From 63922167f47a8ed294d16f992ed0359da82950fc Mon Sep 17 00:00:00 2001 From: Ken Sipe Date: Fri, 22 Dec 2017 14:16:38 -0600 Subject: [PATCH] =?UTF-8?q?switching=20to=20contravariance=20for=20securit?= =?UTF-8?q?y=20of=20the=20plugin.=20resulting=20dis=E2=80=A6=20(#5840)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mesosphere/marathon/plugin/auth/AuthorizedAction.scala | 3 +-- src/main/scala/mesosphere/marathon/api/v2/GroupsResource.scala | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/plugin-interface/src/main/scala/mesosphere/marathon/plugin/auth/AuthorizedAction.scala b/plugin-interface/src/main/scala/mesosphere/marathon/plugin/auth/AuthorizedAction.scala index 156f79bfb96..3e24c318b03 100644 --- a/plugin-interface/src/main/scala/mesosphere/marathon/plugin/auth/AuthorizedAction.scala +++ b/plugin-interface/src/main/scala/mesosphere/marathon/plugin/auth/AuthorizedAction.scala @@ -8,7 +8,7 @@ import mesosphere.marathon.plugin.{ Group, RunSpec } * * @tparam R the type of the resource. */ -sealed trait AuthorizedAction[+R] +sealed trait AuthorizedAction[-R] /** * The following objects will be passed to the Authorizer when an action affects an application, in order to identify @@ -35,4 +35,3 @@ case object CreateResource extends AuthorizedAction[AuthorizedResource] case object UpdateResource extends AuthorizedAction[AuthorizedResource] case object DeleteResource extends AuthorizedAction[AuthorizedResource] case object ViewResource extends AuthorizedAction[AuthorizedResource] - diff --git a/src/main/scala/mesosphere/marathon/api/v2/GroupsResource.scala b/src/main/scala/mesosphere/marathon/api/v2/GroupsResource.scala index 1f9011b0a11..dae4d0fc5a0 100644 --- a/src/main/scala/mesosphere/marathon/api/v2/GroupsResource.scala +++ b/src/main/scala/mesosphere/marathon/api/v2/GroupsResource.scala @@ -277,7 +277,7 @@ class GroupsResource @Inject() ( val maybeExistingGroup = result(groupManager.group(group.id)) val updatedGroup = groupUpdate.apply(group, newVersion) - maybeExistingGroup.fold(checkAuthorization(CreateRunSpec, updatedGroup))(checkAuthorization(UpdateGroup, _)) + maybeExistingGroup.fold(checkAuthorization(CreateGroup, updatedGroup))(checkAuthorization(UpdateGroup, _)) rootGroup.putGroup(updatedGroup, newVersion) }