From 20a470807f54ca8a247bb1734143597de7bbd585 Mon Sep 17 00:00:00 2001
From: Shivam Nagar <124123645+Shivam-nagar23@users.noreply.github.com>
Date: Mon, 14 Aug 2023 16:31:37 +0530
Subject: [PATCH] fix: rbac fix terminal connection on view and edit in helm
 apps (#3723)

* rbac-fix-terminal

* removed unnecessary code
---
 api/k8s/application/k8sApplicationRestHandler.go | 2 +-
 api/restHandler/app/BuildPipelineRestHandler.go  | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/api/k8s/application/k8sApplicationRestHandler.go b/api/k8s/application/k8sApplicationRestHandler.go
index ef5452ad1c9..caa50ae2ad1 100644
--- a/api/k8s/application/k8sApplicationRestHandler.go
+++ b/api/k8s/application/k8sApplicationRestHandler.go
@@ -694,7 +694,7 @@ func (handler *K8sApplicationRestHandlerImpl) GetTerminalSession(w http.Response
 	if resourceRequestBean.AppIdentifier != nil {
 		// RBAC enforcer applying For Helm App
 		rbacObject, rbacObject2 := handler.enforcerUtilHelm.GetHelmObjectByClusterIdNamespaceAndAppName(resourceRequestBean.AppIdentifier.ClusterId, resourceRequestBean.AppIdentifier.Namespace, resourceRequestBean.AppIdentifier.ReleaseName)
-		ok := handler.enforcer.Enforce(token, casbin.ResourceHelmApp, casbin.ActionUpdate, rbacObject) || handler.enforcer.Enforce(token, casbin.ResourceHelmApp, casbin.ActionUpdate, rbacObject2)
+		ok := handler.enforcer.Enforce(token, casbin.ResourceHelmApp, "*", rbacObject) || handler.enforcer.Enforce(token, casbin.ResourceHelmApp, "*", rbacObject2)
 
 		if !ok {
 			common.WriteJsonResp(w, errors2.New("unauthorized"), nil, http.StatusForbidden)
diff --git a/api/restHandler/app/BuildPipelineRestHandler.go b/api/restHandler/app/BuildPipelineRestHandler.go
index 38e1e94bc93..2908cf13dc4 100644
--- a/api/restHandler/app/BuildPipelineRestHandler.go
+++ b/api/restHandler/app/BuildPipelineRestHandler.go
@@ -541,13 +541,11 @@ func (handler PipelineConfigRestHandlerImpl) TriggerCiPipeline(w http.ResponseWr
 		cdPipelineRbacObjects[i] = envObject
 	}
 	envRbacResultMap := handler.enforcer.EnforceByEmailInBatch(userEmailId, casbin.ResourceEnvironment, casbin.ActionTrigger, cdPipelineRbacObjects)
-	i := 0
 	for _, rbacResultOk := range envRbacResultMap {
 		if !rbacResultOk {
 			common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
 			return
 		}
-		i++
 	}
 	//RBAC ENDS
 	response := make(map[string]string)