Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block Users without Permission from Creating Environment Locks #815

Merged
merged 1 commit into from
Jul 27, 2023
Merged

Block Users without Permission from Creating Environment Locks #815

merged 1 commit into from
Jul 27, 2023

Conversation

gsandok
Copy link
Contributor

@gsandok gsandok commented Jul 24, 2023

Takes the extracted role information from the GRPC context.
When Dex is enabled then checks if associated role has permissions for createEnvironmentLock.
Blocks user if their role does not have permissions.

@gsandok gsandok requested a review from a team as a code owner July 24, 2023 12:33
hannesg
hannesg reviewed Jul 24, 2023
View reviewed changes
Copy link
Member

@hannesg hannesg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add some tests.

services/cd-service/pkg/service/batch.go Outdated Show resolved Hide resolved
services/cd-service/pkg/service/batch.go Outdated Show resolved Hide resolved
hannesg
hannesg reviewed Jul 26, 2023
View reviewed changes
Copy link
Member

@hannesg hannesg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to rethink this testing approach a bit. Maybe it's easier to not pass this reader around but instead have an undocumented flag on the auth package that enables mocking? At least, we definitely don't need to pass this reader around twice. The interceptor should put the verified user in the context and then it shouldn't matter how it got there.

services/cd-service/pkg/service/batch.go Outdated Show resolved Hide resolved
services/cd-service/pkg/cmd/server.go Outdated Show resolved Hide resolved
services/cd-service/pkg/service/batch.go Outdated Show resolved Hide resolved
@sven-urbanski-freiheit-com
Copy link
Contributor

At least, we definitely don't need to pass this reader around twice.

We don't do that anymore.
For the other part of your comment: We'll address this in another PR.

@hannesg hannesg self-requested a review July 27, 2023 07:58
@gsandok gsandok force-pushed the gs/DSN-5IUHBN/add_permissions_createEnvironmentLock branch from b4d6076 to 828db3a Compare July 27, 2023 11:07
@gsandok gsandok force-pushed the gs/DSN-5IUHBN/add_permissions_createEnvironmentLock branch from 828db3a to 094f7fc Compare July 27, 2023 11:08
@gsandok gsandok merged commit 5c59ea6 into main Jul 27, 2023
@gsandok gsandok deleted the gs/DSN-5IUHBN/add_permissions_createEnvironmentLock branch July 27, 2023 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sven-urbanski-freiheit-com sven-urbanski-freiheit-com sven-urbanski-freiheit-com approved these changes

@hannesg hannesg hannesg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gsandok @sven-urbanski-freiheit-com @hannesg