Skip to content

Commit

Permalink
Merge pull request #156 from OpsMx/OP-12826-rename-create-edit-perm
Browse files Browse the repository at this point in the history 
renmaed the permission from create or edit to edit
  • Loading branch information
@ramyaravi-opsmx
ramyaravi-opsmx authored Mar 3, 2022
2 parents 35113ba + e934723 commit 315aab6
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 34 deletions.
6 changes: 3 additions & 3 deletions gate-web/src/main/java/com/opsmx/spinnaker/gate/enums/PermissionEnum.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

public enum PermissionEnum {
view("view a feature"),
create_or_edit("create or edit a feature"),
edit("edit a feature"),
delete("delete a feature"),
runtime_access("execute (trigger custom gate)"),
approve_gate("approve a visibility gate");
Expand Down Expand Up @@ -56,8 +56,8 @@ public static String getPermissionEnumDisplayName(PermissionEnum permissionId) {
case view:
displayName = "View";
break;
case create_or_edit:
displayName = "Create/Edit";
case edit:
displayName = "Edit";
break;
case delete:
displayName = "Delete";
Expand Down
57 changes: 26 additions & 31 deletions gate-web/src/main/java/com/opsmx/spinnaker/gate/rbac/ApplicationFeatureRbac.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,6 @@ public void authorizeUserForApplicationId(
}
break;

case POST:
case PUT:
case DELETE:
if (method.equals(HttpMethod.DELETE)
Expand All @@ -137,12 +136,12 @@ public void authorizeUserForApplicationId(
oesAuthorizationService
.fetchPermissions(username, RbacFeatureType.APP.name(), applicationId, username)
.getBody();
log.info("permissions for the POST, PUT or DELETE API : {}", permission);
log.info("permissions for the PUT or DELETE API : {}", permission);
if (permission == null
|| !permission.getPermissions().contains(PermissionEnum.create_or_edit.name())) {
|| !permission.getPermissions().contains(PermissionEnum.edit.name())) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand Down Expand Up @@ -212,15 +211,14 @@ public void authorizeUserForServiceId(String username, String endpointUrl, Strin
}
break;

case POST:
case PUT:
case DELETE:
isAuthorized =
Boolean.parseBoolean(
oesAuthorizationService
.isAuthorizedUser(
username,
PermissionEnum.create_or_edit.name(),
PermissionEnum.edit.name(),
serviceId,
null,
null,
Expand All @@ -232,13 +230,11 @@ public void authorizeUserForServiceId(String username, String endpointUrl, Strin
.getBody()
.get("isEnabled"));
log.info(
"is authorized for the service Id POST, PUT or DELETE API: {}, {}",
serviceId,
isAuthorized);
"is authorized for the service Id PUT or DELETE API: {}, {}", serviceId, isAuthorized);
if (isAuthorized == null || !isAuthorized) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand Down Expand Up @@ -301,15 +297,14 @@ public void authorizeUserForPipelineId(String username, String endpointUrl, Stri
}
break;

case POST:
case PUT:
case DELETE:
isAuthorized =
Boolean.parseBoolean(
oesAuthorizationService
.isAuthorizedUser(
username,
PermissionEnum.create_or_edit.name(),
PermissionEnum.edit.name(),
null,
pipelineId,
null,
Expand All @@ -321,13 +316,13 @@ public void authorizeUserForPipelineId(String username, String endpointUrl, Stri
.getBody()
.get("isEnabled"));
log.info(
"is authorized for the pipeline Id POST, PUT or DELETE API: {}, {}",
"is authorized for the pipeline Id PUT or DELETE API: {}, {}",
pipelineId,
isAuthorized);
if (isAuthorized == null || !isAuthorized) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand Down Expand Up @@ -390,15 +385,14 @@ public void authorizeUserForGateId(String username, String endpointUrl, String h
}
break;

case POST:
case PUT:
case DELETE:
isAuthorized =
Boolean.parseBoolean(
oesAuthorizationService
.isAuthorizedUser(
username,
PermissionEnum.create_or_edit.name(),
PermissionEnum.edit.name(),
null,
null,
gateId,
Expand All @@ -409,12 +403,11 @@ public void authorizeUserForGateId(String username, String endpointUrl, String h
username)
.getBody()
.get("isEnabled"));
log.info(
"is authorized for the gate Id POST, PUT or DELETE API: {}, {}", gateId, isAuthorized);
log.info("is authorized for the gate Id PUT or DELETE API: {}, {}", gateId, isAuthorized);
if (isAuthorized == null || !isAuthorized) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand Down Expand Up @@ -485,15 +478,14 @@ public void authorizeUserForApprovalGateId(
}
break;

case POST:
case PUT:
case DELETE:
isAuthorized =
Boolean.parseBoolean(
oesAuthorizationService
.isAuthorizedUser(
username,
PermissionEnum.create_or_edit.name(),
PermissionEnum.edit.name(),
null,
null,
null,
Expand All @@ -505,13 +497,13 @@ public void authorizeUserForApprovalGateId(
.getBody()
.get("isEnabled"));
log.info(
"is authorized for the approval gate Id POST, PUT or DELETE API: {}, {}",
"is authorized for the approval gate Id PUT or DELETE API: {}, {}",
approvalGateId,
isAuthorized);
if (isAuthorized == null || !isAuthorized) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand Down Expand Up @@ -575,15 +567,14 @@ public void authorizeUserForApprovalGateInstanceId(
}
break;

case POST:
case PUT:
case DELETE:
isAuthorized =
Boolean.parseBoolean(
oesAuthorizationService
.isAuthorizedUser(
username,
PermissionEnum.create_or_edit.name(),
PermissionEnum.edit.name(),
null,
null,
null,
Expand All @@ -595,13 +586,13 @@ public void authorizeUserForApprovalGateInstanceId(
.getBody()
.get("isEnabled"));
log.info(
"is authorized for the approval gate instance Id POST, PUT or DELETE API: {}, {}",
"is authorized for the approval gate instance Id PUT or DELETE API: {}, {}",
approvalGateInstanceId,
isAuthorized);
if (isAuthorized == null || !isAuthorized) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand Down Expand Up @@ -665,15 +656,14 @@ public void authorizeUserForApprovalPolicyId(
}
break;

case POST:
case PUT:
case DELETE:
isAuthorized =
Boolean.parseBoolean(
oesAuthorizationService
.isAuthorizedUser(
username,
PermissionEnum.create_or_edit.name(),
PermissionEnum.edit.name(),
null,
null,
null,
Expand All @@ -685,13 +675,13 @@ public void authorizeUserForApprovalPolicyId(
.getBody()
.get("isEnabled"));
log.info(
"is authorized for the approval policy Id POST, PUT or DELETE API: {}, {}",
"is authorized for the approval policy Id PUT or DELETE API: {}, {}",
approvalPolicyId,
isAuthorized);
if (isAuthorized == null || !isAuthorized) {
throw new AccessForbiddenException(
YOU_DO_NOT_HAVE
+ PermissionEnum.create_or_edit.name()
+ PermissionEnum.edit.name()
+ PERMISSION_FOR_THE_FEATURE_TYPE
+ RbacFeatureType.APP.description
+ TO_PERFORM_THIS_OPERATION);
Expand All @@ -716,6 +706,11 @@ private Integer getApprovalPolicyId(String endpoint) {

private String readXSpinnakerUserFromHeader(HttpServletRequest request) {

if (request.getUserPrincipal() != null && request.getUserPrincipal().getName() != null) {

return request.getUserPrincipal().getName();
}

Optional.ofNullable(request.getHeader("x-spinnaker-user"))
.orElseThrow(
() -> new XSpinnakerUserHeaderMissingException("x-spinnaker-user header missing"));
Expand Down

0 comments on commit 315aab6

Please sign in to comment.