Skip to content

Commit

Permalink
fix: preferences authz mapping (#331)
Browse files Browse the repository at this point in the history
- authz check for preferences was incorrectly checking for
"manage" permission, it should have been "update"

Signed-off-by: Kush Sharma <[email protected]>
  • Loading branch information
kushsharma authored Sep 10, 2023
1 parent 7c80c67 commit ee692f0
Showing 1 changed file with 15 additions and 3 deletions.
18 changes: 15 additions & 3 deletions pkg/server/interceptors/authorization.go
Original file line number Diff line number Diff line change
Expand Up @@ -526,28 +526,34 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v
// preferences
"/raystack.frontier.v1beta1.FrontierService/CreateOrganizationPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
pbreq := req.(*frontierv1beta1.CreateOrganizationPreferencesRequest)
return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.ManagePermission)
return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.UpdatePermission)
},
"/raystack.frontier.v1beta1.FrontierService/ListOrganizationPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
pbreq := req.(*frontierv1beta1.ListOrganizationPreferencesRequest)
return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.GetPermission)
},
"/raystack.frontier.v1beta1.FrontierService/CreateProjectPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
pbreq := req.(*frontierv1beta1.CreateProjectPreferencesRequest)
return handler.IsAuthorized(ctx, schema.ProjectNamespace, pbreq.GetId(), schema.ManagePermission)
return handler.IsAuthorized(ctx, schema.ProjectNamespace, pbreq.GetId(), schema.UpdatePermission)
},
"/raystack.frontier.v1beta1.FrontierService/ListProjectPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
pbreq := req.(*frontierv1beta1.ListProjectPreferencesRequest)
return handler.IsAuthorized(ctx, schema.ProjectNamespace, pbreq.GetId(), schema.GetPermission)
},
"/raystack.frontier.v1beta1.FrontierService/CreateGroupPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
pbreq := req.(*frontierv1beta1.CreateGroupPreferencesRequest)
return handler.IsAuthorized(ctx, schema.GroupPrincipal, pbreq.GetId(), schema.ManagePermission)
return handler.IsAuthorized(ctx, schema.GroupPrincipal, pbreq.GetId(), schema.UpdatePermission)
},
"/raystack.frontier.v1beta1.FrontierService/ListGroupPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
pbreq := req.(*frontierv1beta1.ListGroupPreferencesRequest)
return handler.IsAuthorized(ctx, schema.GroupPrincipal, pbreq.GetId(), schema.GetPermission)
},
"/raystack.frontier.v1beta1.FrontierService/CreateUserPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
return handler.IsSuperUser(ctx)
},
"/raystack.frontier.v1beta1.FrontierService/ListUserPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
return handler.IsSuperUser(ctx)
},

// admin APIs
"/raystack.frontier.v1beta1.AdminService/ListAllUsers": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
Expand Down Expand Up @@ -589,4 +595,10 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v
"/raystack.frontier.v1beta1.AdminService/DeletePermission": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
return status.Error(codes.Unavailable, ErrNotAvailable.Error())
},
"/raystack.frontier.v1beta1.AdminService/CreatePreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
return handler.IsSuperUser(ctx)
},
"/raystack.frontier.v1beta1.AdminService/ListPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
return handler.IsSuperUser(ctx)
},
}

0 comments on commit ee692f0

Please sign in to comment.