From f1cea7f189b0937896a70aafb8727c5594c2bbb4 Mon Sep 17 00:00:00 2001 From: Adil Ansari Date: Thu, 22 Jun 2023 12:51:11 -0700 Subject: [PATCH] fix: UpdateProject operation to authz (#1281) * fix: UpdateProject operation to authz * tests: authz update project roles --- api/server/v1/tx.go | 1 + server/middleware/authz.go | 3 +++ server/middleware/authz_test.go | 3 +++ 3 files changed, 7 insertions(+) diff --git a/api/server/v1/tx.go b/api/server/v1/tx.go index 766fd906..19cf73cc 100644 --- a/api/server/v1/tx.go +++ b/api/server/v1/tx.go @@ -58,6 +58,7 @@ const ( ListProjectsMethodName = apiMethodPrefix + "ListProjects" ListCollectionsMethodName = apiMethodPrefix + "ListCollections" CreateProjectMethodName = apiMethodPrefix + "CreateProject" + UpdateProjectMethodName = apiMethodPrefix + "UpdateProject" DeleteProjectMethodName = apiMethodPrefix + "DeleteProject" DescribeDatabaseMethodName = apiMethodPrefix + "DescribeDatabase" diff --git a/server/middleware/authz.go b/server/middleware/authz.go index acc8df4c..f205ddf6 100644 --- a/server/middleware/authz.go +++ b/server/middleware/authz.go @@ -102,6 +102,7 @@ var ( api.ListProjectsMethodName, api.ListCollectionsMethodName, api.CreateProjectMethodName, + api.UpdateProjectMethodName, api.DeleteProjectMethodName, api.DescribeDatabaseMethodName, api.DescribeCollectionMethodName, @@ -194,6 +195,7 @@ var ( api.ListProjectsMethodName, api.ListCollectionsMethodName, api.CreateProjectMethodName, + api.UpdateProjectMethodName, api.DeleteProjectMethodName, api.DescribeDatabaseMethodName, api.DescribeCollectionMethodName, @@ -293,6 +295,7 @@ var ( api.ListProjectsMethodName, api.ListCollectionsMethodName, api.CreateProjectMethodName, + api.UpdateProjectMethodName, api.DeleteProjectMethodName, api.DescribeDatabaseMethodName, api.DescribeCollectionMethodName, diff --git a/server/middleware/authz_test.go b/server/middleware/authz_test.go index abe29b22..32d54b98 100644 --- a/server/middleware/authz_test.go +++ b/server/middleware/authz_test.go @@ -40,6 +40,7 @@ func TestAuthzOwnerRole(t *testing.T) { require.True(t, isAuthorizedOperation(api.CreateOrUpdateCollectionsMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.DropCollectionMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.ListProjectsMethodName, auth.OwnerRoleName)) + require.True(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.ListCollectionsMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.OwnerRoleName)) @@ -149,6 +150,7 @@ func TestAuthzEditorRole(t *testing.T) { require.True(t, isAuthorizedOperation(api.ListProjectsMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.ListCollectionsMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.EditorRoleName)) + require.True(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.DescribeDatabaseMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.DescribeCollectionMethodName, auth.EditorRoleName)) @@ -285,6 +287,7 @@ func TestAuthzReadOnlyRole(t *testing.T) { require.False(t, isAuthorizedOperation(api.UpdateMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.DeleteMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.ReadOnlyRoleName)) + require.False(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.CreateOrUpdateCollectionMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.CreateOrUpdateCollectionsMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.ReadOnlyRoleName))