[management] permission manager validate account access #3444
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pnmcosta
force-pushed
the
refactor/permissions-account
branch
6 times, most recently
from
80cae4e to
17849b2
Compare
pnmcosta
force-pushed
the
refactor/permissions-account
branch
2 times, most recently
from
202df67 to
f8cf9d5
Compare
Collaborator
|
@pnmcosta can you handle sonar findings? |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the account management code to integrate a centralized permissions manager and adds new functionality to create and update accounts by private domain.
- Introduces two new methods: CreateAccountByPrivateDomain and UpdateToPrimaryAccount.
- Replaces direct account ID checks with calls to permissionsManager.ValidateAccountAccess in various methods.
- Updates BuildManager signature, tests, and mocks throughout the codebase to support the new permissions manager.
Reviewed Changes
Copilot reviewed 32 out of 32 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| management/server/account.go | Added new account creation/update methods and replaced direct checks with permissions validation. |
| management/server/event.go | Updated event handling to populate user info with permissions considerations. |
| management/server/account_test.go | Added tests for new methods and updated BuildManager usage to pass permissions manager. |
| management/server/peer.go | Replaced direct account checks with calls to permissionsManager.ValidateAccountAccess. |
| management/server/mock_server/account_mock.go | Added mocks for the new methods. |
| management/server/dns*.go, nameserver*.go, group.go | Replaced direct user.AccountID comparisons with permissions validation calls. |
| client/internal/engine_test.go, client/cmd/testutil_test.go, etc. | Updated tests to include the new permissions manager dependency. |
| management/cmd/management.go | Updated BuildManager call to initialize the permissions manager via integrations. |
| management/server/http/handlers/events/events_handler.go | Removed unused legacy event metadata filling code. |
Comments suppressed due to low confidence (2)
management/server/account.go:1714
- [nitpick] Consider replacing the magic number '2' with a named constant (e.g., retryCount) to improve clarity and maintainability.
for range 2 {
management/server/account.go:1110
- The direct check 'user.AccountID != accountID' has been replaced with permissionsManager.ValidateAccountAccess; ensure that the new validation call handles all the required permission scenarios consistently.
if user.AccountID != accountID {
3766f0e to
61b0acd
Compare
pnmcosta
force-pushed
the
refactor/permissions-account
branch
from
61b0acd to
865d89a
Compare
# Conflicts: # go.mod # go.sum
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
* refactor routes permissions Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> * fix tests --------- Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Pascal Fischer <pascal@netbird.io>
# Conflicts: # client/server/server_test.go # go.mod # go.sum
|
pascal-fischer
approved these changes
Mar 30, 2025
remipcomaite
pushed a commit
to remipcomaite/netbird
that referenced
this pull request
Apr 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe your changes
Issue ticket number and link
Checklist