Skip to content

fix: updated auth for fetching user list #2167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Aug 12, 2022
Merged

fix: updated auth for fetching user list #2167

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
4fabb84
updated auth for user list fetch
kartik-579 Aug 11, 2022
1401335
Merge branch 'main' into user-list-auth-change
kartik-579 Aug 12, 2022
32c1071
updated manager rbac check
kartik-579 Aug 12, 2022
1438a39
review change
kartik-579 Aug 12, 2022
dbae988
Merge branch 'user-list-auth-change' of github.com:devtron-labs/devtr…
kartik-579 Aug 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 45 additions & 2 deletions api/user/UserRestHandler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,13 @@ type UserRestHandlerImpl struct {

func NewUserRestHandlerImpl(userService user.UserService, validator *validator.Validate,
logger *zap.SugaredLogger, enforcer casbin.Enforcer, roleGroupService user.RoleGroupService) *UserRestHandlerImpl {
userAuthHandler := &UserRestHandlerImpl{userService: userService, validator: validator, logger: logger,
enforcer: enforcer, roleGroupService: roleGroupService}
userAuthHandler := &UserRestHandlerImpl{
userService: userService,
validator: validator,
logger: logger,
enforcer: enforcer,
roleGroupService: roleGroupService,
}
return userAuthHandler
}

Expand Down Expand Up @@ -261,6 +266,44 @@ func (handler UserRestHandlerImpl) GetById(w http.ResponseWriter, r *http.Reques
}

func (handler UserRestHandlerImpl) GetAll(w http.ResponseWriter, r *http.Request) {
userId, err := handler.userService.GetLoggedInUser(r)
if userId == 0 || err != nil {
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
return
}

// RBAC enforcer applying
token := r.Header.Get("token")
isAuthorised := false
//checking superAdmin access
isAuthorised, err = handler.userService.IsSuperAdmin(int(userId))
if err != nil {
handler.logger.Errorw("error in checking superAdmin access of user", "err", err)
common.WriteJsonResp(w, err, "", http.StatusInternalServerError)
return
}
if !isAuthorised {
user, err := handler.userService.GetById(userId)
if err != nil {
handler.logger.Errorw("error in getting user by id", "err", err)
common.WriteJsonResp(w, err, "", http.StatusInternalServerError)
return
}
if user.RoleFilters != nil && len(user.RoleFilters) > 0 {
for _, filter := range user.RoleFilters {
if len(filter.Team) > 0 {
if ok := handler.enforcer.Enforce(token, casbin.ResourceUser, casbin.ActionGet, strings.ToLower(filter.Team)); ok {
isAuthorised = true
break
}
}
}
}
}
if !isAuthorised {
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
return
}
res, err := handler.userService.GetAll()
if err != nil {
handler.logger.Errorw("service err, GetAll", "err", err)
Expand Down