Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added necessary rbacs for invite_users and get_project_members API #4697

Merged
merged 7 commits into from
Jun 24, 2024
Merged

Added necessary rbacs for invite_users and get_project_members API #4697

merged 7 commits into from
Jun 24, 2024

Conversation

Saranya-jena
Copy link
Contributor

@Saranya-jena Saranya-jena commented Jun 10, 2024
edited
Loading

Proposed changes

Summarize your changes here to communicate with the maintainers and make sure to put the link of that issue

  • Added necessary rbacs for invite_users and get_project_members API: User should either be admin or part of the project to fetch the details.

Types of changes

What types of changes does your code introduce to Litmus? Put an x in the boxes that apply

  • New feature (non-breaking change which adds functionality)
  • Bugfix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Update (if none of the other choices applies)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have read the CONTRIBUTING doc
  • I have signed the commit for DCO to be passed.
  • Lint and unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works (if appropriate)
  • I have added necessary documentation (if appropriate)

Dependency

  • Please add the links to the dependent PR need to be merged before this (if any).

Special notes for your reviewer:

@Saranya-jena
Added necessary rbacs for invite_users and get_project_members API
8d3a16b 
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
@Saranya-jena Saranya-jena self-assigned this Jun 10, 2024
@Saranya-jena
fixed imports
4811d8f 
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
SarthakJain26
SarthakJain26 requested changes Jun 10, 2024
View reviewed changes
chaoscenter/authentication/api/handlers/rest/project_handler.go Outdated
@@ -186,6 +186,15 @@ func GetActiveProjectMembers(service services.ApplicationService) gin.HandlerFun
return func(c *gin.Context) {
projectID := c.Param("project_id")
state := c.Param("state")
err := validations.RbacValidator(c.MustGet("uid").(string), projectID,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add one more check here, if the user has admin role, then user can view the information.

@Saranya-jena
fixed UTs
fa79de4 
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
@Saranya-jena
fixed imports
31a4d27 
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
@Saranya-jena
fixed UTs
ee00989 
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
SarthakJain26
SarthakJain26 reviewed Jun 11, 2024
View reviewed changes
chaoscenter/authentication/api/handlers/rest/project_handler.go Outdated

err := validations.RbacValidator(c.MustGet("uid").(string), projectID,
validations.MutationRbacRules["getProject"], string(entities.AcceptedInvitation), service)
if err != nil {
if err != nil && entities.Role(userRole) != entities.RoleAdmin {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can add the admin check before doing RbacValidator check. If role is admin, then you dont need teh RbacValidator

@Saranya-jena
resolved review comments
571708b 
Signed-off-by: Saranya-jena <saranya.jena@harness.io>
@Saranya-jena Saranya-jena merged commit fc80010 into litmuschaos:master Jun 24, 2024
19 checks passed
andoriyaprashant pushed a commit to andoriyaprashant/litmus that referenced this pull request Sep 7, 2024
@Saranya-jena @andoriyaprashant
Added necessary rbacs for invite_users and get_project_members API (l…
98afb09 
…itmuschaos#4697)

* Added necessary rbacs for invite_users and get_project_members API

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed imports

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed UTs

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed imports

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed UTs

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* resolved review comments

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

---------

Signed-off-by: Saranya-jena <saranya.jena@harness.io>
Signed-off-by: andoriyaprashant <prashantandoriya@gmail.com>
andoriyaprashant pushed a commit to andoriyaprashant/litmus that referenced this pull request Sep 7, 2024
@Saranya-jena @andoriyaprashant
Added necessary rbacs for invite_users and get_project_members API (l…
fef51ac 
…itmuschaos#4697)

* Added necessary rbacs for invite_users and get_project_members API

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed imports

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed UTs

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed imports

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* fixed UTs

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

* resolved review comments

Signed-off-by: Saranya-jena <saranya.jena@harness.io>

---------

Signed-off-by: Saranya-jena <saranya.jena@harness.io>
Signed-off-by: andoriyaprashant <prashantandoriya@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SarthakJain26 SarthakJain26 SarthakJain26 approved these changes

@Jonsy13 Jonsy13 Jonsy13 approved these changes

@amityt amityt Awaiting requested review from amityt

Assignees

@Saranya-jena Saranya-jena

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Saranya-jena @Jonsy13 @SarthakJain26