From 97f7b45f4fca2cfe7dd5c57de1851e9b9a352090 Mon Sep 17 00:00:00 2001 From: Adil Ansari Date: Thu, 22 Jun 2023 10:07:25 -0700 Subject: [PATCH 1/2] fix: UpdateProject operation to authz --- api/server/v1/tx.go | 1 + server/middleware/authz.go | 3 +++ 2 files changed, 4 insertions(+) diff --git a/api/server/v1/tx.go b/api/server/v1/tx.go index 766fd906..19cf73cc 100644 --- a/api/server/v1/tx.go +++ b/api/server/v1/tx.go @@ -58,6 +58,7 @@ const ( ListProjectsMethodName = apiMethodPrefix + "ListProjects" ListCollectionsMethodName = apiMethodPrefix + "ListCollections" CreateProjectMethodName = apiMethodPrefix + "CreateProject" + UpdateProjectMethodName = apiMethodPrefix + "UpdateProject" DeleteProjectMethodName = apiMethodPrefix + "DeleteProject" DescribeDatabaseMethodName = apiMethodPrefix + "DescribeDatabase" diff --git a/server/middleware/authz.go b/server/middleware/authz.go index acc8df4c..f205ddf6 100644 --- a/server/middleware/authz.go +++ b/server/middleware/authz.go @@ -102,6 +102,7 @@ var ( api.ListProjectsMethodName, api.ListCollectionsMethodName, api.CreateProjectMethodName, + api.UpdateProjectMethodName, api.DeleteProjectMethodName, api.DescribeDatabaseMethodName, api.DescribeCollectionMethodName, @@ -194,6 +195,7 @@ var ( api.ListProjectsMethodName, api.ListCollectionsMethodName, api.CreateProjectMethodName, + api.UpdateProjectMethodName, api.DeleteProjectMethodName, api.DescribeDatabaseMethodName, api.DescribeCollectionMethodName, @@ -293,6 +295,7 @@ var ( api.ListProjectsMethodName, api.ListCollectionsMethodName, api.CreateProjectMethodName, + api.UpdateProjectMethodName, api.DeleteProjectMethodName, api.DescribeDatabaseMethodName, api.DescribeCollectionMethodName, From 44afc7ee119a7398f4c7cb8cfc00ee434e097dfb Mon Sep 17 00:00:00 2001 From: Adil Ansari Date: Thu, 22 Jun 2023 10:11:00 -0700 Subject: [PATCH 2/2] tests: authz update project roles --- server/middleware/authz_test.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/middleware/authz_test.go b/server/middleware/authz_test.go index abe29b22..32d54b98 100644 --- a/server/middleware/authz_test.go +++ b/server/middleware/authz_test.go @@ -40,6 +40,7 @@ func TestAuthzOwnerRole(t *testing.T) { require.True(t, isAuthorizedOperation(api.CreateOrUpdateCollectionsMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.DropCollectionMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.ListProjectsMethodName, auth.OwnerRoleName)) + require.True(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.ListCollectionsMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.OwnerRoleName)) require.True(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.OwnerRoleName)) @@ -149,6 +150,7 @@ func TestAuthzEditorRole(t *testing.T) { require.True(t, isAuthorizedOperation(api.ListProjectsMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.ListCollectionsMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.EditorRoleName)) + require.True(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.DescribeDatabaseMethodName, auth.EditorRoleName)) require.True(t, isAuthorizedOperation(api.DescribeCollectionMethodName, auth.EditorRoleName)) @@ -285,6 +287,7 @@ func TestAuthzReadOnlyRole(t *testing.T) { require.False(t, isAuthorizedOperation(api.UpdateMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.DeleteMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.ReadOnlyRoleName)) + require.False(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.CreateOrUpdateCollectionMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.CreateOrUpdateCollectionsMethodName, auth.ReadOnlyRoleName)) require.False(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.ReadOnlyRoleName))