Skip to content

Commit

Permalink
fix: disabled org on create should be enabled only by SUs
Browse files Browse the repository at this point in the history
Signed-off-by: Kush Sharma <[email protected]>
  • Loading branch information
kushsharma committed Sep 22, 2023
1 parent 315f401 commit f6a4ed2
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 1 deletion.
1 change: 1 addition & 0 deletions cmd/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,7 @@ func buildAPIDependencies(
dependencies := api.Deps{
DisableOrgsListing: cfg.App.DisableOrgsListing,
DisableUsersListing: cfg.App.DisableUsersListing,
DisableOrgOnCreate: cfg.App.DisableOrgsOnCreate,
OrgService: organizationService,
ProjectService: projectService,
GroupService: groupService,
Expand Down
1 change: 1 addition & 0 deletions internal/api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
type Deps struct {
DisableOrgsListing bool
DisableUsersListing bool
DisableOrgOnCreate bool
OrgService *organization.Service
ProjectService *project.Service
GroupService *group.Service
Expand Down
2 changes: 2 additions & 0 deletions internal/api/v1beta1/v1beta1.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ type Handler struct {

DisableOrgsListing bool
DisableUsersListing bool
DisableOrgOnCreate bool
orgService OrganizationService
projectService ProjectService
groupService GroupService
Expand Down Expand Up @@ -39,6 +40,7 @@ func Register(s *grpc.Server, deps api.Deps) error {
handler := &Handler{
DisableOrgsListing: deps.DisableOrgsListing,
DisableUsersListing: deps.DisableUsersListing,
DisableOrgOnCreate: deps.DisableOrgOnCreate,
orgService: deps.OrgService,
projectService: deps.ProjectService,
groupService: deps.GroupService,
Expand Down
4 changes: 3 additions & 1 deletion pkg/server/interceptors/authorization.go
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,9 @@ var authorizationValidationMap = map[string]func(ctx context.Context, handler *v
return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.UpdatePermission)
},
"/raystack.frontier.v1beta1.FrontierService/EnableOrganization": func(ctx context.Context, handler *v1beta1.Handler, req any) error {
//TODO(kushsharma): if we disable org creation being enabled, only super admins can enable it
if handler.DisableOrgOnCreate {
return handler.IsSuperUser(ctx)
}
pbreq := req.(*frontierv1beta1.EnableOrganizationRequest)
return handler.IsAuthorized(ctx, schema.OrganizationNamespace, pbreq.GetId(), schema.DeletePermission)
},
Expand Down

0 comments on commit f6a4ed2

Please sign in to comment.