Skip to content

Commit

Permalink
fix(api): sends all events to hatcheries only if wildcard even if mai…
Browse files Browse the repository at this point in the history
…ntainer (#4922)
  • Loading branch information
richardlt authored Feb 4, 2020
1 parent 1141bd7 commit f13ff37
Showing 1 changed file with 8 additions and 17 deletions.
25 changes: 8 additions & 17 deletions engine/api/events.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ import (
"github.com/tevino/abool"

"github.com/ovh/cds/engine/api/cache"
"github.com/ovh/cds/engine/api/group"
"github.com/ovh/cds/engine/api/observability"
"github.com/ovh/cds/engine/api/permission"
"github.com/ovh/cds/engine/api/services"
"github.com/ovh/cds/engine/service"
"github.com/ovh/cds/sdk"
"github.com/ovh/cds/sdk/log"
Expand Down Expand Up @@ -235,51 +235,42 @@ func (client *eventsBrokerSubscribe) manageEvent(db gorp.SqlExecutor, event sdk.
return true, nil
}

var isSharedInfra = client.consumer.Groups.HasOneOf(group.SharedInfraGroup.ID)
var isHatchery = client.consumer.Service != nil && client.consumer.Service.Type == services.TypeHatchery
var isHatcheryWithGroups = isHatchery && len(client.consumer.GroupIDs) > 0

switch {
case strings.HasPrefix(event.EventType, "sdk.EventProject") || strings.HasPrefix(event.EventType, "sdk.EventAsCodeEvent"):
if isSharedInfra || client.consumer.Maintainer() {
case strings.HasPrefix(event.EventType, "sdk.EventProject") || strings.HasPrefix(event.EventType, "sdk.EventAsCodeEvent"):
if client.consumer.Maintainer() && !isHatcheryWithGroups {
return true, nil
}

perms, err := permission.LoadProjectMaxLevelPermission(context.Background(), db, []string{event.ProjectKey}, client.consumer.GetGroupIDs())
if err != nil {
return false, err
}

return perms.Level(event.ProjectKey) >= sdk.PermissionRead, nil

case strings.HasPrefix(event.EventType, "sdk.EventWorkflow") || strings.HasPrefix(event.EventType, "sdk.EventRunWorkflow"):
if isSharedInfra || client.consumer.Maintainer() {
if client.consumer.Maintainer() && !isHatcheryWithGroups {
return true, nil
}

perms, err := permission.LoadWorkflowMaxLevelPermission(context.Background(), db, event.ProjectKey, []string{event.WorkflowName}, client.consumer.GetGroupIDs())
if err != nil {
return false, err
}

return perms.Level(event.WorkflowName) >= sdk.PermissionRead, nil

case strings.HasPrefix(event.EventType, "sdk.EventBroadcast"):
if event.ProjectKey == "" {
if client.consumer.Maintainer() && !isHatcheryWithGroups {
return true, nil
}

if isSharedInfra || client.consumer.Maintainer() {
if event.ProjectKey == "" {
return true, nil
}

perms, err := permission.LoadProjectMaxLevelPermission(context.Background(), db, []string{event.ProjectKey}, client.consumer.GetGroupIDs())
if err != nil {
return false, err
}

return perms.Level(event.ProjectKey) >= sdk.PermissionRead, nil
default:
return false, nil

}
}

Expand Down

0 comments on commit f13ff37

Please sign in to comment.