MG-1955 - Update Bootstrap service access control #2199

JeffMboya · 2024-04-25T11:04:47Z

What type of PR is this?

This PR is a bug fix.

What does this do?

This PR ensures that users can only view bootstrap configurations of the things within their current domain. It also allows domain members with appropriate permissions to view configurations for things within the domain, regardless of who created the configuration.

Which issue(s) does this PR fix/relate to?

Resolves Update Bootstrap service access control #1955
Related to Consume Things connect event in Bootstrap #2142

Have you included tests for your changes?

Yes, tests have been included in this PR.

Did you document any new/modified feature?

No new features were documented in this PR.

bootstrap/postgres/init.go

bootstrap/configs.go

bootstrap/postgres/configs.go

bootstrap/postgres/init.go

bootstrap/service.go

arvindh123 · 2024-05-20T11:23:22Z

bootstrap/service.go

+	for _, channel := range cfg.Channels {
+		if channel.ID == "" || channel.ID == "invalid" {
+			return Config{}, svcerr.ErrMalformedEntity
+		}
+	}


This can be moved to API layer

arvindh123 · 2024-05-20T11:26:44Z

bootstrap/service.go

+		return Config{}, errors.Wrap(svcerr.ErrViewEntity, err)
+	}
+
+	if thing.DomainID != user.GetDomainId() {


How this case will be possible?
Is there way to add to a thing which is not belongs same domain of user?

arvindh123 · 2024-05-20T12:01:47Z

bootstrap/service.go

 	if err != nil {
 		return errors.Wrap(svcerr.ErrAuthentication, err)
 	}
+	_, err = bs.authorize(ctx, "", auth.UserType, auth.UsersKind, user.GetId(), auth.EditPermission, auth.DomainType, user.GetDomainId())


@JeffMboya Why we are checking the user have edit access to Domain ?

bootstrap/api/endpoint.go

bootstrap/service.go

bootstrap/postgres/configs.go

bootstrap/service.go

bootstrap/api/requests_test.go

bootstrap/service.go

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

JeffMboya changed the title ~~MG-1955 - Implement domains access control~~ MG-1955 - Bootstrap service is not synced to the latest changes of access control Apr 25, 2024

JeffMboya force-pushed the MG-1955 branch 2 times, most recently from 955c48b to 36871a7 Compare April 30, 2024 07:40

rodneyosodo requested changes Apr 30, 2024

View reviewed changes

bootstrap/postgres/init.go Outdated Show resolved Hide resolved

JeffMboya force-pushed the MG-1955 branch from 19333a1 to b722f52 Compare April 30, 2024 12:53

JeffMboya self-assigned this May 2, 2024

JeffMboya force-pushed the MG-1955 branch 3 times, most recently from a419da6 to 1fbba5b Compare May 6, 2024 08:17

JeffMboya marked this pull request as ready for review May 7, 2024 07:36

JeffMboya force-pushed the MG-1955 branch 2 times, most recently from 1c41e02 to d51ce36 Compare May 8, 2024 08:13

rodneyosodo requested changes May 8, 2024

View reviewed changes

bootstrap/configs.go Outdated Show resolved Hide resolved

bootstrap/configs.go Outdated Show resolved Hide resolved

bootstrap/postgres/configs.go Outdated Show resolved Hide resolved

bootstrap/postgres/init.go Show resolved Hide resolved

bootstrap/service.go Outdated Show resolved Hide resolved

JeffMboya force-pushed the MG-1955 branch 5 times, most recently from 26959ac to 2080e0a Compare May 16, 2024 09:38

JeffMboya force-pushed the MG-1955 branch 2 times, most recently from c43e6eb to 87c7b95 Compare May 20, 2024 11:59

arvindh123 requested changes May 20, 2024

View reviewed changes

arvindh123 force-pushed the MG-1955 branch from 517275a to 2d66e7c Compare May 20, 2024 13:26

JeffMboya force-pushed the MG-1955 branch from 13ed215 to cd96b97 Compare May 21, 2024 08:33

rodneyosodo requested changes May 21, 2024

View reviewed changes

JeffMboya force-pushed the MG-1955 branch 3 times, most recently from cf44a0a to 7fb4b09 Compare May 21, 2024 17:43

rodneyosodo requested a review from nyagamunene May 22, 2024 10:19

JeffMboya force-pushed the MG-1955 branch from 7fb4b09 to 7f0278b Compare May 22, 2024 18:16

rodneyosodo requested changes May 23, 2024

View reviewed changes

JeffMboya added 23 commits July 9, 2024 11:45

fix: failing test

07c2324

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

fix: failing test

188582a

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: remove call to channelsByThing method

5d0c571

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

fix: failing tests

ee62d3e

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

fix: failing tests

bee3eda

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

fix: replace owner with domainID; remove ErrNotFound on disconnect Thing

d470a0f

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: update column names in PostgreSQL queries

32dd3f6

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor PostgreSQL configurations and error handling

3cfa4db

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: commit transactions outside defer method

54fcb59

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

fix: failing tests

7375f14

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

fix: failing tests

f32b97a

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor PostgreSQL queries to handle non-admin users

aedcac1

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: remove unused columns from PostgreSQL tables

9b65334

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: remove unused columns from PostgreSQL tables

c3f04c2

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: fix failing tests

41da6b4

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: Update connections table and queries to use domain_id

217cd71

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: add DomainID to connectionChannels function

1a7a908

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: rename retrieveAll

3ed76f1

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: Fix query construction to handle cases with no filters

1f8850b

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: Update domain field name in Client struct

d652159

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: Update bootstrap service to use existing channels

372f63e

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: Update bootstrap service to use existing channels

040d3d2

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

refactor: revert changes to add

c921709

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

dborovcanin force-pushed the MG-1955 branch from c14e68c to c921709 Compare July 9, 2024 09:45

arvindh123 previously approved these changes Jul 9, 2024

View reviewed changes

JeffMboya dismissed arvindh123’s stale review via bed4ac3 July 9, 2024 10:31

JeffMboya force-pushed the MG-1955 branch from bed4ac3 to c921709 Compare July 9, 2024 10:34

dborovcanin approved these changes Jul 9, 2024

View reviewed changes

dborovcanin merged commit b49a2cd into absmach:main Jul 9, 2024
11 of 12 checks passed

dborovcanin changed the title ~~MG-1955 - Bootstrap service is not synced to the latest changes of access control~~ MG-1955 - Update Bootstrap service access control Jul 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MG-1955 - Update Bootstrap service access control #2199

MG-1955 - Update Bootstrap service access control #2199

JeffMboya commented Apr 25, 2024 •

edited

Loading

arvindh123 May 20, 2024

arvindh123 May 20, 2024

arvindh123 May 20, 2024

MG-1955 - Update Bootstrap service access control #2199

MG-1955 - Update Bootstrap service access control #2199

Conversation

JeffMboya commented Apr 25, 2024 • edited Loading

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified feature?

arvindh123 May 20, 2024

Choose a reason for hiding this comment

arvindh123 May 20, 2024

Choose a reason for hiding this comment

arvindh123 May 20, 2024

Choose a reason for hiding this comment

JeffMboya commented Apr 25, 2024 •

edited

Loading