FIX: Hotfixes epic bugathon 02 ISSUE: user auth issues, api error response , cluster soft delete (#486)

* user auth api error response for structured

* cluster listing soft delete items excludes

* environment autocomplete api added auth disable functionality

Author: vikramdevtron

api/restHandler/EnvironmentRestHandler.go

@@ -257,11 +257,27 @@ func (impl EnvironmentRestHandlerImpl) GetEnvironmentListForAutocomplete(w http.
 		writeJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
 	}
+
+	v := r.URL.Query()
+	authEnabled := true
+	auth := v.Get("auth")
+	if len(auth) > 0 {
+		authEnabled, err = strconv.ParseBool(auth)
+		if err != nil {
+			authEnabled = true
+			err = nil
+			//ignore error, apply rbac by default
+		}
+	}
 	token := r.Header.Get("token")
 	// RBAC enforcer applying
 	var grantedEnvironment []request.EnvironmentBean
 	for _, item := range environments {
-		if ok := impl.enforcer.Enforce(token, rbac.ResourceGlobalEnvironment, rbac.ActionGet, strings.ToLower(item.Environment)); ok {
+		if authEnabled == true {
+			if ok := impl.enforcer.Enforce(token, rbac.ResourceGlobalEnvironment, rbac.ActionGet, strings.ToLower(item.Environment)); ok {
+				grantedEnvironment = append(grantedEnvironment, item)
+			}
+		} else {
 			grantedEnvironment = append(grantedEnvironment, item)
 		}
 	}

api/restHandler/UserAuthHandler.go

@@ -27,7 +27,6 @@ import (
 	"github.com/devtron-labs/devtron/pkg/sso"
 	"github.com/devtron-labs/devtron/pkg/user"
 	"github.com/devtron-labs/devtron/util/rbac"
-	"github.com/devtron-labs/devtron/util/response"
 	"github.com/gorilla/mux"
 	"github.com/nats-io/stan"
 	"go.uber.org/zap"
@@ -148,7 +147,7 @@ func (handler UserAuthHandlerImpl) AddPolicy(w http.ResponseWriter, r *http.Requ
 	// RBAC enforcer applying
 	token := r.Header.Get("token")
 	if ok := handler.enforcer.Enforce(token, rbac.ResourceAdmin, rbac.ActionCreate, string(userId)); !ok {
-		response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+		writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 		return
 	}
 	//RBAC enforcer Ends
@@ -188,7 +187,7 @@ func (handler UserAuthHandlerImpl) RemovePolicy(w http.ResponseWriter, r *http.R
 	// RBAC enforcer applying
 	token := r.Header.Get("token")
 	if ok := handler.enforcer.Enforce(token, rbac.ResourceAdmin, rbac.ActionDelete, userId); !ok {
-		response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+		writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 		return
 	}
 	//RBAC enforcer Ends

api/restHandler/UserRestHandler.go

@@ -184,14 +184,14 @@ func (handler UserRestHandlerImpl) UpdateUser(w http.ResponseWriter, r *http.Req
 		for _, filter := range userInfo.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}
 		}
 	} else {
 		if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, "*"); !ok {
-			response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+			writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 			return
 		}
 	}
@@ -290,7 +290,7 @@ func (handler UserRestHandlerImpl) GetById(w http.ResponseWriter, r *http.Reques
 			authPass = true
 		}
 		if authPass == false {
-			response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+			writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 			return
 		}
 	}
@@ -372,7 +372,7 @@ func (handler UserRestHandlerImpl) GetUserByEmail(w http.ResponseWriter, r *http
 		for _, filter := range res.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}
@@ -410,14 +410,14 @@ func (handler UserRestHandlerImpl) DeleteUser(w http.ResponseWriter, r *http.Req
 		for _, filter := range user.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}
 		}
 	} else {
 		if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, ""); !ok {
-			response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+			writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 			return
 		}
 	}
@@ -456,7 +456,7 @@ func (handler UserRestHandlerImpl) FetchRoleGroupById(w http.ResponseWriter, r *
 		for _, filter := range res.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionGet, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}
@@ -490,14 +490,14 @@ func (handler UserRestHandlerImpl) CreateRoleGroup(w http.ResponseWriter, r *htt
 		for _, filter := range request.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}
 		}
 	} else {
 		if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionCreate, "*"); !ok {
-			response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+			writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 			return
 		}
 	}
@@ -545,14 +545,14 @@ func (handler UserRestHandlerImpl) UpdateRoleGroup(w http.ResponseWriter, r *htt
 		for _, filter := range request.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}
 		}
 	} else {
 		if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionUpdate, "*"); !ok {
-			response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+			writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 			return
 		}
 	}
@@ -635,7 +635,7 @@ func (handler UserRestHandlerImpl) DeleteRoleGroup(w http.ResponseWriter, r *htt
 		for _, filter := range userGroup.RoleFilters {
 			if len(filter.Team) > 0 {
 				if ok := handler.enforcer.Enforce(token, rbac.ResourceUser, rbac.ActionDelete, strings.ToLower(filter.Team)); !ok {
-					response.WriteResponse(http.StatusForbidden, "FORBIDDEN", w, errors.New("unauthorized"))
+					writeJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 					return
 				}
 			}

pkg/cluster/ClusterService.go

@@ -221,7 +221,7 @@ func (impl ClusterServiceImpl) FindOneActive(clusterName string) (*ClusterBean,
 }
 
 func (impl ClusterServiceImpl) FindAll() ([]*ClusterBean, error) {
-	model, err := impl.clusterRepository.FindAll()
+	model, err := impl.clusterRepository.FindAllActive()
 	if err != nil {
 		return nil, err
 	}