diff --git a/CHANGELOG.md b/CHANGELOG.md index cd2d9a48a7..12462f85b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. `managed-group` would not be accepted as specific `type` values in grant strings. Also, fix authorized actions not showing `credential-store` values in project scope output. ([PR](https://github.com/hashicorp/boundary/pull/1524)) +* actions: Fix `sessions` collection actions not being visible when reading a + scope ([PR](https://github.com/hashicorp/boundary/pull/1527)) ## 0.6.0 (2021/09/03) diff --git a/internal/servers/controller/handlers/scopes/scope_service.go b/internal/servers/controller/handlers/scopes/scope_service.go index 07fd19ac71..a7a4cbb8e4 100644 --- a/internal/servers/controller/handlers/scopes/scope_service.go +++ b/internal/servers/controller/handlers/scopes/scope_service.go @@ -62,7 +62,6 @@ var ( resource.Group: groups.CollectionActions, resource.Role: roles.CollectionActions, resource.Scope: CollectionActions, - resource.Session: sessions.CollectionActions, resource.User: users.CollectionActions, }, @@ -72,7 +71,6 @@ var ( resource.Group: groups.CollectionActions, resource.Role: roles.CollectionActions, resource.Scope: CollectionActions, - resource.Session: sessions.CollectionActions, resource.User: users.CollectionActions, }, @@ -81,6 +79,7 @@ var ( resource.Group: groups.CollectionActions, resource.HostCatalog: host_catalogs.CollectionActions, resource.Role: roles.CollectionActions, + resource.Session: sessions.CollectionActions, resource.Target: targets.CollectionActions, }, } diff --git a/internal/servers/controller/handlers/scopes/scope_service_test.go b/internal/servers/controller/handlers/scopes/scope_service_test.go index 3079633340..7467104c8f 100644 --- a/internal/servers/controller/handlers/scopes/scope_service_test.go +++ b/internal/servers/controller/handlers/scopes/scope_service_test.go @@ -89,11 +89,6 @@ var globalAuthorizedCollectionActions = map[string]*structpb.ListValue{ structpb.NewStringValue("list"), }, }, - "sessions": { - Values: []*structpb.Value{ - structpb.NewStringValue("list"), - }, - }, "users": { Values: []*structpb.Value{ structpb.NewStringValue("create"), @@ -132,11 +127,6 @@ var orgAuthorizedCollectionActions = map[string]*structpb.ListValue{ structpb.NewStringValue("list"), }, }, - "sessions": { - Values: []*structpb.Value{ - structpb.NewStringValue("list"), - }, - }, "users": { Values: []*structpb.Value{ structpb.NewStringValue("create"), @@ -170,6 +160,11 @@ var projectAuthorizedCollectionActions = map[string]*structpb.ListValue{ structpb.NewStringValue("list"), }, }, + "sessions": { + Values: []*structpb.Value{ + structpb.NewStringValue("list"), + }, + }, "targets": { Values: []*structpb.Value{ structpb.NewStringValue("create"), diff --git a/internal/servers/controller/handlers/sessions/session_service.go b/internal/servers/controller/handlers/sessions/session_service.go index bd542df51b..e0275e465d 100644 --- a/internal/servers/controller/handlers/sessions/session_service.go +++ b/internal/servers/controller/handlers/sessions/session_service.go @@ -220,7 +220,7 @@ func (s Service) CancelSession(ctx context.Context, req *pbs.CancelSessionReques var outputFields perms.OutputFieldsMap authorizedActions := authResults.FetchActionSetForId(ctx, ses.GetPublicId(), IdActions) - // Check to see if we need to verify Read vs. just ReadSelf + // Check to see if we need to verify Cancel vs. just CancelSelf if ses.UserId != authResults.UserId { if !authorizedActions.HasAction(action.Cancel) { return nil, handlers.ForbiddenError()