fix:rbac is not in sync with Actual application status (#4237)

adi6859 · web-flow · commit 59f89d60576c · 2023-12-06T09:13:17.000+05:30
* query modified in GetRolesForApp

* query modified in GetRolesForApp and superAdmin issue fixed

* userRole mapping deletion

* laoding casbin

* constant changed
diff --git a/pkg/user/UserAuthService.go b/pkg/user/UserAuthService.go
@@ -497,20 +497,33 @@ func (impl UserAuthServiceImpl) DeleteRoles(entityType string, entityName string
 
 	// deleting policies in casbin and roles
 	var casbinDeleteFailed []bool
+	casbin2.LoadPolicy()
 	for _, roleModel := range roleModels {
 		success := casbin2.RemovePoliciesByRoles(roleModel.Role)
 		if !success {
 			impl.logger.Warnw("error in deleting casbin policy for role", "role", roleModel.Role)
 			casbinDeleteFailed = append(casbinDeleteFailed, success)
 		}
+		allUsersMappedToRoles, err := casbin2.GetUserByRole(roleModel.Role)
+		if err != nil {
+			impl.logger.Errorw("error in getting all users by roles", "err", err, "role", roleModel.Role)
+			return err
+		}
+		for _, rl := range allUsersMappedToRoles {
+			success = casbin2.DeleteRoleForUser(rl, roleModel.Role)
+			if !success {
+				impl.logger.Warnw("error in deleting casbin policy for role", "role", roleModel.Role)
+				casbinDeleteFailed = append(casbinDeleteFailed, success)
+			}
+		}
 		//deleting user_roles for this role_id (foreign key constraint)
 		err = impl.userAuthRepository.DeleteUserRoleByRoleId(roleModel.Id, tx)
 		if err != nil {
 			impl.logger.Errorw("error in deleting user_roles by role id", "err", err, "roleId", roleModel.Id)
 			return err
 		}
 		//deleting role_group_role_mapping for this role_id (foreign key constraint)
-		err := impl.roleGroupRepository.DeleteRoleGroupRoleMappingByRoleId(roleModel.Id, tx)
+		err = impl.roleGroupRepository.DeleteRoleGroupRoleMappingByRoleId(roleModel.Id, tx)
 		if err != nil {
 			impl.logger.Errorw("error in deleting role_group_role_mapping by role id", "err", err, "roleId", roleModel.Id)
 			return err
@@ -522,5 +535,6 @@ func (impl UserAuthServiceImpl) DeleteRoles(entityType string, entityName string
 			return err
 		}
 	}
+	casbin2.LoadPolicy()
 	return nil
 }
diff --git a/pkg/user/repository/UserAuthRepository.go b/pkg/user/repository/UserAuthRepository.go
@@ -951,8 +951,10 @@ func (impl UserAuthRepositoryImpl) GetRolesForProject(teamName string) ([]*RoleM
 
 func (impl UserAuthRepositoryImpl) GetRolesForApp(appName string) ([]*RoleModel, error) {
 	var roles []*RoleModel
-	err := impl.dbConnection.Model(&roles).Where("entity is NULL").
-		Where("entity_name = ?", appName).Select()
+	err := impl.dbConnection.Model(&roles).
+		Where("(entity is NULL) OR (entity = ? AND access_type = ?) OR (entity = ?)", bean2.ENTITY_APPS, bean2.DEVTRON_APP, bean2.EntityJobs).
+		Where("entity_name = ?", appName).
+		Select()
 	if err != nil {
 		impl.Logger.Errorw("error in getting roles for app", "err", err, "appName", appName)
 		return nil, err
