Skip to content

Commit 057e764

Browse files
akshatsinha007akshatsinha007
authored
Merge pull request #1 from devtron-labs/main
Revert "fix: apps and jobs permission (#5110)" (#5206)
2 parents 2db37ca + 0269dcd commit 057e764

File tree

12 files changed

+114
-136
lines changed

12 files changed

+114
-136
lines changed

api/restHandler/ConfigMapRestHandler.go

Lines changed: 32 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,8 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalAddUpdate(w http.ResponseWriter,
111111

112112
//RBAC START
113113
token := r.Header.Get("token")
114-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(configMapRequest.AppId)
115-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate, appType)
114+
object := handler.enforcerUtil.GetAppRBACNameByAppId(configMapRequest.AppId)
115+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate)
116116
if !ok {
117117
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
118118
return
@@ -147,8 +147,8 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentAddUpdate(w http.ResponseWr
147147

148148
//RBAC START
149149
token := r.Header.Get("token")
150-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(configMapRequest.AppId)
151-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate, appType)
150+
object := handler.enforcerUtil.GetAppRBACNameByAppId(configMapRequest.AppId)
151+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate)
152152
if !ok {
153153
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
154154
return
@@ -188,8 +188,8 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalFetch(w http.ResponseWriter, r *
188188

189189
//RBAC START
190190
token := r.Header.Get("token")
191-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
192-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
191+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
192+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
193193
if !ok {
194194
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
195195
return
@@ -225,8 +225,8 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalFetchForEdit(w http.ResponseWrit
225225
return
226226
}
227227
token := r.Header.Get("token")
228-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
229-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
228+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
229+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
230230
if !ok {
231231
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
232232
return
@@ -268,8 +268,8 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentFetchForEdit(w http.Respons
268268
return
269269
}
270270
token := r.Header.Get("token")
271-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
272-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
271+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
272+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
273273
if !ok {
274274
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
275275
return
@@ -315,8 +315,8 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentFetch(w http.ResponseWriter
315315

316316
//RBAC START
317317
token := r.Header.Get("token")
318-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
319-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
318+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
319+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
320320
if !ok {
321321
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
322322
return
@@ -352,8 +352,8 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalAddUpdate(w http.ResponseWriter,
352352

353353
//RBAC START
354354
token := r.Header.Get("token")
355-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(configMapRequest.AppId)
356-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate, appType)
355+
object := handler.enforcerUtil.GetAppRBACNameByAppId(configMapRequest.AppId)
356+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate)
357357
if !ok {
358358
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
359359
return
@@ -389,8 +389,8 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentAddUpdate(w http.ResponseWr
389389

390390
//RBAC START
391391
token := r.Header.Get("token")
392-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(configMapRequest.AppId)
393-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate, appType)
392+
object := handler.enforcerUtil.GetAppRBACNameByAppId(configMapRequest.AppId)
393+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionCreate)
394394
if !ok {
395395
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
396396
return
@@ -430,8 +430,8 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalFetch(w http.ResponseWriter, r *
430430

431431
//RBAC START
432432
token := r.Header.Get("token")
433-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
434-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
433+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
434+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
435435
if !ok {
436436
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
437437
return
@@ -469,8 +469,8 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentFetch(w http.ResponseWriter
469469

470470
//RBAC START
471471
token := r.Header.Get("token")
472-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
473-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
472+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
473+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
474474
if !ok {
475475
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
476476
return
@@ -510,8 +510,8 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalDelete(w http.ResponseWriter, r
510510

511511
//RBAC START
512512
token := r.Header.Get("token")
513-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
514-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete, appType)
513+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
514+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete)
515515
if !ok {
516516
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
517517
return
@@ -557,8 +557,8 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentDelete(w http.ResponseWrite
557557

558558
//RBAC START
559559
token := r.Header.Get("token")
560-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
561-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete, appType)
560+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
561+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete)
562562
if !ok {
563563
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
564564
return
@@ -606,8 +606,8 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalDelete(w http.ResponseWriter, r
606606

607607
//RBAC START
608608
token := r.Header.Get("token")
609-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
610-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete, appType)
609+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
610+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete)
611611
if !ok {
612612
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
613613
return
@@ -653,8 +653,8 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentDelete(w http.ResponseWrite
653653

654654
//RBAC START
655655
token := r.Header.Get("token")
656-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
657-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete, appType)
656+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
657+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionDelete)
658658
if !ok {
659659
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
660660
return
@@ -702,8 +702,8 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalFetchForEdit(w http.ResponseWrit
702702

703703
//RBAC START
704704
token := r.Header.Get("token")
705-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
706-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate, appType)
705+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
706+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate)
707707
if !ok {
708708
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
709709
return
@@ -749,8 +749,8 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentFetchForEdit(w http.Respons
749749

750750
//RBAC START
751751
token := r.Header.Get("token")
752-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
753-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate, appType)
752+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
753+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate)
754754
if !ok {
755755
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
756756
return

api/restHandler/GlobalPluginRestHandler.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ func (handler *GlobalPluginRestHandlerImpl) GetAllGlobalVariables(w http.Respons
166166
//on atleast one app & we can't check this without iterating through every app
167167
//TODO: update plugin as a resource in casbin and make rbac independent of appId
168168
resourceName := handler.enforcerUtil.GetAppRBACName(app.AppName)
169-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, resourceName, casbin.ActionCreate, app.AppType)
169+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, resourceName, casbin.ActionCreate)
170170
if !ok {
171171
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
172172
return
@@ -199,7 +199,7 @@ func (handler *GlobalPluginRestHandlerImpl) ListAllPlugins(w http.ResponseWriter
199199
//on atleast one app & we can't check this without iterating through every app
200200
//TODO: update plugin as a resource in casbin and make rbac independent of appId
201201
resourceName := handler.enforcerUtil.GetAppRBACName(app.AppName)
202-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, resourceName, casbin.ActionCreate, app.AppType)
202+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, resourceName, casbin.ActionCreate)
203203
if !ok {
204204
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
205205
return
@@ -233,7 +233,7 @@ func (handler *GlobalPluginRestHandlerImpl) GetPluginDetailById(w http.ResponseW
233233
//on atleast one app & we can't check this without iterating through every app
234234
//TODO: update plugin as a resource in casbin and make rbac independent of appId
235235
resourceName := handler.enforcerUtil.GetAppRBACName(app.AppName)
236-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, resourceName, casbin.ActionCreate, app.AppType)
236+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, resourceName, casbin.ActionCreate)
237237
if !ok {
238238
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
239239
return

api/restHandler/app/appInfo/AppInfoRestHandler.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -117,8 +117,8 @@ func (handler AppInfoRestHandlerImpl) GetAppMetaInfo(w http.ResponseWriter, r *h
117117

118118
//rback implementation starts here
119119
token := r.Header.Get("token")
120-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
121-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
120+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
121+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
122122
if !ok {
123123
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
124124
return
@@ -209,15 +209,15 @@ func (handler AppInfoRestHandlerImpl) UpdateApp(w http.ResponseWriter, r *http.R
209209

210210
// check for existing project/app permission
211211
object := handler.enforcerUtil.GetAppRBACNameByAppId(request.Id)
212-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate, request.AppType)
212+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate)
213213
if !ok {
214214
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
215215
return
216216
}
217217

218218
// check for request project/app permission
219219
object = handler.enforcerUtil.GetAppRBACNameByTeamIdAndAppId(request.TeamId, request.Id)
220-
ok = handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate, request.AppType)
220+
ok = handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate)
221221
if !ok {
222222
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
223223
return
@@ -370,8 +370,8 @@ func (handler AppInfoRestHandlerImpl) UpdateAppNote(w http.ResponseWriter, r *ht
370370
//rbac implementation starts here
371371

372372
// check for existing project/app permission
373-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(bean.Identifier)
374-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate, appType)
373+
object := handler.enforcerUtil.GetAppRBACNameByAppId(bean.Identifier)
374+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionUpdate)
375375
if !ok {
376376
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
377377
return

api/restHandler/app/appList/AppListingRestHandler.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -695,7 +695,7 @@ func (handler AppListingRestHandlerImpl) FetchAppStageStatus(w http.ResponseWrit
695695

696696
// RBAC enforcer applying
697697
object := handler.enforcerUtil.GetAppRBACName(app.AppName)
698-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, app.AppType)
698+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
699699
if !ok {
700700
common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
701701
return
@@ -769,7 +769,7 @@ func (handler AppListingRestHandlerImpl) FetchMinDetailOtherEnvironment(w http.R
769769

770770
// RBAC enforcer applying
771771
object := handler.enforcerUtil.GetAppRBACName(app.AppName)
772-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, app.AppType)
772+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
773773
if !ok {
774774
common.WriteJsonResp(w, err, "unauthorized user", http.StatusForbidden)
775775
return

api/restHandler/app/pipeline/AutoCompleteRestHandler.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -203,8 +203,8 @@ func (handler DevtronAppAutoCompleteRestHandlerImpl) GitListAutocomplete(w http.
203203
}
204204
handler.Logger.Infow("request payload, GitListAutocomplete", "appId", appId)
205205
//RBAC
206-
object, appType := handler.enforcerUtil.GetAppRBACNameAndAppTypeByAppId(appId)
207-
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet, appType)
206+
object := handler.enforcerUtil.GetAppRBACNameByAppId(appId)
207+
ok := handler.enforcerUtil.CheckAppRbacForAppOrJob(token, object, casbin.ActionGet)
208208
if !ok {
209209
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
210210
return

0 commit comments

Comments
 (0)