New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent alerts to be sent to users who don't have access to the related service #3134
Prevent alerts to be sent to users who don't have access to the related service #3134
Conversation
Looks good and works as expected, but I am wondering - would it make sense to move the check to |
Good question, @mayorova. |
Yep, I am not sure whether there would be any benefit in splitting it between the two files (_member and _admin). So let's keep it where it is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks nice!
I have one concern though. Do our users have the use case of a monitoring user that is not allowed to use the APIs? Because such use cases would be broken.
I'm not saying it makes sense. Just asking.
This is interesting @akostadinov and MAYBE 3Scale supports that already. If it's something used at all, I guess Product would be able to answer us. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I only request the commits are rebased properly as discussed
@josemigallas My plan was actually to Squash and merge this PR, as I've been doing. Is it really a blocker for this PR not to have the 2 commits as suggested? |
…ss to the related service
972db04
to
be44278
Compare
Force pushed in order to have 2 commits: One for the fix and another one for the Rubocop warnings, as per #3134 (comment) |
What this PR does / why we need it:
This PR updates how we grant the permission to
:show AlertRelatedEvent
s. Right now, any provider on an account has this permission, even though they might not have permissions for a service the alert refers to. With this PR, we're adding a check on service level to prevent the issue reported on the linked ticket.Which issue(s) this PR fixes
fixes THREESCALE-6318
Verification steps
Verification steps copied from the linked ticket:
Special notes for your reviewer:
To test this, I ended-up having to run
Events.async_fetch_backend_events!
on a Rails console to force System to fetch the alert event from Apisonator. This might be happening due to a misconfiguration on my local environment but, just for the sake of sharing, I wanted to add this note to the PR.