summaryrefslogtreecommitdiff
path: root/internal/server/handlers/readcommand_server.go
diff options
context:
space:
mode:
authorPaul Buetow <paul@buetow.org>2026-03-19 21:51:44 +0200
committerPaul Buetow <paul@buetow.org>2026-03-19 21:51:44 +0200
commit2ab8a24c188a2ba39424eb7925bc7ff3fb767bfb (patch)
tree0867a5d189d61a6e7f6ce4accea9868014a0fe7d /internal/server/handlers/readcommand_server.go
parent91296d85e8a6f1aca5beaeeecf648683c83c75bc (diff)
task 261: harden server reads with OpenRoot
Diffstat (limited to 'internal/server/handlers/readcommand_server.go')
-rw-r--r--internal/server/handlers/readcommand_server.go9
1 files changed, 5 insertions, 4 deletions
diff --git a/internal/server/handlers/readcommand_server.go b/internal/server/handlers/readcommand_server.go
index 8c3cb96..0f98a58 100644
--- a/internal/server/handlers/readcommand_server.go
+++ b/internal/server/handlers/readcommand_server.go
@@ -4,6 +4,7 @@ import (
"sync/atomic"
"time"
+ "github.com/mimecast/dtail/internal/io/fs"
"github.com/mimecast/dtail/internal/io/line"
"github.com/mimecast/dtail/internal/mapr/server"
)
@@ -13,7 +14,7 @@ type readCommandContext interface {
}
type readCommandFiles interface {
- CanReadFile(path string) bool
+ PrepareReadTarget(path string) (fs.ValidatedReadTarget, bool)
CatLimiter() chan struct{}
TailLimiter() chan struct{}
}
@@ -87,9 +88,9 @@ func (h *ServerHandler) SendServerMessage(message string) {
h.sendln(h.serverMessages, message)
}
-// CanReadFile reports whether the current user can read the given path.
-func (h *ServerHandler) CanReadFile(path string) bool {
- return h.user.HasFilePermission(path, "readfiles")
+// PrepareReadTarget validates the current user's access to the given path.
+func (h *ServerHandler) PrepareReadTarget(path string) (fs.ValidatedReadTarget, bool) {
+ return h.user.ValidateReadTarget(path, "readfiles")
}
// ServerMessagesChannel returns the server message channel.
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-09 07:14:02 +0000