Added user level RBACs, updated swagger json (#4118)

* Added user level RBACs in auth APIs Signed-off-by: Saranya-jena <saranya.jena@harness.io> * Updated required parameters in api responses in swagger Signed-off-by: Saranya-jena <saranya.jena@harness.io> * minor change in swagger Signed-off-by: Saranya-jena <saranya.jena@harness.io> * minor change in swagger Signed-off-by: Saranya-jena <saranya.jena@harness.io> * minor change in swagger Signed-off-by: Saranya-jena <saranya.jena@harness.io> --------- Signed-off-by: Saranya-jena <saranya.jena@harness.io> Co-authored-by: Hrishav <hrishav.kumar@harness.io>
litmuschaos · Aug 11, 2023 · 8e1b602 · 8e1b602
1 parent aa8e9a3
commit 8e1b602
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/chaoscenter/authentication/api/handlers/rest/user_handlers.go b/chaoscenter/authentication/api/handlers/rest/user_handlers.go
@@ -127,6 +127,12 @@ func GetUser(service services.ApplicationService) gin.HandlerFunc {
 
 func FetchUsers(service services.ApplicationService) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		userRole := c.MustGet("role").(string)
+
+		if entities.Role(userRole) != entities.RoleAdmin {
+			c.AbortWithStatusJSON(utils.ErrorStatusCodes[utils.ErrUnauthorized], presenter.CreateErrorResponse(utils.ErrUnauthorized))
+			return
+		}
 		users, err := service.GetUsers()
 		if err != nil {
 			log.Error(err)
@@ -295,6 +301,13 @@ func UpdatePassword(service services.ApplicationService) gin.HandlerFunc {
 
 func ResetPassword(service services.ApplicationService) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		userRole := c.MustGet("role").(string)
+
+		if entities.Role(userRole) != entities.RoleAdmin {
+			c.AbortWithStatusJSON(utils.ErrorStatusCodes[utils.ErrUnauthorized], presenter.CreateErrorResponse(utils.ErrUnauthorized))
+			return
+		}
+
 		var userPasswordRequest entities.UserPassword
 		err := c.BindJSON(&userPasswordRequest)
 		if err != nil {
@@ -338,6 +351,14 @@ func ResetPassword(service services.ApplicationService) gin.HandlerFunc {
 
 func UpdateUserState(service services.ApplicationService) gin.HandlerFunc {
 	return func(c *gin.Context) {
+
+		userRole := c.MustGet("role").(string)
+
+		if entities.Role(userRole) != entities.RoleAdmin {
+			c.AbortWithStatusJSON(utils.ErrorStatusCodes[utils.ErrUnauthorized], presenter.CreateErrorResponse(utils.ErrUnauthorized))
+			return
+		}
+
 		var userRequest entities.UpdateUserState
 		err := c.BindJSON(&userRequest)
 		if err != nil {

diff --git a/chaoscenter/authentication/pkg/user/repository.go b/chaoscenter/authentication/pkg/user/repository.go
@@ -236,10 +236,12 @@ func (r repository) UpdateUserState(username string, isDeactivate bool, deactiva
 	if isDeactivate {
 		_, err = r.Collection.UpdateOne(context.Background(), bson.M{"username": username}, bson.M{"$set": bson.M{
 			"deactivated_at": deactivateTime,
+			"is_removed":     true,
 		}})
 	} else {
 		_, err = r.Collection.UpdateOne(context.Background(), bson.M{"username": username}, bson.M{"$set": bson.M{
 			"deactivated_at": nil,
+			"is_removed":     false,
 		}})
 	}
 

diff --git a/mkdocs/docs/auth/v3.0.0/auth-api.json b/mkdocs/docs/auth/v3.0.0/auth-api.json
@@ -1170,6 +1170,13 @@
     },
     "LoginResponse": {
       "type": "object",
+      "required": [
+        "accessToken",
+        "expiresIn",
+        "projectID",
+        "projectRole",
+        "type"
+      ],
       "properties": {
         "accessToken": {
           "type": "string"
@@ -1204,6 +1211,7 @@
     },
     "User": {
       "type": "object",
+      "required": ["userID", "username", "role", "isRemoved"],
       "properties": {
         "userID": {
           "type": "string"
@@ -1245,6 +1253,7 @@
     },
     "ProjectMember": {
       "type": "object",
+      "required": ["userID", "username", "invitation", "role"],
       "properties": {
         "userID": {
           "type": "string"
@@ -1273,6 +1282,12 @@
     },
     "GetInvitationResponse": {
       "type": "object",
+      "required": [
+        "projectID",
+        "projectName",
+        "invitationRole",
+        "projectOwner"
+      ],
       "properties": {
         "projectName": {
           "type": "string"
@@ -1291,6 +1306,7 @@
     },
     "Project": {
       "type": "object",
+      "required": ["projectID", "name", "members"],
       "properties": {
         "updatedBy": {
           "$ref": "#/definitions/ActionBy"