Skip to content

Commit

Permalink
fix(api): fix permission for some template routes and add tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@richardlt
richardlt committed Jan 10, 2020
1 parent c596c3a commit 56dc111
Show file tree
Hide file tree
Showing 5 changed files with 266 additions and 65 deletions.
2 changes: 1 addition & 1 deletion engine/api/action.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -844,7 +844,7 @@ func getActionUsage(ctx context.Context, db gorp.SqlExecutor, store cache.Store,

consumer := getAPIConsumer(ctx)

if !isAdmin(ctx) && !isMaintainer(ctx) {
if !isMaintainer(ctx) {
// filter usage in pipeline by user's projects
ps, err := project.LoadAllByGroupIDs(ctx, db, store, consumer.GetGroupIDs())
if err != nil {
Expand Down
12 changes: 6 additions & 6 deletions engine/api/api_routes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,13 +415,13 @@ func (api *API) InitRouter() {
r.Handle("/template/push", Scope(sdk.AuthConsumerScopeTemplate), r.POST(api.postTemplatePushHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateHandler), r.PUT(api.putTemplateHandler), r.DELETE(api.deleteTemplateHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/pull", Scope(sdk.AuthConsumerScopeTemplate), r.POST(api.postTemplatePullHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/apply", Scope(sdk.AuthConsumerScopeTemplate), r.POST(api.postTemplateApplyHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/bulk", Scope(sdk.AuthConsumerScopeTemplate), r.POST(api.postTemplateBulkHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/bulk/{bulkID}", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateBulkHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/instance", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateInstancesHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/instance/{instanceID}", Scope(sdk.AuthConsumerScopeTemplate), r.DELETE(api.deleteTemplateInstanceHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/audit", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateAuditsHandler))
r.Handle("/template/{permGroupName}/{permTemplateSlug}/usage", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateUsageHandler))
r.Handle("/template/{groupName}/{templateSlug}/apply", Scope(sdk.AuthConsumerScopeTemplate), r.POST(api.postTemplateApplyHandler))
r.Handle("/template/{groupName}/{templateSlug}/bulk", Scope(sdk.AuthConsumerScopeTemplate), r.POST(api.postTemplateBulkHandler))
r.Handle("/template/{groupName}/{templateSlug}/bulk/{bulkID}", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateBulkHandler))
r.Handle("/template/{groupName}/{templateSlug}/instance", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateInstancesHandler))
r.Handle("/template/{groupName}/{templateSlug}/instance/{instanceID}", Scope(sdk.AuthConsumerScopeTemplate), r.DELETE(api.deleteTemplateInstanceHandler))
r.Handle("/template/{groupName}/{templateSlug}/usage", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateUsageHandler))
r.Handle("/project/{key}/workflow/{permWorkflowName}/templateInstance", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateInstanceHandler))

//Not Found handler
Expand Down
85 changes: 61 additions & 24 deletions engine/api/templates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,21 +399,21 @@ func (api *API) postTemplateApplyHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
vars := mux.Vars(r)

groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]
groupName := vars["groupName"]
templateSlug := vars["templateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
if err != nil {
return err
}
if !(isGroupMember(ctx, g) || isMaintainer(ctx)) {
return sdk.WithStack(sdk.ErrNotFound)
}

wt, err := workflowtemplate.LoadBySlugAndGroupID(ctx, api.mustDB(), templateSlug, g.ID, workflowtemplate.LoadOptions.Default)
if err != nil {
return err
}
if wt == nil {
return sdk.WithStack(sdk.ErrNotFound)
}

withImport := FormBool(r, "import")

Expand Down Expand Up @@ -486,13 +486,16 @@ func (api *API) postTemplateBulkHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
vars := mux.Vars(r)

groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]
groupName := vars["groupName"]
templateSlug := vars["templateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
if err != nil {
return err
}
if !(isGroupMember(ctx, g) || isMaintainer(ctx)) {
return sdk.WithStack(sdk.ErrNotFound)
}

wt, err := workflowtemplate.LoadBySlugAndGroupID(ctx, api.mustDB(), templateSlug, g.ID, workflowtemplate.LoadOptions.Default)
if err != nil {
Expand Down Expand Up @@ -635,13 +638,16 @@ func (api *API) getTemplateBulkHandler() service.Handler {

vars := mux.Vars(r)

groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]
groupName := vars["groupName"]
templateSlug := vars["templateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
if err != nil {
return err
}
if !(isGroupMember(ctx, g) || isMaintainer(ctx)) {
return sdk.WithStack(sdk.ErrNotFound)
}

wt, err := workflowtemplate.LoadBySlugAndGroupID(ctx, api.mustDB(), templateSlug, g.ID)
if err != nil {
Expand All @@ -667,22 +673,28 @@ func (api *API) getTemplateInstancesHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
vars := mux.Vars(r)

groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]
groupName := vars["groupName"]
templateSlug := vars["templateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
if err != nil {
return err
}
if !(isGroupMember(ctx, g) || isMaintainer(ctx)) {
return sdk.WithStack(sdk.ErrNotFound)
}

wt, err := workflowtemplate.LoadBySlugAndGroupID(ctx, api.mustDB(), templateSlug, g.ID)
if err != nil {
return err
}

//u := getAPIConsumer(ctx)

ps, err := project.LoadAll(ctx, api.mustDB(), api.Cache)
var ps sdk.Projects
if isMaintainer(ctx) {
ps, err = project.LoadAll(ctx, api.mustDB(), api.Cache)
} else {
ps, err = project.LoadAllByGroupIDs(ctx, api.mustDB(), api.Cache, getAPIConsumer(ctx).GetGroupIDs())
}
if err != nil {
return err
}
Expand Down Expand Up @@ -750,13 +762,16 @@ func (api *API) deleteTemplateInstanceHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
vars := mux.Vars(r)

groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]
groupName := vars["groupName"]
templateSlug := vars["templateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
if err != nil {
return err
}
if !(isGroupMember(ctx, g) || isMaintainer(ctx)) {
return sdk.WithStack(sdk.ErrNotFound)
}

wt, err := workflowtemplate.LoadBySlugAndGroupID(ctx, api.mustDB(), templateSlug, g.ID)
if err != nil {
Expand All @@ -766,14 +781,11 @@ func (api *API) deleteTemplateInstanceHandler() service.Handler {
var ps []sdk.Project
if isAdmin(ctx) {
ps, err = project.LoadAll(ctx, api.mustDB(), api.Cache)
if err != nil {
return err
}
} else {
ps, err = project.LoadAllByGroupIDs(ctx, api.mustDB(), api.Cache, getAPIConsumer(ctx).GetGroupIDs())
if err != nil {
return err
}
}
if err != nil {
return err
}

instanceID, err := requestVarInt(r, "instanceID")
Expand Down Expand Up @@ -913,13 +925,16 @@ func (api *API) getTemplateUsageHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
vars := mux.Vars(r)

groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]
groupName := vars["groupName"]
templateSlug := vars["templateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
if err != nil {
return err
}
if !(isGroupMember(ctx, g) || isMaintainer(ctx)) {
return sdk.WithStack(sdk.ErrNotFound)
}

wt, err := workflowtemplate.LoadBySlugAndGroupID(ctx, api.mustDB(), templateSlug, g.ID)
if err != nil {
Expand All @@ -931,6 +946,28 @@ func (api *API) getTemplateUsageHandler() service.Handler {
return sdk.WrapError(err, "cannot load templates")
}

if !isMaintainer(ctx) {
consumer := getAPIConsumer(ctx)

// filter usage in workflow by user's projects
ps, err := project.LoadAllByGroupIDs(ctx, api.mustDB(), api.Cache, consumer.GetGroupIDs())
if err != nil {
return err
}
mProjectIDs := make(map[int64]struct{}, len(ps))
for i := range ps {
mProjectIDs[ps[i].ID] = struct{}{}
}

filteredWorkflow := []sdk.Workflow{}
for i := range wfs {
if _, ok := mProjectIDs[wfs[i].ProjectID]; ok {
filteredWorkflow = append(filteredWorkflow, wfs[i])
}
}
wfs = filteredWorkflow
}

return service.WriteJSON(w, wfs, http.StatusOK)
}
}
Expand Down
Loading

0 comments on commit 56dc111

Please sign in to comment.