Added necessary rbacs for invite_users and get_project_members API

chaoscenter/authentication/api/handlers/rest/project_handler.go

@@ -84,14 +84,17 @@ func GetUserWithProject(service services.ApplicationService) gin.HandlerFunc {
 func GetProject(service services.ApplicationService) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		projectID := c.Param("project_id")
+		userRole := c.MustGet("role").(string)
 
-		err := validations.RbacValidator(c.MustGet("uid").(string), projectID,
-			validations.MutationRbacRules["getProject"], string(entities.AcceptedInvitation), service)
-		if err != nil {
-			log.Warn(err)
-			c.JSON(utils.ErrorStatusCodes[utils.ErrUnauthorized],
-				presenter.CreateErrorResponse(utils.ErrUnauthorized))
-			return
+		if userRole != string(entities.RoleAdmin) {
+			err := validations.RbacValidator(c.MustGet("uid").(string), projectID,
+				validations.MutationRbacRules["getProject"], string(entities.AcceptedInvitation), service)
+			if err != nil {
+				log.Warn(err)
+				c.JSON(utils.ErrorStatusCodes[utils.ErrUnauthorized],
+					presenter.CreateErrorResponse(utils.ErrUnauthorized))
+				return
+			}
 		}
 
 		project, err := service.GetProjectByProjectID(projectID)
@@ -186,6 +189,18 @@ func GetActiveProjectMembers(service services.ApplicationService) gin.HandlerFun
 	return func(c *gin.Context) {
 		projectID := c.Param("project_id")
 		state := c.Param("state")
+		role := c.MustGet("role").(string)
+		if role != string(entities.RoleAdmin) {
+			err := validations.RbacValidator(c.MustGet("uid").(string), projectID,
+				validations.MutationRbacRules["getProject"], string(entities.AcceptedInvitation), service)
+			if err != nil {
+				log.Warn(err)
+				c.JSON(utils.ErrorStatusCodes[utils.ErrUnauthorized],
+					presenter.CreateErrorResponse(utils.ErrUnauthorized))
+				return
+			}
+		}
+
 		members, err := service.GetProjectMembers(projectID, state)
 		if err != nil {
 			c.JSON(utils.ErrorStatusCodes[utils.ErrServerError], presenter.CreateErrorResponse(utils.ErrServerError))

chaoscenter/authentication/api/handlers/rest/project_handler_test.go

@@ -140,10 +140,11 @@ func TestGetProjectsByUserID(t *testing.T) {
 func TestGetProject(t *testing.T) {
 	gin.SetMode(gin.TestMode)
 	t.Run("unauthorized request to Project", func(t *testing.T) {
-		projectID := "testUserID"
+		projectID := "testProjectID"
 		w := httptest.NewRecorder()
 		ctx := GetTestGinContext(w)
 		ctx.Set("uid", projectID)
+		ctx.Set("role", string(entities.RoleUser))
 		service := new(mocks.MockedApplicationService)
 		project := &entities.Project{
 			ID:   "testProjectID",
@@ -166,6 +167,7 @@ func TestGetProject(t *testing.T) {
 		w := httptest.NewRecorder()
 		ctx := GetTestGinContext(w)
 		ctx.Set("uid", projectID)
+		ctx.Set("role", string(entities.RoleAdmin))
 		service := new(mocks.MockedApplicationService)
 		project := &entities.Project{
 			ID:   "testProjectID",

chaoscenter/authentication/api/handlers/rest/user_handlers.go

@@ -4,6 +4,8 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/validations"
+
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/api/presenter"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/entities"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/pkg/services"
@@ -219,6 +221,15 @@ func InviteUsers(service services.ApplicationService) gin.HandlerFunc {
 			c.JSON(utils.ErrorStatusCodes[utils.ErrInvalidRequest], presenter.CreateErrorResponse(utils.ErrInvalidRequest))
 			return
 		}
+		err := validations.RbacValidator(c.MustGet("uid").(string), projectID,
+			validations.MutationRbacRules["sendInvitation"], string(entities.AcceptedInvitation), service)
+		if err != nil {
+			log.Warn(err)
+			c.JSON(utils.ErrorStatusCodes[utils.ErrUnauthorized],
+				presenter.CreateErrorResponse(utils.ErrUnauthorized))
+			return
+		}
+
 		projectMembers, err := service.GetProjectMembers(projectID, "all")
 
 		var uids []string

chaoscenter/authentication/api/handlers/rest/user_handlers_test.go

@@ -13,6 +13,8 @@ import (
 	"strings"
 	"testing"
 
+	"go.mongodb.org/mongo-driver/bson/primitive"
+
 	"github.com/gin-gonic/gin"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/api/handlers/rest"
 	"github.com/litmuschaos/litmus/chaoscenter/authentication/api/mocks"
@@ -271,12 +273,62 @@ func TestInviteUsers(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			w := httptest.NewRecorder()
 			c, _ := gin.CreateTestContext(w)
+			c.Set("uid", tt.projectID)
 			c.Params = gin.Params{
 				{"project_id", tt.projectID},
 			}
-
+			user := &entities.User{
+				ID:   "testUserID",
+				Name: "Test User",
+			}
+			project := &entities.Project{
+				ID:   "testProjectID",
+				Name: "Test Project",
+			}
+			projects := []*entities.Project{
+				{
+					ID:   "testProjectID",
+					Name: "Test Project",
+				},
+			}
+			expectedFilter := primitive.D{
+				primitive.E{
+					Key:   "_id",
+					Value: tt.projectID,
+				},
+				primitive.E{
+					Key: "members",
+					Value: primitive.D{
+						primitive.E{
+							Key: "$elemMatch",
+							Value: primitive.D{
+								primitive.E{
+									Key:   "user_id",
+									Value: tt.projectID,
+								},
+								primitive.E{
+									Key: "role",
+									Value: primitive.D{
+										primitive.E{
+											Key:   "$in",
+											Value: []string{"Owner"},
+										},
+									},
+								},
+								primitive.E{
+									Key:   "invitation",
+									Value: "Accepted",
+								},
+							},
+						},
+					},
+				},
+			}
 			tt.given()
 
+			service.On("GetProjectByProjectID", "").Return(project, nil)
+			service.On("GetUser", tt.projectID).Return(user, nil)
+			service.On("GetProjects", expectedFilter).Return(projects, nil)
 			rest.InviteUsers(service)(c)
 
 			assert.Equal(t, tt.expectedCode, w.Code)

chaoscenter/graphql/server/go.mod

@@ -18,7 +18,6 @@ require (
 	github.com/litmuschaos/chaos-operator v0.0.0-20240601063404-e96a7ee7f1f7
 	github.com/litmuschaos/chaos-scheduler v0.0.0-20220714173615-d7513d616a71
 	github.com/mrz1836/go-sanitize v1.3.2
-	github.com/openshift/origin v0.0.0-20160503220234-8f127d736703
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.9.0

chaoscenter/graphql/server/go.sum

@@ -944,7 +944,6 @@ github.com/opencontainers/selinux v1.3.1-0.20190929122143-5215b1806f52/go.mod h1
 github.com/openebs/maya v1.12.1/go.mod h1:E9CmKbURtsthTyASz0piTxljLmGxjbaJ3aFhtWEko2Y=
 github.com/openshift/api v0.0.0-20190924102528-32369d4db2ad/go.mod h1:dh9o4Fs58gpFXGSYfnVxGR9PnV53I8TW84pQaJDdGiY=
 github.com/openshift/client-go v0.0.0-20190923180330-3b6373338c9b/go.mod h1:6rzn+JTr7+WYS2E1TExP4gByoABxMznR6y2SnUIkmxk=
-github.com/openshift/origin v0.0.0-20160503220234-8f127d736703 h1:KLVRXtjLhZHVtrcdnuefaI2Bf182EEiTfEVDHokoyng=
 github.com/openshift/origin v0.0.0-20160503220234-8f127d736703/go.mod h1:0Rox5r9C8aQn6j1oAOQ0c1uC86mYbUFObzjBRvUKHII=
 github.com/openshift/prom-label-proxy v0.1.1-0.20191016113035-b8153a7f39f1/go.mod h1:p5MuxzsYP1JPsNGwtjtcgRHHlGziCJJfztff91nNixw=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=

chaoscenter/graphql/server/server.go

@@ -11,7 +11,6 @@ import (
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb"
 	dbSchemaChaosHub "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb/chaos_hub"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/projects"
-	"github.com/openshift/origin/Godeps/_workspace/src/github.com/Sirupsen/logrus"
 
 	"context"
 	"fmt"
@@ -122,7 +121,7 @@ func main() {
 
 	enableIntrospection, err := strconv.ParseBool(utils.Config.EnableGQLIntrospection)
 	if err != nil {
-		logrus.Errorf("unable to parse boolean value %v", err)
+		log.Errorf("unable to parse boolean value %v", err)
 	} else if err == nil && enableIntrospection == true {
 		srv.Use(extension.Introspection{})
 	}