-
Notifications
You must be signed in to change notification settings - Fork 802
/
test_detail.go
73 lines (60 loc) · 2.25 KB
/
test_detail.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/*
Copyright 2021 The KodeRover Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package handler
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/koderover/zadig/v2/pkg/types"
"github.com/koderover/zadig/v2/pkg/microservice/aslan/core/workflow/testing/service"
internalhandler "github.com/koderover/zadig/v2/pkg/shared/handler"
)
func ListDetailTestModules(c *gin.Context) {
ctx, err := internalhandler.NewContextWithAuthorization(c)
defer func() { internalhandler.JSONResponse(c, ctx) }()
if err != nil {
ctx.Err = fmt.Errorf("authorization Info Generation failed: err %s", err)
ctx.UnAuthorized = true
return
}
projectKey := c.Query("projectName")
// TODO: Authorization leak
// this API is sometimes used in edit workflow scenario, thus giving the edit workflow permission
// authorization check
if !ctx.Resources.IsSystemAdmin {
authorized := false
if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
// first check if the user is projectAdmin
if projectAuthInfo.IsProjectAdmin {
authorized = true
} else if projectAuthInfo.Test.View {
// then check if the user has view test permission
authorized = true
} else if projectAuthInfo.Workflow.Edit ||
projectAuthInfo.Workflow.Create {
// then check if user has edit workflow permission
authorized = true
} else {
// finally check if the permission is given by collaboration mode
collaborationAuthorized, err := internalhandler.CheckPermissionGivenByCollaborationMode(ctx.UserID, projectKey, types.ResourceTypeWorkflow, types.WorkflowActionEdit)
if err == nil {
authorized = collaborationAuthorized
}
}
}
if !authorized {
ctx.UnAuthorized = true
return
}
}
ctx.Resp, ctx.Err = service.ListTestingDetails(projectKey, ctx.Logger)
}