FIX: Hotfixes epic bugathon 01 ISSUE: user auth issues (#484)

vikramdevtron · web-flow · commit 48d94f27ee48 · 2021-05-26T11:21:31.000+05:30
* rbac object team name to lower case fix

* rbac object team name to lower case fix
diff --git a/api/restHandler/NotificationRestHandler.go b/api/restHandler/NotificationRestHandler.go
@@ -38,6 +38,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"strconv"
+	"strings"
 )
 
 type NotificationRestHandler interface {
@@ -178,7 +179,7 @@ func (impl NotificationRestHandlerImpl) buildRbacObjectsForNotificationSettings(
 		}
 		for _, t := range teams {
 			for _, a := range apps {
-				teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", t.Name, a.Name))
+				teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", strings.ToLower(t.Name), strings.ToLower(a.Name)))
 				appsMap[a.Id] = a.Name
 			}
 		}
@@ -198,7 +199,7 @@ func (impl NotificationRestHandlerImpl) buildRbacObjectsForNotificationSettings(
 		for _, t := range teams {
 			for _, a := range apps {
 				if t.Id == a.TeamId {
-					teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", t.Name, a.Name))
+					teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", strings.ToLower(t.Name), strings.ToLower(a.Name)))
 				}
 			}
 		}
@@ -208,23 +209,23 @@ func (impl NotificationRestHandlerImpl) buildRbacObjectsForNotificationSettings(
 		}
 		for _, t := range teams {
 			teamsMap[t.Id] = t.Name
-			teamRbac = append(teamRbac, fmt.Sprintf("%s/*", t.Name))
+			teamRbac = append(teamRbac, fmt.Sprintf("%s/*", strings.ToLower(t.Name)))
 		}
 	}
 	if len(envIds) > 0 && len(appIds) == 0 {
 		envs, err := impl.environmentService.FindByIds(envIds)
 		if err != nil {
 		}
 		for _, e := range envs {
-			envRbac = append(envRbac, fmt.Sprintf("%s/*", e.Environment))
+			envRbac = append(envRbac, fmt.Sprintf("%s/*", strings.ToLower(e.Environment)))
 		}
 	} else if len(envIds) > 0 && len(appIds) > 0 {
 		envs, err := impl.environmentService.FindByIds(envIds)
 		if err != nil {
 		}
 		for _, e := range envs {
 			for _, aId := range appIds {
-				envRbac = append(envRbac, fmt.Sprintf("%s/%s", e.Environment, appsMap[*aId]))
+				envRbac = append(envRbac, fmt.Sprintf("%s/%s", strings.ToLower(e.Environment), appsMap[*aId]))
 			}
 		}
 	}
@@ -457,7 +458,7 @@ func (impl NotificationRestHandlerImpl) SaveNotificationChannelConfig(w http.Res
 			return
 		}
 		for _, item := range teams {
-			if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionCreate, fmt.Sprintf("%s/*", item.Name)); !ok {
+			if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionCreate, fmt.Sprintf("%s/*", strings.ToLower(item.Name))); !ok {
 				writeJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
 				return
 			}
@@ -541,7 +542,7 @@ func (impl NotificationRestHandlerImpl) FindAllNotificationConfig(w http.Respons
 			return
 		}
 		for _, item := range teams {
-			if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", item.Name)); !ok {
+			if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", strings.ToLower(item.Name))); !ok {
 				pass = false
 				break
 			}
@@ -683,7 +684,7 @@ func (impl NotificationRestHandlerImpl) FindAllNotificationConfigAutocomplete(w
 				writeJsonResp(w, err, nil, http.StatusBadRequest)
 				return
 			}
-			if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", team.Name)); ok {
+			if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", strings.ToLower(team.Name))); ok {
 				channelsResponse = append(channelsResponse, item)
 			}
 		}
diff --git a/api/restHandler/UserRestHandler.go b/api/restHandler/UserRestHandler.go
@@ -32,6 +32,7 @@ import (
 	"gopkg.in/go-playground/validator.v9"
 	"net/http"
 	"strconv"
+	"strings"
 )
 
 type UserRestHandler interface {
@@ -97,7 +98,7 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req
 	if userInfo.RoleFilters != nil && len(userInfo.RoleFilters) > 0 {
 		for _, filter := range userInfo.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -122,7 +123,7 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req
 		if groupRoles != nil && len(groupRoles) > 0 {
 			for _, groupRole := range groupRoles {
 				if len(groupRole.Team) > 0 {
-					if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, groupRole.Team); !ok {
+					if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, strings.ToLower(groupRole.Team)); !ok {
 						response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 						return
 					}
@@ -182,7 +183,7 @@ func (handler UserRestHandlerImpl) UpdateUser(w http.ResponseWriter, r *http.Req
 	if userInfo.RoleFilters != nil && len(userInfo.RoleFilters) > 0 {
 		for _, filter := range userInfo.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -207,7 +208,7 @@ func (handler UserRestHandlerImpl) UpdateUser(w http.ResponseWriter, r *http.Req
 		if groupRoles != nil && len(groupRoles) > 0 {
 			for _, groupRole := range groupRoles {
 				if len(groupRole.Team) > 0 {
-					if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, groupRole.Team); !ok {
+					if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, strings.ToLower(groupRole.Team)); !ok {
 						response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 						return
 					}
@@ -277,7 +278,7 @@ func (handler UserRestHandlerImpl) GetById(w http.ResponseWriter, r *http.Reques
 		authPass := false
 		for _, filter := range res.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, filter.Team); ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, strings.ToLower(filter.Team)); ok {
 					authPass = true
 				}
 			}
@@ -338,7 +339,7 @@ func (handler UserRestHandlerImpl) GetUsersByFilter(w http.ResponseWriter, r *ht
 			pass := true
 			for _, filter := range item.RoleFilters {
 				if len(filter.Team) > 0 {
-					if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, filter.Team); !ok {
+					if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, strings.ToLower(filter.Team)); !ok {
 						pass = false
 					}
 				}
@@ -370,7 +371,7 @@ func (handler UserRestHandlerImpl) GetUserByEmail(w http.ResponseWriter, r *http
 	if res.RoleFilters != nil && len(res.RoleFilters) > 0 {
 		for _, filter := range res.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -408,7 +409,7 @@ func (handler UserRestHandlerImpl) DeleteUser(w http.ResponseWriter, r *http.Req
 	if user.RoleFilters != nil && len(user.RoleFilters) > 0 {
 		for _, filter := range user.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -454,7 +455,7 @@ func (handler UserRestHandlerImpl) FetchRoleGroupById(w http.ResponseWriter, r *
 	if res.RoleFilters != nil && len(res.RoleFilters) > 0 {
 		for _, filter := range res.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -488,7 +489,7 @@ func (handler UserRestHandlerImpl) CreateRoleGroup(w http.ResponseWriter, r *htt
 	if request.RoleFilters != nil && len(request.RoleFilters) > 0 {
 		for _, filter := range request.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -543,7 +544,7 @@ func (handler UserRestHandlerImpl) UpdateRoleGroup(w http.ResponseWriter, r *htt
 	if request.RoleFilters != nil && len(request.RoleFilters) > 0 {
 		for _, filter := range request.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
@@ -633,7 +634,7 @@ func (handler UserRestHandlerImpl) DeleteRoleGroup(w http.ResponseWriter, r *htt
 	if userGroup.RoleFilters != nil && len(userGroup.RoleFilters) > 0 {
 		for _, filter := range userGroup.RoleFilters {
 			if len(filter.Team) > 0 {
-				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, filter.Team); !ok {
+				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, strings.ToLower(filter.Team)); !ok {
 					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
 					return
 				}
diff --git a/pkg/user/RoleGroupService.go b/pkg/user/RoleGroupService.go
@@ -418,7 +418,7 @@ func (impl RoleGroupServiceImpl) FetchRoleGroupsById(id int32) (*bean.RoleGroup,
 	for _, role := range roles {
 		key := ""
 		if len(role.Team) > 0 && len(role.Environment) > 0 {
-			key = fmt.Sprintf("%s_%s", role.Team, role.Action)
+			key = fmt.Sprintf("%s_%s", role.Team, role.Environment)
 		} else if len(role.Entity) > 0 {
 			key = fmt.Sprintf("%s_%s", role.Entity, role.Action)
 		}

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ import (`
`38`	`38`	`"io/ioutil"`
`39`	`39`	`"net/http"`
`40`	`40`	`"strconv"`
	`41`	`+ "strings"`
`41`	`42`	`)`
`42`	`43`
`43`	`44`	`type NotificationRestHandler interface {`
`@@ -178,7 +179,7 @@ func (impl NotificationRestHandlerImpl) buildRbacObjectsForNotificationSettings(`
`178`	`179`	`}`
`179`	`180`	`for _, t := range teams {`
`180`	`181`	`for _, a := range apps {`
`181`		`- teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", t.Name, a.Name))`
	`182`	`+ teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", strings.ToLower(t.Name), strings.ToLower(a.Name)))`
`182`	`183`	`appsMap[a.Id] = a.Name`
`183`	`184`	`}`
`184`	`185`	`}`
`@@ -198,7 +199,7 @@ func (impl NotificationRestHandlerImpl) buildRbacObjectsForNotificationSettings(`
`198`	`199`	`for _, t := range teams {`
`199`	`200`	`for _, a := range apps {`
`200`	`201`	`if t.Id == a.TeamId {`
`201`		`- teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", t.Name, a.Name))`
	`202`	`+ teamRbac = append(teamRbac, fmt.Sprintf("%s/%s", strings.ToLower(t.Name), strings.ToLower(a.Name)))`
`202`	`203`	`}`
`203`	`204`	`}`
`204`	`205`	`}`
`@@ -208,23 +209,23 @@ func (impl NotificationRestHandlerImpl) buildRbacObjectsForNotificationSettings(`
`208`	`209`	`}`
`209`	`210`	`for _, t := range teams {`
`210`	`211`	`teamsMap[t.Id] = t.Name`
`211`		`- teamRbac = append(teamRbac, fmt.Sprintf("%s/*", t.Name))`
	`212`	`+ teamRbac = append(teamRbac, fmt.Sprintf("%s/*", strings.ToLower(t.Name)))`
`212`	`213`	`}`
`213`	`214`	`}`
`214`	`215`	`if len(envIds) > 0 && len(appIds) == 0 {`
`215`	`216`	`envs, err := impl.environmentService.FindByIds(envIds)`
`216`	`217`	`if err != nil {`
`217`	`218`	`}`
`218`	`219`	`for _, e := range envs {`
`219`		`- envRbac = append(envRbac, fmt.Sprintf("%s/*", e.Environment))`
	`220`	`+ envRbac = append(envRbac, fmt.Sprintf("%s/*", strings.ToLower(e.Environment)))`
`220`	`221`	`}`
`221`	`222`	`} else if len(envIds) > 0 && len(appIds) > 0 {`
`222`	`223`	`envs, err := impl.environmentService.FindByIds(envIds)`
`223`	`224`	`if err != nil {`
`224`	`225`	`}`
`225`	`226`	`for _, e := range envs {`
`226`	`227`	`for _, aId := range appIds {`
`227`		`- envRbac = append(envRbac, fmt.Sprintf("%s/%s", e.Environment, appsMap[*aId]))`
	`228`	`+ envRbac = append(envRbac, fmt.Sprintf("%s/%s", strings.ToLower(e.Environment), appsMap[*aId]))`
`228`	`229`	`}`
`229`	`230`	`}`
`230`	`231`	`}`
`@@ -457,7 +458,7 @@ func (impl NotificationRestHandlerImpl) SaveNotificationChannelConfig(w http.Res`
`457`	`458`	`return`
`458`	`459`	`}`
`459`	`460`	`for _, item := range teams {`
`460`		`- if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionCreate, fmt.Sprintf("%s/*", item.Name)); !ok {`
	`461`	`+ if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionCreate, fmt.Sprintf("%s/*", strings.ToLower(item.Name))); !ok {`
`461`	`462`	`writeJsonResp(w, err, "Unauthorized User", http.StatusForbidden)`
`462`	`463`	`return`
`463`	`464`	`}`
`@@ -541,7 +542,7 @@ func (impl NotificationRestHandlerImpl) FindAllNotificationConfig(w http.Respons`
`541`	`542`	`return`
`542`	`543`	`}`
`543`	`544`	`for _, item := range teams {`
`544`		`- if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", item.Name)); !ok {`
	`545`	`+ if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", strings.ToLower(item.Name))); !ok {`
`545`	`546`	`pass = false`
`546`	`547`	`break`
`547`	`548`	`}`
`@@ -683,7 +684,7 @@ func (impl NotificationRestHandlerImpl) FindAllNotificationConfigAutocomplete(w`
`683`	`684`	`writeJsonResp(w, err, nil, http.StatusBadRequest)`
`684`	`685`	`return`
`685`	`686`	`}`
`686`		`- if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", team.Name)); ok {`
	`687`	`+ if ok := impl.enforcer.Enforce(token, rbac.ResourceApplications, rbac.ActionGet, fmt.Sprintf("%s/*", strings.ToLower(team.Name))); ok {`
`687`	`688`	`channelsResponse = append(channelsResponse, item)`
`688`	`689`	`}`
`689`	`690`	`}`
Original file line number	Diff line number	Diff line change
`@@ -418,7 +418,7 @@ func (impl RoleGroupServiceImpl) FetchRoleGroupsById(id int32) (*bean.RoleGroup,`
`418`	`418`	`for _, role := range roles {`
`419`	`419`	`key := ""`
`420`	`420`	`if len(role.Team) > 0 && len(role.Environment) > 0 {`
`421`		`- key = fmt.Sprintf("%s_%s", role.Team, role.Action)`
	`421`	`+ key = fmt.Sprintf("%s_%s", role.Team, role.Environment)`
`422`	`422`	`} else if len(role.Entity) > 0 {`
`423`	`423`	`key = fmt.Sprintf("%s_%s", role.Entity, role.Action)`
`424`	`424`	`}`