Fix sessions authorized actions output (#1527)

hashicorp · Sep 14, 2021 · 70cb75d · 70cb75d
1 parent 92809b7
commit 70cb75d
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
   `managed-group` would not be accepted as specific `type` values in grant
   strings. Also, fix authorized actions not showing `credential-store` values in
   project scope output. ([PR](https://github.com/hashicorp/boundary/pull/1524))
+* actions: Fix `sessions` collection actions not being visible when reading a
+  scope ([PR](https://github.com/hashicorp/boundary/pull/1527))
 
 ## 0.6.0 (2021/09/03)
 

diff --git a/internal/servers/controller/handlers/scopes/scope_service.go b/internal/servers/controller/handlers/scopes/scope_service.go
@@ -62,7 +62,6 @@ var (
 			resource.Group:      groups.CollectionActions,
 			resource.Role:       roles.CollectionActions,
 			resource.Scope:      CollectionActions,
-			resource.Session:    sessions.CollectionActions,
 			resource.User:       users.CollectionActions,
 		},
 
@@ -72,7 +71,6 @@ var (
 			resource.Group:      groups.CollectionActions,
 			resource.Role:       roles.CollectionActions,
 			resource.Scope:      CollectionActions,
-			resource.Session:    sessions.CollectionActions,
 			resource.User:       users.CollectionActions,
 		},
 
@@ -81,6 +79,7 @@ var (
 			resource.Group:           groups.CollectionActions,
 			resource.HostCatalog:     host_catalogs.CollectionActions,
 			resource.Role:            roles.CollectionActions,
+			resource.Session:         sessions.CollectionActions,
 			resource.Target:          targets.CollectionActions,
 		},
 	}

diff --git a/internal/servers/controller/handlers/scopes/scope_service_test.go b/internal/servers/controller/handlers/scopes/scope_service_test.go
@@ -89,11 +89,6 @@ var globalAuthorizedCollectionActions = map[string]*structpb.ListValue{
 			structpb.NewStringValue("list"),
 		},
 	},
-	"sessions": {
-		Values: []*structpb.Value{
-			structpb.NewStringValue("list"),
-		},
-	},
 	"users": {
 		Values: []*structpb.Value{
 			structpb.NewStringValue("create"),
@@ -132,11 +127,6 @@ var orgAuthorizedCollectionActions = map[string]*structpb.ListValue{
 			structpb.NewStringValue("list"),
 		},
 	},
-	"sessions": {
-		Values: []*structpb.Value{
-			structpb.NewStringValue("list"),
-		},
-	},
 	"users": {
 		Values: []*structpb.Value{
 			structpb.NewStringValue("create"),
@@ -170,6 +160,11 @@ var projectAuthorizedCollectionActions = map[string]*structpb.ListValue{
 			structpb.NewStringValue("list"),
 		},
 	},
+	"sessions": {
+		Values: []*structpb.Value{
+			structpb.NewStringValue("list"),
+		},
+	},
 	"targets": {
 		Values: []*structpb.Value{
 			structpb.NewStringValue("create"),

diff --git a/internal/servers/controller/handlers/sessions/session_service.go b/internal/servers/controller/handlers/sessions/session_service.go
@@ -220,7 +220,7 @@ func (s Service) CancelSession(ctx context.Context, req *pbs.CancelSessionReques
 	var outputFields perms.OutputFieldsMap
 	authorizedActions := authResults.FetchActionSetForId(ctx, ses.GetPublicId(), IdActions)
 
-	// Check to see if we need to verify Read vs. just ReadSelf
+	// Check to see if we need to verify Cancel vs. just CancelSelf
 	if ses.UserId != authResults.UserId {
 		if !authorizedActions.HasAction(action.Cancel) {
 			return nil, handlers.ForbiddenError()