extend permission attributes for service auth

cadence-workflow · Sep 10, 2021 · d1a3c11 · d1a3c11
1 parent e602b8c
commit d1a3c11
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 8 deletions.
diff --git a/common/authorization/authorizer.go b/common/authorization/authorizer.go
@@ -48,11 +48,12 @@ type (
 	// Attributes is input for authority to make decision.
 	// It can be extended in future if required auth on resources like WorkflowType and TaskList
 	Attributes struct {
-		Actor      string
-		APIName    string
-		DomainName string
-		TaskList   *types.TaskList
-		Permission Permission
+		Actor        string
+		APIName      string
+		DomainName   string
+		WorkflowType *types.WorkflowType
+		TaskList     *types.TaskList
+		Permission   Permission
 	}
 
 	// Result is result from authority.

diff --git a/service/frontend/accessControlledHandler.go b/service/frontend/accessControlledHandler.go
@@ -675,9 +675,10 @@ func (a *AccessControlledWorkflowHandler) StartWorkflowExecution(
 	scope := a.getMetricsScopeWithDomain(metrics.FrontendStartWorkflowExecutionScope, request)
 
 	attr := &authorization.Attributes{
-		APIName:    "StartWorkflowExecution",
-		DomainName: request.GetDomain(),
-		Permission: authorization.PermissionWrite,
+		APIName:      "StartWorkflowExecution",
+		DomainName:   request.GetDomain(),
+		Permission:   authorization.PermissionWrite,
+		WorkflowType: request.WorkflowType,
 	}
 	isAuthorized, err := a.isAuthorized(ctx, attr, scope)
 	if err != nil {