From ee692f02fbe5fabd9eba168722fe3609b83deb09 Mon Sep 17 00:00:00 2001 From: Kush <3647166+kushsharma@users.noreply.github.com> Date: Sun, 10 Sep 2023 14:18:16 +0530 Subject: [PATCH] fix: preferences authz mapping (#331) - authz check for preferences was incorrectly checking for "manage" permission, it should have been "update" Signed-off-by: Kush Sharma --- pkg/server/interceptors/authorization.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pkg/server/interceptors/authorization.go b/pkg/server/interceptors/authorization.go index d7425a6be..f5d1f6644 100644 --- a/pkg/server/interceptors/authorization.go +++ b/pkg/server/interceptors/authorization.go @@ -526,7 +526,7 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v // preferences "/raystack.frontier.v1beta1.FrontierService/CreateOrganizationPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { pbreq := req.(*frontierv1beta1.CreateOrganizationPreferencesRequest) - return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.ManagePermission) + return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.UpdatePermission) }, "/raystack.frontier.v1beta1.FrontierService/ListOrganizationPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { pbreq := req.(*frontierv1beta1.ListOrganizationPreferencesRequest) @@ -534,7 +534,7 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v }, "/raystack.frontier.v1beta1.FrontierService/CreateProjectPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { pbreq := req.(*frontierv1beta1.CreateProjectPreferencesRequest) - return handler.IsAuthorized(ctx, schema.ProjectNamespace, pbreq.GetId(), schema.ManagePermission) + return handler.IsAuthorized(ctx, schema.ProjectNamespace, pbreq.GetId(), schema.UpdatePermission) }, "/raystack.frontier.v1beta1.FrontierService/ListProjectPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { pbreq := req.(*frontierv1beta1.ListProjectPreferencesRequest) @@ -542,12 +542,18 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v }, "/raystack.frontier.v1beta1.FrontierService/CreateGroupPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { pbreq := req.(*frontierv1beta1.CreateGroupPreferencesRequest) - return handler.IsAuthorized(ctx, schema.GroupPrincipal, pbreq.GetId(), schema.ManagePermission) + return handler.IsAuthorized(ctx, schema.GroupPrincipal, pbreq.GetId(), schema.UpdatePermission) }, "/raystack.frontier.v1beta1.FrontierService/ListGroupPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { pbreq := req.(*frontierv1beta1.ListGroupPreferencesRequest) return handler.IsAuthorized(ctx, schema.GroupPrincipal, pbreq.GetId(), schema.GetPermission) }, + "/raystack.frontier.v1beta1.FrontierService/CreateUserPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { + return handler.IsSuperUser(ctx) + }, + "/raystack.frontier.v1beta1.FrontierService/ListUserPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { + return handler.IsSuperUser(ctx) + }, // admin APIs "/raystack.frontier.v1beta1.AdminService/ListAllUsers": func(ctx context.Context, handler *v1beta1.Handler, req any) error { @@ -589,4 +595,10 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v "/raystack.frontier.v1beta1.AdminService/DeletePermission": func(ctx context.Context, handler *v1beta1.Handler, req any) error { return status.Error(codes.Unavailable, ErrNotAvailable.Error()) }, + "/raystack.frontier.v1beta1.AdminService/CreatePreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { + return handler.IsSuperUser(ctx) + }, + "/raystack.frontier.v1beta1.AdminService/ListPreferences": func(ctx context.Context, handler *v1beta1.Handler, req any) error { + return handler.IsSuperUser(ctx) + }, }