mirror of
https://github.com/gravitl/netmaker.git
synced 2025-09-15 17:44:37 +08:00
remove platform role from group object
This commit is contained in:
abhishek9686
parent
9cf5ec62d4
commit
eed4a7fa18
8 changed files with 30 additions and 52 deletions
|
|
@ -397,6 +397,10 @@ func createUser(w http.ResponseWriter, r *http.Request) {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if user.PlatformRoleID == "" {
|
||||||
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("platform role is missing"), "badrequest"))
|
||||||
|
return
|
||||||
|
}
|
||||||
userRole, err := logic.GetRole(user.PlatformRoleID)
|
userRole, err := logic.GetRole(user.PlatformRoleID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err = errors.New("error fetching role " + user.PlatformRoleID.String() + " " + err.Error())
|
err = errors.New("error fetching role " + user.PlatformRoleID.String() + " " + err.Error())
|
||||||
|
|
|
||||||
|
|
@ -122,7 +122,6 @@ type CreateGroupReq struct {
|
||||||
|
|
||||||
type UserGroup struct {
|
type UserGroup struct {
|
||||||
ID UserGroupID `json:"id"`
|
ID UserGroupID `json:"id"`
|
||||||
PlatformRole UserRole `json:"platform_role"`
|
|
||||||
NetworkRoles map[NetworkID]map[UserRole]struct{} `json:"network_roles"`
|
NetworkRoles map[NetworkID]map[UserRole]struct{} `json:"network_roles"`
|
||||||
MetaData string `json:"meta_data"`
|
MetaData string `json:"meta_data"`
|
||||||
}
|
}
|
||||||
|
|
@ -174,12 +173,14 @@ type UserClaims struct {
|
||||||
|
|
||||||
type InviteUsersReq struct {
|
type InviteUsersReq struct {
|
||||||
UserEmails []string `json:"user_emails"`
|
UserEmails []string `json:"user_emails"`
|
||||||
|
PlatformRoleID string `json:"platform_role_id"`
|
||||||
Groups []UserGroupID
|
Groups []UserGroupID
|
||||||
}
|
}
|
||||||
|
|
||||||
// UserInvite - model for user invite
|
// UserInvite - model for user invite
|
||||||
type UserInvite struct {
|
type UserInvite struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
|
PlatformRoleID string `json:"platform_role_id"`
|
||||||
Groups []UserGroupID `json:"groups"`
|
Groups []UserGroupID `json:"groups"`
|
||||||
InviteCode string `json:"invite_code"`
|
InviteCode string `json:"invite_code"`
|
||||||
InviteURL string `json:"invite_url"`
|
InviteURL string `json:"invite_url"`
|
||||||
|
|
|
||||||
|
|
@ -99,14 +99,15 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
Password: newPass,
|
Password: newPass,
|
||||||
}
|
}
|
||||||
for _, inviteGroupID := range in.Groups {
|
for _, inviteGroupID := range in.Groups {
|
||||||
userG, err := proLogic.GetUserGroup(inviteGroupID)
|
_, err := proLogic.GetUserGroup(inviteGroupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user.PlatformRoleID = userG.PlatformRole
|
|
||||||
user.UserGroups[inviteGroupID] = struct{}{}
|
user.UserGroups[inviteGroupID] = struct{}{}
|
||||||
}
|
}
|
||||||
|
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
|
||||||
if user.PlatformRoleID == "" {
|
if user.PlatformRoleID == "" {
|
||||||
user.PlatformRoleID = models.ServiceUser
|
user.PlatformRoleID = models.ServiceUser
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -99,14 +99,14 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, inviteGroupID := range in.Groups {
|
for _, inviteGroupID := range in.Groups {
|
||||||
userG, err := proLogic.GetUserGroup(inviteGroupID)
|
_, err := proLogic.GetUserGroup(inviteGroupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user.PlatformRoleID = userG.PlatformRole
|
|
||||||
user.UserGroups[inviteGroupID] = struct{}{}
|
user.UserGroups[inviteGroupID] = struct{}{}
|
||||||
}
|
}
|
||||||
|
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
|
||||||
if user.PlatformRoleID == "" {
|
if user.PlatformRoleID == "" {
|
||||||
user.PlatformRoleID = models.ServiceUser
|
user.PlatformRoleID = models.ServiceUser
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -106,16 +106,16 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
logger.Log(0, "CALLBACK ----> 4.1")
|
logger.Log(0, "CALLBACK ----> 4.1")
|
||||||
for _, inviteGroupID := range in.Groups {
|
for _, inviteGroupID := range in.Groups {
|
||||||
userG, err := proLogic.GetUserGroup(inviteGroupID)
|
_, err := proLogic.GetUserGroup(inviteGroupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user.PlatformRoleID = userG.PlatformRole
|
|
||||||
user.UserGroups = make(map[models.UserGroupID]struct{})
|
user.UserGroups = make(map[models.UserGroupID]struct{})
|
||||||
user.UserGroups[inviteGroupID] = struct{}{}
|
user.UserGroups[inviteGroupID] = struct{}{}
|
||||||
}
|
}
|
||||||
logger.Log(0, "CALLBACK ----> 5")
|
logger.Log(0, "CALLBACK ----> 5")
|
||||||
|
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
|
||||||
if user.PlatformRoleID == "" {
|
if user.PlatformRoleID == "" {
|
||||||
user.PlatformRoleID = models.ServiceUser
|
user.PlatformRoleID = models.ServiceUser
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -111,14 +111,14 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
|
||||||
Password: newPass,
|
Password: newPass,
|
||||||
}
|
}
|
||||||
for _, inviteGroupID := range in.Groups {
|
for _, inviteGroupID := range in.Groups {
|
||||||
userG, err := proLogic.GetUserGroup(inviteGroupID)
|
_, err := proLogic.GetUserGroup(inviteGroupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
user.PlatformRoleID = userG.PlatformRole
|
|
||||||
user.UserGroups[inviteGroupID] = struct{}{}
|
user.UserGroups[inviteGroupID] = struct{}{}
|
||||||
}
|
}
|
||||||
|
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
|
||||||
if user.PlatformRoleID == "" {
|
if user.PlatformRoleID == "" {
|
||||||
user.PlatformRoleID = models.ServiceUser
|
user.PlatformRoleID = models.ServiceUser
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -105,15 +105,14 @@ func userInviteSignUp(w http.ResponseWriter, r *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, inviteGroupID := range in.Groups {
|
for _, inviteGroupID := range in.Groups {
|
||||||
userG, err := proLogic.GetUserGroup(inviteGroupID)
|
_, err := proLogic.GetUserGroup(inviteGroupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("error fetching group id "+inviteGroupID.String()), "badrequest"))
|
continue
|
||||||
return
|
|
||||||
}
|
}
|
||||||
user.PlatformRoleID = userG.PlatformRole
|
|
||||||
user.UserGroups = make(map[models.UserGroupID]struct{})
|
user.UserGroups = make(map[models.UserGroupID]struct{})
|
||||||
user.UserGroups[inviteGroupID] = struct{}{}
|
user.UserGroups[inviteGroupID] = struct{}{}
|
||||||
}
|
}
|
||||||
|
user.PlatformRoleID = models.UserRole(in.PlatformRoleID)
|
||||||
if user.PlatformRoleID == "" {
|
if user.PlatformRoleID == "" {
|
||||||
user.PlatformRoleID = models.ServiceUser
|
user.PlatformRoleID = models.ServiceUser
|
||||||
}
|
}
|
||||||
|
|
@ -171,19 +170,13 @@ func inviteUsers(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
//validate Req
|
//validate Req
|
||||||
uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
|
|
||||||
for _, groupID := range inviteReq.Groups {
|
for _, groupID := range inviteReq.Groups {
|
||||||
userG, err := proLogic.GetUserGroup(groupID)
|
_, err := proLogic.GetUserGroup(groupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
|
|
||||||
}
|
|
||||||
if len(uniqueGroupsPlatformRole) > 1 {
|
|
||||||
err = errors.New("only groups with same platform role can be assigned to an user")
|
|
||||||
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
|
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, inviteeEmail := range inviteReq.UserEmails {
|
for _, inviteeEmail := range inviteReq.UserEmails {
|
||||||
|
|
|
||||||
|
|
@ -243,15 +243,7 @@ func DeleteRole(rid models.UserRole) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func ValidateCreateGroupReq(g models.UserGroup) error {
|
func ValidateCreateGroupReq(g models.UserGroup) error {
|
||||||
// check platform role is valid
|
|
||||||
role, err := logic.GetRole(g.PlatformRole)
|
|
||||||
if err != nil {
|
|
||||||
err = fmt.Errorf("invalid platform role")
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if role.NetworkID != "" {
|
|
||||||
return errors.New("network role cannot be used as platform role")
|
|
||||||
}
|
|
||||||
// check if network roles are valid
|
// check if network roles are valid
|
||||||
for _, roleMap := range g.NetworkRoles {
|
for _, roleMap := range g.NetworkRoles {
|
||||||
for roleID := range roleMap {
|
for roleID := range roleMap {
|
||||||
|
|
@ -267,15 +259,7 @@ func ValidateCreateGroupReq(g models.UserGroup) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
func ValidateUpdateGroupReq(g models.UserGroup) error {
|
func ValidateUpdateGroupReq(g models.UserGroup) error {
|
||||||
// check platform role is valid
|
|
||||||
role, err := logic.GetRole(g.PlatformRole)
|
|
||||||
if err != nil {
|
|
||||||
err = fmt.Errorf("invalid platform role")
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if role.NetworkID != "" {
|
|
||||||
return errors.New("network role cannot be used as platform role")
|
|
||||||
}
|
|
||||||
for networkID := range g.NetworkRoles {
|
for networkID := range g.NetworkRoles {
|
||||||
userRolesMap := g.NetworkRoles[networkID]
|
userRolesMap := g.NetworkRoles[networkID]
|
||||||
for roleID := range userRolesMap {
|
for roleID := range userRolesMap {
|
||||||
|
|
@ -585,17 +569,12 @@ func FilterNetworksByRole(allnetworks []models.Network, user models.User) []mode
|
||||||
}
|
}
|
||||||
|
|
||||||
func IsGroupsValid(groups map[models.UserGroupID]struct{}) error {
|
func IsGroupsValid(groups map[models.UserGroupID]struct{}) error {
|
||||||
uniqueGroupsPlatformRole := make(map[models.UserRole]struct{})
|
|
||||||
for groupID := range groups {
|
for groupID := range groups {
|
||||||
userG, err := GetUserGroup(groupID)
|
_, err := GetUserGroup(groupID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
uniqueGroupsPlatformRole[userG.PlatformRole] = struct{}{}
|
|
||||||
}
|
|
||||||
if len(uniqueGroupsPlatformRole) > 1 {
|
|
||||||
|
|
||||||
return errors.New("only groups with same platform role can be assigned to an user")
|
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue