-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MG-1955 - Update Bootstrap service access control #2199
Conversation
955c48b
to
36871a7
Compare
a419da6
to
1fbba5b
Compare
1c41e02
to
d51ce36
Compare
26959ac
to
2080e0a
Compare
c43e6eb
to
87c7b95
Compare
bootstrap/service.go
Outdated
for _, channel := range cfg.Channels { | ||
if channel.ID == "" || channel.ID == "invalid" { | ||
return Config{}, svcerr.ErrMalformedEntity | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be moved to API layer
bootstrap/service.go
Outdated
return Config{}, errors.Wrap(svcerr.ErrViewEntity, err) | ||
} | ||
|
||
if thing.DomainID != user.GetDomainId() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How this case will be possible?
Is there way to add to a thing which is not belongs same domain of user?
bootstrap/service.go
Outdated
if err != nil { | ||
return errors.Wrap(svcerr.ErrAuthentication, err) | ||
} | ||
_, err = bs.authorize(ctx, "", auth.UserType, auth.UsersKind, user.GetId(), auth.EditPermission, auth.DomainType, user.GetDomainId()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JeffMboya Why we are checking the user have edit access to Domain ?
cf44a0a
to
7fb4b09
Compare
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
What type of PR is this?
This PR is a bug fix.
What does this do?
This PR ensures that users can only view bootstrap configurations of the things within their current domain. It also allows domain members with appropriate permissions to view configurations for things within the domain, regardless of who created the configuration.
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Yes, tests have been included in this PR.
Did you document any new/modified feature?
No new features were documented in this PR.