clay: respect the gang system #7038
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pkova
added a commit
to urbit/vere
that referenced
this pull request
Sep 6, 2024
[UIP-0120 HTTP Streaming](https://github.com/urbit/UIPs/blob/main/UIPS/UIP-0120.md) Resolves [#urbit/urbit7014](urbit/urbit#7014) requires eyre changes from urbit/urbit#7033 and clay gang changes from urbit/urbit#7038
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All vanes except clay respect the gang system since #6876. The gang is of type
(unit (set ship))and gets passed as an argument to the scry handler of every vane. A gang of~means "my identity is anybody, serve me only public data", a gang of[~ ~]means "I am root, give me all data", and a gang with a set of ships means that these ships are asking for the data. In other words the gang represents who is making the scry.This PR implements the gang system for clay. As with the other vanes the multiple scryers case is not implemented, but with this change
~,[~ ~]and[~dinleb-rambep ~ ~]work fine.I decided to make an extra permissions check if the gang is
~and otherwise leverage the existing clay permissions machinery. An alternative to having clay scry itself for permissions would be to change the type and semantics of thefor=(unit ship)argument in+averand elsewhere. Note that in the clay world aforof~means root user, a mismatch with the gang semantics.Thanks to @midden-fabler for noticing this when working on #7033.