-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v13] Fix authorization rules to the Assistant and UserPreferences service #29961
Commits on Aug 2, 2023
-
"Add authorization rules to the Assistant and UserPreferences service"
This commit introduces authorization rules into the Assistant service to restrict operations based on the authenticated user's role permissions. Now each method in the Assistant service checks if the authenticated user has necessary permissions to perform the requested operation. The permissions are checked via defined RBAC rules. A user requires specific permissions to perform various operations such as creating a conversation, updating a conversation, fetching a user's conversations, deleting a conversation, and adding a message to a conversation. Also, even if a user has necessary permissions, they cannot perform operations for a different user. Each user can only access their own data.
Configuration menu - View commit details
-
Copy full SHA for 541fa6b - Browse repository at this point
Copy the full SHA 541fa6bView commit details -
Configuration menu - View commit details
-
Copy full SHA for adaaf20 - Browse repository at this point
Copy the full SHA adaaf20View commit details -
"Refactor user preferences request handling"
This commit refactors how GetUserPreferences and UpsertUserPreferences handle requests. The `username` field is removed from request parameters. Instead of having the client send the user's username in a request, the server now automatically uses the username of the authenticated user making the request. This change improves the security by preventing a user from attempting to fetch or manipulate another user's preferences. Removed tests were specifically testing the old, insecure behavior.
Configuration menu - View commit details
-
Copy full SHA for b48c414 - Browse repository at this point
Copy the full SHA b48c414View commit details -
Refactor to use authz.HasBuiltinRole
Refactored code in the 'auth_with_roles.go' file to use 'authz.HasBuiltinRole' instead of 'HasBuiltinRole'. This change is in line with recommended practices for deprecation and makes the code more standard and easier to manage. The original 'HasBuiltinRole' function is marked as deprecated and will be removed in future once 'teleport.e' is updated to use 'authz.HasBuiltinRole'.
Configuration menu - View commit details
-
Copy full SHA for d62eff5 - Browse repository at this point
Copy the full SHA d62eff5View commit details -
Configuration menu - View commit details
-
Copy full SHA for c104386 - Browse repository at this point
Copy the full SHA c104386View commit details -
Configuration menu - View commit details
-
Copy full SHA for 04d2aaa - Browse repository at this point
Copy the full SHA 04d2aaaView commit details -
Add local user permissions checks in authz
This commit introduces two new methods in permissions.go to check if a user is a local user, and if a given action is performed by a local user. These permission checks are then used to replace existing checks in service.go, when performing actions like creating conversation, updating, listing, etc. This simplifies checks and provides a more consolidated and unified method for verifying user actions.
Configuration menu - View commit details
-
Copy full SHA for d483ad6 - Browse repository at this point
Copy the full SHA d483ad6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2815f84 - Browse repository at this point
Copy the full SHA 2815f84View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9cffecc - Browse repository at this point
Copy the full SHA 9cffeccView commit details -
Configuration menu - View commit details
-
Copy full SHA for 883a58b - Browse repository at this point
Copy the full SHA 883a58bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9478535 - Browse repository at this point
Copy the full SHA 9478535View commit details -
Configuration menu - View commit details
-
Copy full SHA for f52f53b - Browse repository at this point
Copy the full SHA f52f53bView commit details -
Apply suggestions from code review
Co-authored-by: Brian Joerger <bjoerger@goteleport.com>
Configuration menu - View commit details
-
Copy full SHA for 2ef61fb - Browse repository at this point
Copy the full SHA 2ef61fbView commit details