ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-06 13:04:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: groupDelGuestAccess: deleting a guest access returned an error on TTL-forced groups

Browse source
This commit is contained in:
Stéphane Lesimple 2021-02-17 14:37:47 +00:00 committed by Stéphane Lesimple
parent 9216e2db1b
commit b480316386
2 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/perl/OVH/Bastion.pm
View file

@ -600,6 +600,7 @@ sub touch_file {
}
# else
warn_syslog(sprintf("Couldn't touch file '%s' with perms %o: %s", $file, $perms, $!));
return R('KO', msg => "Couldn't create file $file: $!");
}

3
lib/perl/OVH/Bastion/Plugin/groupSetRole.pm
View file

@ -51,6 +51,8 @@ sub preconditions {
return R('ERR_INVALID_PARAMETER', msg => "Invalid remote user ($user) specified");
}
if ($action eq 'add') {
# policy check for guest accesses: if group forces ttl, the account creation must comply
$fnret = OVH::Bastion::group_config(group => $group, key => "guest_ttl_limit");
@ -71,6 +73,7 @@ sub preconditions {
}
}
}
}
$fnret = OVH::Bastion::is_valid_group_and_existing(group => $group, groupType => "key");
$fnret or return $fnret;