gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-09-11 15:44:52 +08:00
Code Issues Projects Releases Packages Wiki Activity

remove platform role from group object

Browse source
This commit is contained in:
abhishek9686 2024-07-31 12:33:46 +05:30
parent 9cf5ec62d4
commit eed4a7fa18
8 changed files with 30 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
controllers/user.go
View file

@ -397,6 +397,10 @@ func createUser(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if user.PlatformRoleID == "" {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("platform role is missing"), "badrequest"))
return
}
userRole, err := logic.GetRole(user.PlatformRoleID)
if err != nil {
err = errors.New("error fetching role " + user.PlatformRoleID.String() + " " + err.Error())

15
models/user_mgmt.go
View file

@ -122,7 +122,6 @@ type CreateGroupReq struct {
type UserGroup struct {
ID UserGroupID `json:"id"`
PlatformRole UserRole `json:"platform_role"`
NetworkRoles map[NetworkID]map[UserRole]struct{} `json:"network_roles"`
MetaData string `json:"meta_data"`
}
@ -173,14 +172,16 @@ type UserClaims struct {
}
type InviteUsersReq struct {
UserEmails []string `json:"user_emails"`
Groups []UserGroupID
UserEmails []string `json:"user_emails"`
PlatformRoleID string `json:"platform_role_id"`
Groups []UserGroupID
}
// UserInvite - model for user invite
type UserInvite struct {
Email string `json:"email"`
Groups []UserGroupID `json:"groups"`
InviteCode string `json:"invite_code"`
InviteURL string `json:"invite_url"`
Email string `json:"email"`
PlatformRoleID string `json:"platform_role_id"`
Groups []UserGroupID `json:"groups"`
InviteCode string `json:"invite_code"`
InviteURL string `json:"invite_url"`
}

5
pro/auth/azure-ad.go
View file

@ -99,14 +99,15 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
Password: newPass,
}
for _, inviteGroupID := range in.Groups {
userG, err := proLogic.GetUserGroup(inviteGroupID)
_, err := proLogic.GetUserGroup(inviteGroupID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
return
}
user.PlatformRoleID = userG.PlatformRole
user.UserGroups[inviteGroupID] = struct{}{}
}
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
if user.PlatformRoleID == "" {
user.PlatformRoleID = models.ServiceUser
}

4
pro/auth/github.go
View file

@ -99,14 +99,14 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
}
for _, inviteGroupID := range in.Groups {
userG, err := proLogic.GetUserGroup(inviteGroupID)
_, err := proLogic.GetUserGroup(inviteGroupID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
return
}
user.PlatformRoleID = userG.PlatformRole
user.UserGroups[inviteGroupID] = struct{}{}
}
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
if user.PlatformRoleID == "" {
user.PlatformRoleID = models.ServiceUser
}

4
pro/auth/google.go
View file

@ -106,16 +106,16 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
}
logger.Log(0, "CALLBACK ----> 4.1")
for _, inviteGroupID := range in.Groups {
userG, err := proLogic.GetUserGroup(inviteGroupID)
_, err := proLogic.GetUserGroup(inviteGroupID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
return
}
user.PlatformRoleID = userG.PlatformRole
user.UserGroups = make(map[models.UserGroupID]struct{})
user.UserGroups[inviteGroupID] = struct{}{}
}
logger.Log(0, "CALLBACK ----> 5")
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
if user.PlatformRoleID == "" {
user.PlatformRoleID = models.ServiceUser
}

4
pro/auth/oidc.go
View file

@ -111,14 +111,14 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
Password: newPass,
}
for _, inviteGroupID := range in.Groups {
userG, err := proLogic.GetUserGroup(inviteGroupID)
_, err := proLogic.GetUserGroup(inviteGroupID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
return
}
user.PlatformRoleID = userG.PlatformRole
user.UserGroups[inviteGroupID] = struct{}{}
}
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
if user.PlatformRoleID == "" {
user.PlatformRoleID = models.ServiceUser
}

17
pro/controllers/users.go
View file

@ -105,15 +105,14 @@ func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
}
for _, inviteGroupID := range in.Groups {
userG, err := proLogic.GetUserGroup(inviteGroupID)
_, err := proLogic.GetUserGroup(inviteGroupID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
return
continue
}
user.PlatformRoleID = userG.PlatformRole
user.UserGroups = make(map[models.UserGroupID]struct{})
user.UserGroups[inviteGroupID] = struct{}{}
}
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
if user.PlatformRoleID == "" {
user.PlatformRoleID = models.ServiceUser
}
@ -171,19 +170,13 @@ func inviteUsers(w http.ResponseWriter, r *http.Request) {
return
}
//validate Req
uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
for _, groupID := range inviteReq.Groups {
userG, err := proLogic.GetUserGroup(groupID)
_, err := proLogic.GetUserGroup(groupID)
if err != nil {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
}
if len(uniqueGroupsPlatformRole) > 1 {
err = errors.New("only groups with same platform role can be assigned to an user")
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
for _, inviteeEmail := range inviteReq.UserEmails {

29
pro/logic/user_mgmt.go
View file

@ -243,15 +243,7 @@ func DeleteRole(rid models.UserRole) error {
}
func ValidateCreateGroupReq(g models.UserGroup) error {
// check platform role is valid
role, err := logic.GetRole(g.PlatformRole)
if err != nil {
err = fmt.Errorf("invalid platform role")
return err
}
if role.NetworkID != "" {
return errors.New("network role cannot be used as platform role")
}
// check if network roles are valid
for _, roleMap := range g.NetworkRoles {
for roleID := range roleMap {
@ -267,15 +259,7 @@ func ValidateCreateGroupReq(g models.UserGroup) error {
return nil
}
func ValidateUpdateGroupReq(g models.UserGroup) error {
// check platform role is valid
role, err := logic.GetRole(g.PlatformRole)
if err != nil {
err = fmt.Errorf("invalid platform role")
return err
}
if role.NetworkID != "" {
return errors.New("network role cannot be used as platform role")
}
for networkID := range g.NetworkRoles {
userRolesMap := g.NetworkRoles[networkID]
for roleID := range userRolesMap {
@ -585,17 +569,12 @@ func FilterNetworksByRole(allnetworks []models.Network, user models.User) []mode
}
func IsGroupsValid(groups map[models.UserGroupID]struct{}) error {
uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
for groupID := range groups {
userG, err := GetUserGroup(groupID)
_, err := GetUserGroup(groupID)
if err != nil {
return err
}
uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
}
if len(uniqueGroupsPlatformRole) > 1 {
return errors.New("only groups with same platform role can be assigned to an user")
}
return nil
}