Fix permissions trace issue on hasWildcard resources
This commit is contained in:
Mumbi Francis
Mumbi Francis
parent
7a2045d375
commit
16edc28809
2
server/automation/service/access_control.gen.go
generated
2
server/automation/service/access_control.gen.go
generated
@ -436,7 +436,7 @@ func (svc accessControl) resourceLoader(ctx context.Context, resource string) (r
|
||||
switch rbac.ResourceType(resourceType) {
|
||||
case types.WorkflowResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.WorkflowRbacResource(0)), nil
|
||||
return rbac.NewResource(types.WorkflowRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadWorkflow(ctx, svc.store, ids[0])
|
||||
|
||||
@ -296,7 +296,7 @@ func (svc accessControl) resourceLoader(ctx context.Context, resource string) (r
|
||||
{{- range .loaders }}
|
||||
case {{ .const }}:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource({{ .resFunc }}({{ range $i := .refIndex }}0,{{ end }})), nil
|
||||
return rbac.NewResource({{ .resFunc }}({{ range $i := .refIndex }}ids[{{ $i }}],{{ end }})), nil
|
||||
}
|
||||
|
||||
return {{ .funcName }}(ctx, svc.store {{ range $i := .refIndex }}, ids[{{ $i }}]{{ end }})
|
||||
|
||||
14
server/compose/service/access_control.gen.go
generated
14
server/compose/service/access_control.gen.go
generated
@ -790,43 +790,43 @@ func (svc accessControl) resourceLoader(ctx context.Context, resource string) (r
|
||||
switch rbac.ResourceType(resourceType) {
|
||||
case types.ChartResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ChartRbacResource(0, 0)), nil
|
||||
return rbac.NewResource(types.ChartRbacResource(ids[0], ids[1])), nil
|
||||
}
|
||||
|
||||
return loadChart(ctx, svc.store, ids[0], ids[1])
|
||||
case types.ModuleResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ModuleRbacResource(0, 0)), nil
|
||||
return rbac.NewResource(types.ModuleRbacResource(ids[0], ids[1])), nil
|
||||
}
|
||||
|
||||
return loadModule(ctx, svc.store, ids[0], ids[1])
|
||||
case types.ModuleFieldResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ModuleFieldRbacResource(0, 0, 0)), nil
|
||||
return rbac.NewResource(types.ModuleFieldRbacResource(ids[0], ids[1], ids[2])), nil
|
||||
}
|
||||
|
||||
return loadModuleField(ctx, svc.store, ids[0], ids[1], ids[2])
|
||||
case types.NamespaceResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.NamespaceRbacResource(0)), nil
|
||||
return rbac.NewResource(types.NamespaceRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadNamespace(ctx, svc.store, ids[0])
|
||||
case types.PageResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.PageRbacResource(0, 0)), nil
|
||||
return rbac.NewResource(types.PageRbacResource(ids[0], ids[1])), nil
|
||||
}
|
||||
|
||||
return loadPage(ctx, svc.store, ids[0], ids[1])
|
||||
case types.PageLayoutResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.PageLayoutRbacResource(0, 0, 0)), nil
|
||||
return rbac.NewResource(types.PageLayoutRbacResource(ids[0], ids[1], ids[2])), nil
|
||||
}
|
||||
|
||||
return loadPageLayout(ctx, svc.store, ids[0], ids[1], ids[2])
|
||||
case types.RecordResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.RecordRbacResource(0, 0, 0)), nil
|
||||
return rbac.NewResource(types.RecordRbacResource(ids[0], ids[1], ids[2])), nil
|
||||
}
|
||||
|
||||
return loadRecord(ctx, svc.store, ids[0], ids[1], ids[2])
|
||||
|
||||
107
server/compose/service/access_control.gen_test.go
generated
Normal file
107
server/compose/service/access_control.gen_test.go
generated
Normal file
@ -0,0 +1,107 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/cortezaproject/corteza/server/compose/types"
|
||||
"github.com/cortezaproject/corteza/server/pkg/rbac"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestAccessControl_ResourceLoader(t *testing.T) {
|
||||
svc := accessControl{}
|
||||
|
||||
// Has wildcard resources
|
||||
testCases := []struct {
|
||||
resource string
|
||||
expected rbac.Resource
|
||||
err error
|
||||
}{
|
||||
{
|
||||
resource: "corteza::compose:chart/1/*",
|
||||
expected: rbac.NewResource(types.ChartRbacResource(1, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:chart/*/*",
|
||||
expected: rbac.NewResource(types.ChartRbacResource(0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:module/3/*",
|
||||
expected: rbac.NewResource(types.ModuleRbacResource(3, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:module/*/*",
|
||||
expected: rbac.NewResource(types.ModuleRbacResource(0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:module-field/5/*/*",
|
||||
expected: rbac.NewResource(types.ModuleFieldRbacResource(5, 0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:module-field/*/*/*",
|
||||
expected: rbac.NewResource(types.ModuleFieldRbacResource(0, 0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:namespace/*",
|
||||
expected: rbac.NewResource(types.NamespaceRbacResource(0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:page/9/*",
|
||||
expected: rbac.NewResource(types.PageRbacResource(9, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:page/*/*",
|
||||
expected: rbac.NewResource(types.PageRbacResource(0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:page-layout/11/*/*",
|
||||
expected: rbac.NewResource(types.PageLayoutRbacResource(11, 0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:page-layout/*/*/*",
|
||||
expected: rbac.NewResource(types.PageLayoutRbacResource(0, 0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:record/14/*/*",
|
||||
expected: rbac.NewResource(types.RecordRbacResource(14, 0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose:record/*/*/*",
|
||||
expected: rbac.NewResource(types.RecordRbacResource(0, 0, 0)),
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "corteza::compose",
|
||||
expected: &types.Component{},
|
||||
err: nil,
|
||||
},
|
||||
{
|
||||
resource: "unknown_resource_type:17",
|
||||
expected: nil,
|
||||
err: fmt.Errorf("unknown resource type %q", "unknown_resource_type:17"),
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.resource, func(t *testing.T) {
|
||||
res, err := svc.resourceLoader(context.Background(), tc.resource)
|
||||
|
||||
require.Equal(t, tc.expected, res)
|
||||
require.Equal(t, tc.err, err)
|
||||
})
|
||||
}
|
||||
}
|
||||
6
server/federation/service/access_control.gen.go
generated
6
server/federation/service/access_control.gen.go
generated
@ -406,19 +406,19 @@ func (svc accessControl) resourceLoader(ctx context.Context, resource string) (r
|
||||
switch rbac.ResourceType(resourceType) {
|
||||
case types.NodeResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.NodeRbacResource(0)), nil
|
||||
return rbac.NewResource(types.NodeRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadNode(ctx, svc.store, ids[0])
|
||||
case types.ExposedModuleResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ExposedModuleRbacResource(0, 0)), nil
|
||||
return rbac.NewResource(types.ExposedModuleRbacResource(ids[0], ids[1])), nil
|
||||
}
|
||||
|
||||
return loadExposedModule(ctx, svc.store, ids[0], ids[1])
|
||||
case types.SharedModuleResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.SharedModuleRbacResource(0, 0)), nil
|
||||
return rbac.NewResource(types.SharedModuleRbacResource(ids[0], ids[1])), nil
|
||||
}
|
||||
|
||||
return loadSharedModule(ctx, svc.store, ids[0], ids[1])
|
||||
|
||||
20
server/system/service/access_control.gen.go
generated
20
server/system/service/access_control.gen.go
generated
@ -1195,61 +1195,61 @@ func (svc accessControl) resourceLoader(ctx context.Context, resource string) (r
|
||||
switch rbac.ResourceType(resourceType) {
|
||||
case types.ApplicationResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ApplicationRbacResource(0)), nil
|
||||
return rbac.NewResource(types.ApplicationRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadApplication(ctx, svc.store, ids[0])
|
||||
case types.ApigwRouteResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ApigwRouteRbacResource(0)), nil
|
||||
return rbac.NewResource(types.ApigwRouteRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadApigwRoute(ctx, svc.store, ids[0])
|
||||
case types.AuthClientResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.AuthClientRbacResource(0)), nil
|
||||
return rbac.NewResource(types.AuthClientRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadAuthClient(ctx, svc.store, ids[0])
|
||||
case types.DataPrivacyRequestResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.DataPrivacyRequestRbacResource(0)), nil
|
||||
return rbac.NewResource(types.DataPrivacyRequestRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadDataPrivacyRequest(ctx, svc.store, ids[0])
|
||||
case types.QueueResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.QueueRbacResource(0)), nil
|
||||
return rbac.NewResource(types.QueueRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadQueue(ctx, svc.store, ids[0])
|
||||
case types.ReportResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.ReportRbacResource(0)), nil
|
||||
return rbac.NewResource(types.ReportRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadReport(ctx, svc.store, ids[0])
|
||||
case types.RoleResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.RoleRbacResource(0)), nil
|
||||
return rbac.NewResource(types.RoleRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadRole(ctx, svc.store, ids[0])
|
||||
case types.TemplateResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.TemplateRbacResource(0)), nil
|
||||
return rbac.NewResource(types.TemplateRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadTemplate(ctx, svc.store, ids[0])
|
||||
case types.UserResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.UserRbacResource(0)), nil
|
||||
return rbac.NewResource(types.UserRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadUser(ctx, svc.store, ids[0])
|
||||
case types.DalConnectionResourceType:
|
||||
if hasWildcard {
|
||||
return rbac.NewResource(types.DalConnectionRbacResource(0)), nil
|
||||
return rbac.NewResource(types.DalConnectionRbacResource(ids[0])), nil
|
||||
}
|
||||
|
||||
return loadDalConnection(ctx, svc.store, ids[0])
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user