fix(api): permission for admin and maintainer on project/workflow

ovh · Jan 17, 2020 · 8a0b57a · 8a0b57a
1 parent fc58407
commit 8a0b57a
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 31 deletions.
diff --git a/engine/api/project.go b/engine/api/project.go
@@ -291,18 +291,16 @@ func (api *API) getProjectHandler() service.Handler {
 		p.URLs.APIURL = api.Config.URL.API + api.Router.GetRoute("GET", api.getProjectHandler, map[string]string{"permProjectKey": key})
 		p.URLs.UIURL = api.Config.URL.UI + "/project/" + key
 
-		permissions, err := permission.LoadProjectMaxLevelPermission(ctx, api.mustDB(), []string{p.Key}, getAPIConsumer(ctx).GetGroupIDs())
-		if err != nil {
-			return err
-		}
-		p.Permissions = permissions.Permissions(p.Key)
-
-		if !p.Permissions.IsMaxLevel() && !p.Permissions.Readable {
-			if isMaintainer(ctx) {
-				p.Permissions = sdk.Permissions{Readable: true, Writable: false}
+		if isAdmin(ctx) {
+			p.Permissions = sdk.Permissions{Readable: true, Writable: true, Executable: true}
+		} else {
+			permissions, err := permission.LoadProjectMaxLevelPermission(ctx, api.mustDB(), []string{p.Key}, getAPIConsumer(ctx).GetGroupIDs())
+			if err != nil {
+				return err
 			}
-			if isAdmin(ctx) {
-				p.Permissions = sdk.Permissions{Readable: true, Writable: true}
+			p.Permissions = permissions.Permissions(p.Key)
+			if isMaintainer(ctx) {
+				p.Permissions.Readable = true
 			}
 		}
 
@@ -446,9 +444,9 @@ func (api *API) postProjectHandler() service.Handler {
 			var grp *sdk.Group
 			var err error
 			if gp.Group.ID != 0 {
-				grp, err = group.LoadByID(ctx, tx, gp.Group.ID)
+				grp, err = group.LoadByID(ctx, tx, gp.Group.ID, group.LoadOptions.WithMembers)
 			} else {
-				grp, err = group.LoadByName(ctx, tx, gp.Group.Name)
+				grp, err = group.LoadByName(ctx, tx, gp.Group.Name, group.LoadOptions.WithMembers)
 			}
 			if err != nil {
 				return err

diff --git a/engine/api/workflow.go b/engine/api/workflow.go
@@ -48,14 +48,12 @@ func (api *API) getWorkflowsHandler() service.Handler {
 		}
 
 		for i := range ws {
-			ws[i].Permissions = perms.Permissions(ws[i].Name)
-
-			if !ws[i].Permissions.IsMaxLevel() && !ws[i].Permissions.Readable {
+			if isAdmin(ctx) {
+				ws[i].Permissions = sdk.Permissions{Readable: true, Writable: true, Executable: true}
+			} else {
+				ws[i].Permissions = perms.Permissions(ws[i].Name)
 				if isMaintainer(ctx) {
-					ws[i].Permissions = sdk.Permissions{Readable: true, Writable: false, Executable: false}
-				}
-				if isAdmin(ctx) {
-					ws[i].Permissions = sdk.Permissions{Readable: true, Writable: true, Executable: true}
+					ws[i].Permissions.Readable = true
 				}
 			}
 		}
@@ -128,18 +126,16 @@ func (api *API) getWorkflowHandler() service.Handler {
 			}
 		}
 
-		perms, err := permission.LoadWorkflowMaxLevelPermission(ctx, api.mustDB(), key, []string{w1.Name}, getAPIConsumer(ctx).GetGroupIDs())
-		if err != nil {
-			return err
-		}
-		w1.Permissions = perms.Permissions(w1.Name)
-
-		if !w1.Permissions.IsMaxLevel() && !w1.Permissions.Readable {
-			if isMaintainer(ctx) {
-				w1.Permissions = sdk.Permissions{Readable: true, Writable: false, Executable: false}
+		if isAdmin(ctx) {
+			w1.Permissions = sdk.Permissions{Readable: true, Writable: true, Executable: true}
+		} else {
+			perms, err := permission.LoadWorkflowMaxLevelPermission(ctx, api.mustDB(), key, []string{w1.Name}, getAPIConsumer(ctx).GetGroupIDs())
+			if err != nil {
+				return err
 			}
-			if isAdmin(ctx) {
-				w1.Permissions = sdk.Permissions{Readable: true, Writable: true, Executable: true}
+			w1.Permissions = perms.Permissions(w1.Name)
+			if isMaintainer(ctx) {
+				w1.Permissions.Readable = true
 			}
 		}