*p.Resource.OrgID, *perm.Resource.OrgID, *p.Resource.ID)
 		}
 	}
@ -283,6 +289,13 @@ func (p Permission) matchesV2(perm Permission) bool {
 		return true
 	}

+	if p.Resource.OrgID != nil && perm.Resource.OrgID != nil && p.Resource.ID != nil && perm.Resource.ID != nil {
+		if *p.Resource.OrgID != *perm.Resource.OrgID && *p.Resource.ID == *perm.Resource.ID {
+			fmt.Printf("v2: old match used: p.Resource.OrgID=%s perm.Resource.OrgID=%s p.Resource.ID=%s",
+				*p.Resource.OrgID, *perm.Resource.OrgID, *p.Resource.ID)
+		}
+	}
+
 	if p.Resource.OrgID != nil {
 		if perm.Resource.OrgID != nil {
 			if *p.Resource.OrgID == *perm.Resource.OrgID {