From 977fcb667f7b57cd203ecafa30b179faa5ca2807 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Wed, 4 Sep 2024 19:30:10 +0545 Subject: [PATCH] feat: reset the role when updating user --- echo/{users.go => people.go} | 32 ++++++++++++++++++++++---------- go.mod | 4 ++-- go.sum | 4 ++-- rbac/init.go | 5 +++++ rbac/policies.yaml | 2 +- 5 files changed, 32 insertions(+), 15 deletions(-) rename echo/{users.go => people.go} (69%) diff --git a/echo/users.go b/echo/people.go similarity index 69% rename from echo/users.go rename to echo/people.go index f97450cc7..4815e488b 100644 --- a/echo/users.go +++ b/echo/people.go @@ -2,29 +2,31 @@ package echo import ( "errors" + "fmt" "net/http" "github.com/flanksource/duty/api" "github.com/flanksource/duty/context" "github.com/flanksource/duty/types" "github.com/flanksource/incident-commander/auth" + "github.com/flanksource/incident-commander/rbac" "github.com/flanksource/incident-commander/vars" echov4 "github.com/labstack/echo/v4" "github.com/ory/client-go" "github.com/samber/lo" ) -type UpdateUserRequest struct { - ID string `json:"id" form:"id"` +type UpdatePersonRequest struct { + ID string `form:"id"` - FirstName *string `json:"firstName" form:"firstName"` - LastName *string `json:"lastName" form:"lastName"` - Email *string `json:"email" form:"email"` - Role *string `json:"role" form:"role"` - Active *bool `json:"active" form:"active"` + FirstName *string `form:"firstName"` + LastName *string `form:"lastName"` + Email *string `form:"email"` + Role *string `form:"role"` + Active *bool `form:"active"` } -func (t *UpdateUserRequest) ToUpdateIdentityBody(traits map[string]any) client.UpdateIdentityBody { +func (t *UpdatePersonRequest) ToUpdateIdentityBody(traits map[string]any) client.UpdateIdentityBody { out := client.UpdateIdentityBody{ Traits: traits, } @@ -67,10 +69,10 @@ func (t *PersonController) UpdatePerson(c echov4.Context) error { ctx := c.Request().Context().(context.Context) if vars.AuthMode != auth.Kratos { - return api.Errorf(api.EINVALID, "updating users is only supported when using Kratos auth mode") + return api.Errorf(api.EINVALID, "updating person is only supported when using Kratos auth mode") } - var req UpdateUserRequest + var req UpdatePersonRequest if err := c.Bind(&req); err != nil { return api.Errorf(api.EINVALID, "invalid request body: %v", err) } @@ -94,5 +96,15 @@ func (t *PersonController) UpdatePerson(c echov4.Context) error { return err } + if req.Role != nil { + if err := rbac.DeleteAllRolesForUser(req.ID); err != nil { + return api.WriteError(c, fmt.Errorf("failed to delete existing roles: %w", err)) + } + + if err := rbac.AddRoleForUser(req.ID, *req.Role); err != nil { + return api.WriteError(c, fmt.Errorf("failed to add the new role: %w", err)) + } + } + return c.JSON(http.StatusOK, identity.Traits) } diff --git a/go.mod b/go.mod index 9339ff55d..0dfb6834e 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/containrrr/shoutrrr v0.8.0 github.com/fergusstrange/embedded-postgres v1.25.0 // indirect github.com/flanksource/commons v1.29.4 - github.com/flanksource/duty v1.0.616 + github.com/flanksource/duty v1.0.619 github.com/flanksource/gomplate/v3 v3.24.27 github.com/flanksource/kopper v1.0.9 github.com/gomarkdown/markdown v0.0.0-20240419095408-642f0ee99ae2 @@ -358,6 +358,6 @@ require ( // replace github.com/flanksource/commons => /Users/moshe/go/src/github.com/flanksource/commons -replace github.com/flanksource/duty => ../duty +// replace github.com/flanksource/duty => ../dut9 // replace github.com/flanksource/gomplate/v3 => /Users/moshe/go/src/github.com/flanksource/gomplate diff --git a/go.sum b/go.sum index 23a5343b6..6e6a11dbe 100644 --- a/go.sum +++ b/go.sum @@ -875,8 +875,8 @@ github.com/flanksource/artifacts v1.0.14 h1:Vv70bccsae0MwGaf/uSPp34J5V1/PyKfct9z github.com/flanksource/artifacts v1.0.14/go.mod h1:qHVCnQu5k50aWNJ5UhpcAKEl7pAzqUrFFKGSm147G70= github.com/flanksource/commons v1.29.4 h1:lA+iylPS85LXsKK7lp4wcNx9A3QU2d1BwUfUWIS1t7c= github.com/flanksource/commons v1.29.4/go.mod h1:bdTkBoakpFszgjQ16qJ6/qEF9n2s/sc0d2ujYYdFvGs= -github.com/flanksource/duty v1.0.616 h1:lGKN3ms0oat2P8Aj9/RDzjswkbZvF54SnjNS2YpV0F0= -github.com/flanksource/duty v1.0.616/go.mod h1:wdoe4wjzj9sqb5D10BEGfWmFSVr/q81Mb6PcXiL8elo= +github.com/flanksource/duty v1.0.619 h1:va2q9tdNh76AgL4eLNzervrPEIyN4FIY+jpeYpuaeSg= +github.com/flanksource/duty v1.0.619/go.mod h1:fEsbkDxWoAcjXBDVD9unI8ekrPN/IG1v2Q2+dvoLLvs= github.com/flanksource/gomplate/v3 v3.20.4/go.mod h1:27BNWhzzSjDed1z8YShO6W+z6G9oZXuxfNFGd/iGSdc= github.com/flanksource/gomplate/v3 v3.24.27 h1:5vw7k0fUj4/b67wDyscJmC4jNCboDbjdl7ebwUF6mtc= github.com/flanksource/gomplate/v3 v3.24.27/go.mod h1:x5LuJX08JyvjzrydbG1Hvd+DKopirJsSHNShXynyE0o= diff --git a/rbac/init.go b/rbac/init.go index fbd26e209..9d8525ced 100644 --- a/rbac/init.go +++ b/rbac/init.go @@ -104,10 +104,15 @@ func Stop() { enforcer.StopAutoLoadPolicy() } } + func DeleteRoleForUser(user string, role string) error { _, err := enforcer.DeleteRoleForUser(user, role) return err +} +func DeleteAllRolesForUser(user string) error { + _, err := enforcer.DeleteRolesForUser(user) + return err } func AddRoleForUser(user string, role ...string) error { diff --git a/rbac/policies.yaml b/rbac/policies.yaml index 2c67f3868..ea30d867d 100644 --- a/rbac/policies.yaml +++ b/rbac/policies.yaml @@ -10,7 +10,7 @@ - everyone - principal: viewer acl: - - objects: database.public,canaries,catalog,playbooks,topology + - objects: database.public,canaries,catalog,playbooks,topology,people actions: read - principal: commander acl: