6bb96074da
Currently the auth mechanism doesn't support permissions of range request. It just checks exact matching of key names even for range queries. This commit adds a mechanism for setting permission to range queries. Range queries are allowed if a range of the query is [begin1, end1) and the user has a permission of reading [begin2, range2) and [begin1, end2) is a subset of [begin2, range2). Range delete requests will follow the same rule. |
||
---|---|---|
.. | ||
auth.pb.go | ||
auth.proto |