Skip to content

Commit

Permalink
fix(ui): template and action permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@richardlt
richardlt committed Jan 17, 2020
1 parent bd1e4f9 commit fc58407
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 30 deletions.
19 changes: 6 additions & 13 deletions engine/api/action.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ func (api *API) getActionsHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
var as []sdk.Action
var err error
if isMaintainer(ctx) || isAdmin(ctx) {
if isMaintainer(ctx) {
as, err = action.LoadAllByTypes(ctx, api.mustDB(),
[]string{sdk.DefaultAction},
action.LoadOptions.WithRequirements,
Expand Down Expand Up @@ -91,7 +91,7 @@ func (api *API) getActionsForGroupHandler() service.Handler {
}

// and user is part of the group
if !isGroupMember(ctx, g) && !isMaintainer(ctx) && !isAdmin(ctx) {
if !isGroupMember(ctx, g) && !isMaintainer(ctx) {
return sdk.WithStack(sdk.ErrForbidden)
}

Expand Down Expand Up @@ -119,14 +119,10 @@ func (api *API) postActionHandler() service.Handler {
return err
}

// check that the group exists and user is admin for group id
grp, err := group.LoadByID(ctx, api.mustDB(), *data.GroupID)
grp, err := group.LoadByID(ctx, api.mustDB(), *data.GroupID, group.LoadOptions.WithMembers)
if err != nil {
return err
}
if grp == nil {
return sdk.WithStack(sdk.ErrNotFound)
}

if !isGroupAdmin(ctx, grp) && !isAdmin(ctx) {
return sdk.WithStack(sdk.ErrInvalidGroupAdmin)
Expand Down Expand Up @@ -189,7 +185,7 @@ func (api *API) getActionHandler() service.Handler {
groupName := vars["permGroupName"]
actionName := vars["permActionName"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
g, err := group.LoadByName(ctx, api.mustDB(), groupName, group.LoadOptions.WithMembers)
if err != nil {
return err
}
Expand Down Expand Up @@ -247,13 +243,10 @@ func (api *API) putActionHandler() service.Handler {
}
defer tx.Rollback() // nolint

grp, err := group.LoadByID(ctx, tx, *data.GroupID)
grp, err := group.LoadByID(ctx, tx, *data.GroupID, group.LoadOptions.WithMembers)
if err != nil {
return err
}
if grp == nil {
return sdk.WithStack(sdk.ErrNotFound)
}

if *old.GroupID != *data.GroupID || old.Name != data.Name {
if !isGroupAdmin(ctx, grp) && !isAdmin(ctx) {
Expand Down Expand Up @@ -477,7 +470,7 @@ func (api *API) postActionAuditRollbackHandler() service.Handler {
} else if ea.Group == grp.Name {
newGrp = grp
} else {
newGrp, err = group.LoadByName(ctx, tx, ea.Group)
newGrp, err = group.LoadByName(ctx, tx, ea.Group, group.LoadOptions.WithMembers)
if err != nil {
return err
}
Expand Down
6 changes: 3 additions & 3 deletions engine/api/events.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ func (client *eventsBrokerSubscribe) manageEvent(db gorp.SqlExecutor, event sdk.

switch {
case strings.HasPrefix(event.EventType, "sdk.EventProject"):
if isSharedInfra || client.consumer.Maintainer() || client.consumer.Admin() {
if isSharedInfra || client.consumer.Maintainer() {
return true, nil
}

Expand All @@ -251,7 +251,7 @@ func (client *eventsBrokerSubscribe) manageEvent(db gorp.SqlExecutor, event sdk.
return perms.Level(event.ProjectKey) >= sdk.PermissionRead, nil

case strings.HasPrefix(event.EventType, "sdk.EventWorkflow") || strings.HasPrefix(event.EventType, "sdk.EventRunWorkflow"):
if isSharedInfra || client.consumer.Maintainer() || client.consumer.Admin() {
if isSharedInfra || client.consumer.Maintainer() {
return true, nil
}

Expand All @@ -267,7 +267,7 @@ func (client *eventsBrokerSubscribe) manageEvent(db gorp.SqlExecutor, event sdk.
return true, nil
}

if isSharedInfra || client.consumer.Maintainer() || client.consumer.Admin() {
if isSharedInfra || client.consumer.Maintainer() {
return true, nil
}

Expand Down
24 changes: 10 additions & 14 deletions engine/api/templates.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func (api *API) getTemplatesHandler() service.Handler {
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
var ts []sdk.WorkflowTemplate
var err error
if isMaintainer(ctx) || isAdmin(ctx) {
if isMaintainer(ctx) {
ts, err = workflowtemplate.LoadAll(ctx, api.mustDB(),
workflowtemplate.LoadOptions.Default,
workflowtemplate.LoadOptions.WithAudits,
Expand Down Expand Up @@ -81,8 +81,7 @@ func (api *API) postTemplateHandler() service.Handler {
return sdk.NewErrorFrom(sdk.ErrWrongRequest, "missing group name")
}

// check that the user is admin on the given template's group
grp, err = group.LoadByName(ctx, api.mustDB(), data.Group.Name)
grp, err = group.LoadByName(ctx, api.mustDB(), data.Group.Name, group.LoadOptions.WithMembers)
if err != nil {
return sdk.NewError(sdk.ErrWrongRequest, err)
}
Expand All @@ -93,14 +92,10 @@ func (api *API) postTemplateHandler() service.Handler {
return err
}
} else {
// check that the group exists and user is admin for group id
grp, err = group.LoadByID(ctx, api.mustDB(), data.GroupID)
grp, err = group.LoadByID(ctx, api.mustDB(), data.GroupID, group.LoadOptions.WithMembers)
if err != nil {
return err
}
if grp == nil {
return sdk.WithStack(sdk.ErrNotFound)
}
}

data.Version = 0
Expand Down Expand Up @@ -144,7 +139,7 @@ func (api *API) getTemplateHandler() service.Handler {
groupName := vars["permGroupName"]
templateSlug := vars["permTemplateSlug"]

g, err := group.LoadByName(ctx, api.mustDB(), groupName)
g, err := group.LoadByName(ctx, api.mustDB(), groupName, group.LoadOptions.WithMembers)
if err != nil {
return err
}
Expand Down Expand Up @@ -207,7 +202,7 @@ func (api *API) putTemplateHandler() service.Handler {
}

// check that the user is admin on the given template's group
grp, err = group.LoadByName(ctx, api.mustDB(), data.Group.Name)
grp, err = group.LoadByName(ctx, api.mustDB(), data.Group.Name, group.LoadOptions.WithMembers)
if err != nil {
return sdk.NewError(sdk.ErrWrongRequest, err)
}
Expand All @@ -219,13 +214,14 @@ func (api *API) putTemplateHandler() service.Handler {
}
} else {
// check that the group exists and user is admin for group id
grp, err = group.LoadByID(ctx, api.mustDB(), data.GroupID)
grp, err = group.LoadByID(ctx, api.mustDB(), data.GroupID, group.LoadOptions.WithMembers)
if err != nil {
return err
}
if grp == nil {
return sdk.WithStack(sdk.ErrNotFound)
}
}

if !isGroupAdmin(ctx, grp) && !isAdmin(ctx) {
return sdk.WithStack(sdk.ErrForbidden)
}

// update fields from request data
Expand Down

0 comments on commit fc58407

Please sign in to comment.