fix: Applied RBAC authorisation to sendTaskFailure. Switched from FAI…

…LED to NOAUTH status is not al
wmfs · Jun 26, 2018 · 311425c · 311425c
1 parent eb8b316
commit 311425c
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 6 deletions.
diff --git a/lib/plugin/components/services/statebox/index.js b/lib/plugin/components/services/statebox/index.js
@@ -141,9 +141,23 @@ class StateboxService {
     this.statebox.sendTaskHeartbeat(executionName, output, executionOptions, callback)
   }
 
-  sendTaskFailure (executionName, output, executionOptions, callback) {
-    return promiseOrCallback(this.statebox.sendTaskFailure(executionName, output), callback)
-  }
+  async sendTaskFailure (executionName, output, executionOptions, callback) {
+    if (callback) {
+      return promiseOrCallback(this.statebox.sendTaskFailure(executionName, output), callback)
+    }
+
+    const executionDescription = await this.statebox.describeExecution(executionName, executionOptions)
+    const [authOk, errExecDesc] = await this.authorisationCheck(
+      executionOptions.userId,
+      executionDescription.stateMachineName,
+      executionDescription.executionOptions,
+      'update'
+    )
+
+    return (authOk)
+      ? this.statebox.sendTaskFailure(executionName, output)
+      : errExecDesc
+  } // sendTaskFailure
 
   waitUntilStoppedRunning (executionName, callback) {
     const p = this.statebox.waitUntilStoppedRunning(executionName)
@@ -179,7 +193,7 @@ class StateboxService {
     return [
       false,
       {
-        status: 'FAILED',
+        status: 'NOAUTH',
         stateMachineName: stateMachineName,
         errorCode: '401',
         errorMessage: `'${(typeof userId === 'string') ? userId : null}' can not perform '${action}' on '${stateMachineName}'`

diff --git a/test/statebox-service-acl-tests.js b/test/statebox-service-acl-tests.js
@@ -65,6 +65,18 @@ const heartBeatTests = [
       { userId: user}
     ),
     status: 'SUCCEEDED'
+  },
+  {
+    label: 'sendTaskFailure',
+    testFn: (statebox, executionName, user) => statebox.sendTaskFailure(
+      executionName,
+      {
+        error: 'FAIL',
+        cause: 'Brexit'
+      },
+      { userId: user}
+    ),
+    status: 'FAILED'
   }
 ]
 
@@ -139,7 +151,7 @@ describe('Statebox service RBAC authorisation', function () {
                   userId: disallowed
                 }
               )
-              expect(execDesc.status).to.eql('FAILED')
+              expect(execDesc.status).to.eql('NOAUTH')
               expect(execDesc.stateMachineName).to.eql(test.blueprint)
               expect(execDesc.errorCode).to.eql('401')
             })
@@ -200,7 +212,9 @@ describe('Statebox service RBAC authorisation', function () {
                 it('stopExecution', async () => {
                   const execDesc = await testAction.testFn(statebox, executionName, disallowed)
 
-                  expect(execDesc.status).to.eql('FAILED')
+                  expect(execDesc.status).to.eql('NOAUTH')
+                  expect(execDesc.stateMachineName).to.eql(test.blueprint)
+                  expect(execDesc.errorCode).to.eql('401')
                 })
               })
             } // for disallowed ...