devtron-labs · gireesh-naidu · Nov 26, 2022 · Nov 1, 2022 · Nov 2, 2022 · Nov 2, 2022
@@ -129,6 +129,7 @@ type Environment struct {
 	InfraMetrics    *bool  `json:"infraMetrics"`
 	Prod            bool   `json:"prod"`
 	ChartRefId      int    `json:"chartRefId"`
+	LastDeployed    string `json:"lastDeployed"`
 }
 
 type InstanceDetail struct {

@@ -19,10 +19,13 @@ package externalLink
 
 import (
 	"encoding/json"
+	"fmt"
 	"github.com/devtron-labs/devtron/api/restHandler/common"
 	"github.com/devtron-labs/devtron/pkg/externalLink"
 	"github.com/devtron-labs/devtron/pkg/user"
 	"github.com/devtron-labs/devtron/pkg/user/casbin"
+	"github.com/devtron-labs/devtron/util/rbac"
+	"github.com/go-pg/pg"
 	"github.com/gorilla/mux"
 	"github.com/juju/errors"
 	"go.uber.org/zap"
@@ -42,24 +45,61 @@ type ExternalLinkRestHandlerImpl struct {
 	externalLinkService externalLink.ExternalLinkService
 	userService         user.UserService
 	enforcer            casbin.Enforcer
+	enforcerUtil        rbac.EnforcerUtil
 }
 
 func NewExternalLinkRestHandlerImpl(logger *zap.SugaredLogger,
 	externalLinkService externalLink.ExternalLinkService,
 	userService user.UserService,
 	enforcer casbin.Enforcer,
+	enforcerUtil rbac.EnforcerUtil,
 ) *ExternalLinkRestHandlerImpl {
 	return &ExternalLinkRestHandlerImpl{
 		logger:              logger,
 		externalLinkService: externalLinkService,
 		userService:         userService,
 		enforcer:            enforcer,
+		enforcerUtil:        enforcerUtil,
 	}
 }
-func (impl ExternalLinkRestHandlerImpl) CreateExternalLinks(w http.ResponseWriter, r *http.Request) {
+
+func (impl ExternalLinkRestHandlerImpl) roleCheckHelper(w http.ResponseWriter, r *http.Request, action string) (int32, string, error) {
 	userId, err := impl.userService.GetLoggedInUser(r)
 	if userId == 0 || err != nil {
 		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return userId, "", fmt.Errorf("unauthorized error")
+	}
+	userRole := ""
+	v := r.URL.Query()
+	//put this check from identifiers itself,don't get this appname from query params
+	appId := v.Get("appId")
+	token := r.Header.Get("token")
+	if v.Has("appId") {
+		id, err := strconv.Atoi(appId)
+		if err != nil {
+			impl.logger.Errorw("error occurred while converting appId to integer", "err", err, "appId", appId)
+			common.WriteJsonResp(w, errors.New("Invalid request"), nil, http.StatusBadRequest)
+			return userId, "", fmt.Errorf("invalid request query param appId = %s", appId)
+		}
+		object := impl.enforcerUtil.GetAppRBACNameByAppId(id)
+		if ok := impl.enforcer.Enforce(token, casbin.ResourceApplications, action, object); !ok {
+			common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
+			return userId, "", fmt.Errorf("unauthorized error")
+		}
+		userRole = externalLink.ADMIN_ROLE
+	} else {
+		if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, action, "*"); !ok {
+			common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
+			return userId, "", fmt.Errorf("unauthorized error")
+		}
+		userRole = externalLink.SUPER_ADMIN_ROLE
+	}
+	return userId, userRole, nil
+}
+func (impl ExternalLinkRestHandlerImpl) CreateExternalLinks(w http.ResponseWriter, r *http.Request) {
+	userId, userRole, err := impl.roleCheckHelper(w, r, casbin.ActionCreate)
+	if err != nil {
+		impl.logger.Errorw("error in CreateExternalLinks ", "err", err)
 		return
 	}
 	decoder := json.NewDecoder(r.Body)
@@ -70,15 +110,8 @@ func (impl ExternalLinkRestHandlerImpl) CreateExternalLinks(w http.ResponseWrite
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
-
-	token := r.Header.Get("token")
-	if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*"); !ok {
-		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
-		return
-	}
-
-	res, err := impl.externalLinkService.Create(beans, userId)
-	if err != nil {
+	res, err := impl.externalLinkService.Create(beans, userId, userRole)
+	if err != nil && err != pg.ErrNoRows {
 		impl.logger.Errorw("service err, SaveLink", "err", err, "payload", beans)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
@@ -92,10 +125,9 @@ func (impl ExternalLinkRestHandlerImpl) GetExternalLinkMonitoringTools(w http.Re
 		return
 	}
 
-	// auth free api as we using this for multiple places
-
+	// auth free api as we are using this for multiple places
 	res, err := impl.externalLinkService.GetAllActiveTools()
-	if err != nil {
+	if err != nil && err != pg.ErrNoRows {
 		impl.logger.Errorw("service err, GetAllActiveTools", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
@@ -108,38 +140,62 @@ func (impl ExternalLinkRestHandlerImpl) GetExternalLinks(w http.ResponseWriter,
 		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
 		return
 	}
+
 	v := r.URL.Query()
-	id := v.Get("clusterId")
-	clusterId := 0
-	if len(id) > 0 {
-		clusterId, err = strconv.Atoi(id)
-		if err != nil {
-			common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
-			return
-		}
-	}
+	clusterId := v.Get("clusterId")
+	linkType := v.Get("type")
+	identifier := v.Get("identifier")
 
-	//apply auth only in case when requested for all links
-	if clusterId == 0 {
-		token := r.Header.Get("token")
+	token := r.Header.Get("token")
+	if len(identifier) == 0 && len(linkType) == 0 && len(clusterId) == 0 {
 		if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionGet, "*"); !ok {
 			common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
 			return
 		}
-	}
+		clusterIdNumber := 0
+		res, err := impl.externalLinkService.FetchAllActiveLinksByLinkIdentifier(nil, clusterIdNumber)
+		if err != nil {
+			impl.logger.Errorw("service err, FetchAllActive", "err", err)
+			common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+			return
+		}
+		common.WriteJsonResp(w, err, res, http.StatusOK)
+		return
 
-	res, err := impl.externalLinkService.FetchAllActiveLinks(clusterId)
-	if err != nil {
-		impl.logger.Errorw("service err, FetchAllActive", "err", err)
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+	} else if len(identifier) != 0 && len(linkType) != 0 { //api to get external links from app-level external links tab and from app-details page
+		clusterIdNumber := 0
+		if len(clusterId) != 0 { //api call from app-detail page
+			clusterIdNumber, err = strconv.Atoi(clusterId)
+			if err != nil {
+				impl.logger.Errorw("error occurred while parsing cluster_id", "clusterId", clusterId, "err", err)
+				common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+				return
+			}
+		}
+		linkIdentifier := &externalLink.LinkIdentifier{
+			Type:       linkType,
+			Identifier: identifier,
+			ClusterId:  0,
+		}
+		res, err := impl.externalLinkService.FetchAllActiveLinksByLinkIdentifier(linkIdentifier, clusterIdNumber)
+		if err != nil {
+			impl.logger.Errorw("service err, FetchAllActive", "err", err)
+			common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
+			return
+		}
+		common.WriteJsonResp(w, err, res, http.StatusOK)
 		return
 	}
-	common.WriteJsonResp(w, err, res, http.StatusOK)
+
+	impl.logger.Errorw("invalid request, FetchAllActive external links", "err", err)
+	common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
+	return
+
 }
+
 func (impl ExternalLinkRestHandlerImpl) UpdateExternalLink(w http.ResponseWriter, r *http.Request) {
-	userId, err := impl.userService.GetLoggedInUser(r)
-	if userId == 0 || err != nil {
-		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+	userId, userRole, err := impl.roleCheckHelper(w, r, casbin.ActionUpdate)
+	if err != nil {
 		return
 	}
 	decoder := json.NewDecoder(r.Body)
@@ -152,45 +208,32 @@ func (impl ExternalLinkRestHandlerImpl) UpdateExternalLink(w http.ResponseWriter
 	}
 	bean.UserId = userId
 
-	token := r.Header.Get("token")
-	if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionUpdate, "*"); !ok {
-		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
-		return
-	}
-
-	impl.logger.Infow("request payload, UpdateLink", "err", err, "bean", bean)
-	res, err := impl.externalLinkService.Update(&bean)
+	res, err := impl.externalLinkService.Update(&bean, userRole)
 	if err != nil {
 		impl.logger.Errorw("service err, Update Links", "err", err, "bean", bean)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
 	}
 	common.WriteJsonResp(w, err, res, http.StatusOK)
 }
+
 func (impl ExternalLinkRestHandlerImpl) DeleteExternalLink(w http.ResponseWriter, r *http.Request) {
-	userId, err := impl.userService.GetLoggedInUser(r)
-	if userId == 0 || err != nil {
-		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+	userId, userRole, err := impl.roleCheckHelper(w, r, casbin.ActionDelete)
+	if err != nil {
 		return
 	}
 	params := mux.Vars(r)
 	id := params["id"]
-	idi, err := strconv.Atoi(id)
+	linkId, err := strconv.Atoi(id)
 	if err != nil {
-		impl.logger.Errorw("request err, DeleteExternalLink", "err", err, "id", id)
+		impl.logger.Errorw("request err, DeleteExternalLink", "id", id, "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
 
-	token := r.Header.Get("token")
-	if ok := impl.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionDelete, "*"); !ok {
-		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
-		return
-	}
-
-	res, err := impl.externalLinkService.DeleteLink(idi, userId)
+	res, err := impl.externalLinkService.DeleteLink(linkId, userId, userRole)
 	if err != nil {
-		impl.logger.Errorw("service err, delete Links", "err", err, "id", idi)
+		impl.logger.Errorw("service err, delete Links", "err", err, "linkId", linkId)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
 	}

@@ -11,12 +11,11 @@ import (
 var ExternalLinkWireSet = wire.NewSet(
 	externalLink.NewExternalLinkMonitoringToolRepositoryImpl,
 	wire.Bind(new(externalLink.ExternalLinkMonitoringToolRepository), new(*externalLink.ExternalLinkMonitoringToolRepositoryImpl)),
-	externalLink.NewExternalLinkClusterMappingRepositoryImpl,
-	wire.Bind(new(externalLink.ExternalLinkClusterMappingRepository), new(*externalLink.ExternalLinkClusterMappingRepositoryImpl)),
+	externalLink.NewExternalLinkIdentifierMappingRepositoryImpl,
+	wire.Bind(new(externalLink.ExternalLinkIdentifierMappingRepository), new(*externalLink.ExternalLinkIdentifierMappingRepositoryImpl)),
 	externalLink.NewExternalLinkRepositoryImpl,
 	wire.Bind(new(externalLink.ExternalLinkRepository), new(*externalLink.ExternalLinkRepositoryImpl)),
 
-
 	externalLink.NewExternalLinkServiceImpl,
 	wire.Bind(new(externalLink.ExternalLinkService), new(*externalLink.ExternalLinkServiceImpl)),
 	NewExternalLinkRestHandlerImpl,

@@ -54,7 +54,7 @@ import (
 type AppListingRestHandler interface {
 	FetchAppsByEnvironment(w http.ResponseWriter, r *http.Request)
 	FetchAppDetails(w http.ResponseWriter, r *http.Request)
-
+	FetchAllDevtronManagedApps(w http.ResponseWriter, r *http.Request)
 	FetchAppTriggerView(w http.ResponseWriter, r *http.Request)
 	FetchAppStageStatus(w http.ResponseWriter, r *http.Request)
 
@@ -127,7 +127,24 @@ func setupResponse(w *http.ResponseWriter, req *http.Request) {
 	(*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
 	(*w).Header().Set("Content-Type", "text/html; charset=utf-8")
 }
-
+func (handler AppListingRestHandlerImpl) FetchAllDevtronManagedApps(w http.ResponseWriter, r *http.Request) {
+	token := r.Header.Get("token")
+	userId, err := handler.userService.GetLoggedInUser(r)
+	if userId == 0 || err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
+	handler.logger.Infow("got request to fetch all devtron managed apps ", "userId", userId)
+	//RBAC starts
+	if ok := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionGet, "*"); !ok {
+		handler.logger.Infow("user forbidden to fetch all devtron managed apps", "userId", userId)
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusForbidden)
+		return
+	}
+	//RBAC ends
+	res, err := handler.appListingService.FetchAllDevtronManagedApps()
+	common.WriteJsonResp(w, err, res, http.StatusOK)
+}
 func (handler AppListingRestHandlerImpl) FetchAppsByEnvironment(w http.ResponseWriter, r *http.Request) {
 	//Allow CORS here By * or specific origin
 	setupResponse(&w, r)

@@ -322,7 +322,6 @@ func (handler PipelineConfigRestHandlerImpl) GetExternalCi(w http.ResponseWriter
 	common.WriteJsonResp(w, err, ciConf, http.StatusOK)
 }
 
-
 func (handler PipelineConfigRestHandlerImpl) GetExternalCiById(w http.ResponseWriter, r *http.Request) {
 	vars := mux.Vars(r)
 	appId, err := strconv.Atoi(vars["appId"])

@@ -38,6 +38,8 @@ func NewAppListingRouterImpl(appListingRestHandler restHandler.AppListingRestHan
 }
 
 func (router AppListingRouterImpl) initAppListingRouter(appListingRouter *mux.Router) {
+	appListingRouter.Path("/allApps").HandlerFunc(router.appListingRestHandler.FetchAllDevtronManagedApps).
+		Methods("GET")
 
 	appListingRouter.Path("/resource/urls").Queries("envId", "{envId}").
 		HandlerFunc(router.appListingRestHandler.GetHostUrlsByBatch).Methods("GET")

@@ -740,6 +740,42 @@ func (handler UserRestHandlerImpl) CheckUserRoles(w http.ResponseWriter, r *http
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
 	}
+
+	v := r.URL.Query()
+
+	if v.Has("appName") {
+		appName := v.Get("appName")
+		result := make(map[string]interface{})
+		var isSuperAdmin, isAdmin, isManager, isTrigger bool
+		for _, role := range roles {
+			if role == bean.SUPERADMIN {
+				isSuperAdmin = true
+				break
+			}
+			frags := strings.Split(role, "_")
+			n := len(frags)
+			if n >= 2 && (frags[n-1] == appName || frags[n-1] == "") {
+				isManager = strings.Contains(frags[0], "manager")
+				isAdmin = strings.Contains(frags[0], "admin")
+				isTrigger = strings.Contains(frags[0], "trigger")
+			}
+		}
+		if isSuperAdmin {
+			result["role"] = "SuperAdmin"
+		} else if isManager {
+			result["role"] = "Manager"
+		} else if isAdmin {
+			result["role"] = "Admin"
+		} else if isTrigger {
+			result["role"] = "Trigger"
+		} else {
+			result["role"] = "View"
+		}
+		result["roles"] = roles
+
+		common.WriteJsonResp(w, err, result, http.StatusOK)
+		return
+	}
 	result := make(map[string]interface{})
 	result["roles"] = roles
 	result["superAdmin"] = false