bundles: Require and provide an authproof for opening

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs
index 3a80418abb922b5c4ad620baad936090a461cb93..40479d0f62ba4b7c9bf95202745d60985c0b224f 100644 (file)
--- a/daemon/cmdlistener.rs
+++ b/daemon/cmdlistener.rs
@@ -253,9 +253,10 @@ fn execute_and_respond<R,W>(cs: &mut CommandStreamData, cmd: MgmtCommand,
       let ag = AccountsGuard::lock();
       let gref = Instance::lookup_by_name_unauth(&game)?;
       let mut igu = gref.lock()?;
-      let (ig, _) = cs.check_acl(&ag, &mut igu, PCH::Instance,
+      let (ig, auth) = cs.check_acl(&ag, &mut igu, PCH::Instance,
                                      TP_ACCESS_BUNDLES)?;
-      let f = id.open(&ig.name)?.ok_or_else(|| ME::BundleNotFound)?;
+      let f = id.open(&ig.name,auth.bundles())?
+        .ok_or_else(|| ME::BundleNotFound)?;
       bulk_download = Some(Box::new(f));
       Fine
     }

diff --git a/src/bundles.rs b/src/bundles.rs
index 2bf9aa994a1f337f0eadee28507212560de9fd1b..57db87fd12c3aff807f4294562abcb180d269e5d 100644 (file)
--- a/src/bundles.rs
+++ b/src/bundles.rs
@@ -51,6 +51,10 @@ const BUNDLES_MAX: Index = Index(64);
 #[derive(Serialize,Deserialize)]
 pub struct Id { pub index: Index, pub kind: Kind, }
 
+impl Authorisation<InstanceName> {
+  pub fn bundles(self) -> Authorisation<Id> { self.therefore_ok() }
+}
+
 #[derive(Debug,Clone)]
 pub struct InstanceBundles {
   // todo: this vec is needed during loading only!
@@ -118,7 +122,8 @@ impl Id {
   }
 
   #[throws(IE)]
-  pub fn open(&self, instance_name: &InstanceName) -> Option<fs::File> {
+  pub fn open(&self, instance_name: &InstanceName,
+              _: Authorisation<Id>) -> Option<fs::File> {
     let path = self.path(instance_name);
     match File::open(&path) {
       Ok(f) => Some(f),