diff --git a/litmus-portal/graphql-server/go.sum b/litmus-portal/graphql-server/go.sum index d7a93b88b..5aa3baa8c 100644 --- a/litmus-portal/graphql-server/go.sum +++ b/litmus-portal/graphql-server/go.sum @@ -625,6 +625,7 @@ github.com/litmuschaos/chaos-scheduler v0.0.0-20210607090343-9952190ad032 h1:Nza github.com/litmuschaos/chaos-scheduler v0.0.0-20210607090343-9952190ad032/go.mod h1:7EO6kbZKeJGKzkchgQepCxywvqNFNvNHW0G+u9923AY= github.com/litmuschaos/elves v0.0.0-20201107015738-552d74669e3c/go.mod h1:DsbHGNUq/78NZozWVVI9Q6eBei4I+JjlkkD5aibJ3MQ= github.com/litmuschaos/litmus v0.0.0-20210621045052-c575ab033108 h1:ikWhdz8oOLAwgXRuT2EizmCd905mmMi1sh3PN/pzVqo= +github.com/litmuschaos/litmus v0.0.0-20210623080624-70865c526e39 h1:jjVvMLxqVdtJjaq+5U3ZJ1OFfeL3mefWjpgJs26Ft9E= github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4= github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= github.com/lucas-clemente/aes12 v0.0.0-20171027163421-cd47fb39b79f/go.mod h1:JpH9J1c9oX6otFSgdUHwUBUizmKlrMjxWnIAjff4m04= @@ -853,6 +854,7 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.5.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/rs/cors v1.6.0 h1:G9tHG9lebljV9mfp9SNPDL36nCDxmo3zTlAf1YgvzmI= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rubenv/sql-migrate v0.0.0-20191025130928-9355dd04f4b3/go.mod h1:WS0rl9eEliYI8DPnr3TOwz4439pay+qNgzJoVya/DmY= github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= diff --git a/litmus-portal/graphql-server/graph/schema.resolvers.go b/litmus-portal/graphql-server/graph/schema.resolvers.go index c70fa8b49..0b532f685 100644 --- a/litmus-portal/graphql-server/graph/schema.resolvers.go +++ b/litmus-portal/graphql-server/graph/schema.resolvers.go @@ -27,7 +27,6 @@ import ( "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/myhub" myHubOps "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/myhub/ops" "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/project" - validate "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/rbac" "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/usage" "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/usermanagement" "go.mongodb.org/mongo-driver/bson" @@ -54,7 +53,7 @@ func (r *mutationResolver) UpdateUser(ctx context.Context, user model.UpdateUser } func (r *mutationResolver) CreateChaosWorkFlow(ctx context.Context, input model.ChaosWorkFlowInput) (*model.ChaosWorkFlowResponse, error) { - err := validate.ValidateRole(ctx, input.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, input.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -74,7 +73,7 @@ func (r *mutationResolver) SyncWorkflow(ctx context.Context, workflowid string, } func (r *mutationResolver) SendInvitation(ctx context.Context, member model.MemberInput) (*model.Member, error) { - err := validate.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -83,7 +82,7 @@ func (r *mutationResolver) SendInvitation(ctx context.Context, member model.Memb } func (r *mutationResolver) AcceptInvitation(ctx context.Context, member model.MemberInput) (string, error) { - err := validate.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleViewer, model.MemberRoleEditor}, usermanagement.PendingInvitation) + err := authorization.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleViewer, model.MemberRoleEditor}, usermanagement.PendingInvitation) if err != nil { return "Unsuccessful", err @@ -93,7 +92,7 @@ func (r *mutationResolver) AcceptInvitation(ctx context.Context, member model.Me } func (r *mutationResolver) DeclineInvitation(ctx context.Context, member model.MemberInput) (string, error) { - err := validate.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleViewer, model.MemberRoleEditor}, usermanagement.PendingInvitation) + err := authorization.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleViewer, model.MemberRoleEditor}, usermanagement.PendingInvitation) if err != nil { return "Unsuccessful", err @@ -103,7 +102,7 @@ func (r *mutationResolver) DeclineInvitation(ctx context.Context, member model.M } func (r *mutationResolver) RemoveInvitation(ctx context.Context, member model.MemberInput) (string, error) { - err := validate.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) if err != nil { return "Unsuccessful", err @@ -113,7 +112,7 @@ func (r *mutationResolver) RemoveInvitation(ctx context.Context, member model.Me } func (r *mutationResolver) LeaveProject(ctx context.Context, member model.MemberInput) (string, error) { - err := validate.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleViewer, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, member.ProjectID, []model.MemberRole{model.MemberRoleViewer, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) if err != nil { return "Unsuccessful", err @@ -123,7 +122,7 @@ func (r *mutationResolver) LeaveProject(ctx context.Context, member model.Member } func (r *mutationResolver) UpdateProjectName(ctx context.Context, projectID string, projectName string) (string, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) if err != nil { return "Unsuccessful", err @@ -153,7 +152,7 @@ func (r *mutationResolver) KubeObj(ctx context.Context, kubeData model.KubeObjec } func (r *mutationResolver) AddMyHub(ctx context.Context, myhubInput model.CreateMyHub, projectID string) (*model.MyHub, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -162,7 +161,7 @@ func (r *mutationResolver) AddMyHub(ctx context.Context, myhubInput model.Create } func (r *mutationResolver) SaveMyHub(ctx context.Context, myhubInput model.CreateMyHub, projectID string) (*model.MyHub, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -175,7 +174,7 @@ func (r *mutationResolver) SyncHub(ctx context.Context, id string) ([]*model.MyH } func (r *mutationResolver) UpdateChaosWorkflow(ctx context.Context, input *model.ChaosWorkFlowInput) (*model.ChaosWorkFlowResponse, error) { - err := validate.ValidateRole(ctx, input.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, input.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -199,7 +198,7 @@ func (r *mutationResolver) GeneraterSSHKey(ctx context.Context) (*model.SSHKey, } func (r *mutationResolver) UpdateMyHub(ctx context.Context, myhubInput model.UpdateMyHub, projectID string) (*model.MyHub, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -215,7 +214,7 @@ func (r *mutationResolver) GitopsNotifer(ctx context.Context, clusterInfo model. } func (r *mutationResolver) EnableGitOps(ctx context.Context, config model.GitConfig) (bool, error) { - err := validate.ValidateRole(ctx, config.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, config.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) if err != nil { return false, err } @@ -223,7 +222,7 @@ func (r *mutationResolver) EnableGitOps(ctx context.Context, config model.GitCon } func (r *mutationResolver) DisableGitOps(ctx context.Context, projectID string) (bool, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) if err != nil { return false, err } @@ -231,7 +230,7 @@ func (r *mutationResolver) DisableGitOps(ctx context.Context, projectID string) } func (r *mutationResolver) UpdateGitOps(ctx context.Context, config model.GitConfig) (bool, error) { - err := validate.ValidateRole(ctx, config.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, config.ProjectID, []model.MemberRole{model.MemberRoleOwner}, usermanagement.AcceptedInvitation) if err != nil { return false, err } @@ -301,7 +300,7 @@ func (r *mutationResolver) DeleteImageRegistry(ctx context.Context, imageRegistr } func (r *queryResolver) GetWorkflowRuns(ctx context.Context, workflowRunsInput model.GetWorkflowRunsInput) (*model.GetWorkflowsOutput, error) { - err := validate.ValidateRole(ctx, workflowRunsInput.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, workflowRunsInput.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -309,7 +308,7 @@ func (r *queryResolver) GetWorkflowRuns(ctx context.Context, workflowRunsInput m } func (r *queryResolver) GetCluster(ctx context.Context, projectID string, clusterType *string) ([]*model.Cluster, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -321,7 +320,7 @@ func (r *queryResolver) GetUser(ctx context.Context, username string) (*model.Us } func (r *queryResolver) GetProject(ctx context.Context, projectID string) (*model.Project, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -339,7 +338,7 @@ func (r *queryResolver) Users(ctx context.Context) ([]*model.User, error) { } func (r *queryResolver) GetScheduledWorkflowStats(ctx context.Context, projectID string, filter model.TimeFrequency, showWorkflowRuns bool) ([]*model.WorkflowStats, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -347,7 +346,7 @@ func (r *queryResolver) GetScheduledWorkflowStats(ctx context.Context, projectID } func (r *queryResolver) GetWorkflowRunStats(ctx context.Context, workflowRunStatsRequest model.WorkflowRunStatsRequest) (*model.WorkflowRunStatsResponse, error) { - err := validate.ValidateRole(ctx, workflowRunStatsRequest.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, workflowRunStatsRequest.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -355,7 +354,7 @@ func (r *queryResolver) GetWorkflowRunStats(ctx context.Context, workflowRunStat } func (r *queryResolver) ListWorkflow(ctx context.Context, workflowInput model.ListWorkflowsInput) (*model.ListWorkflowsOutput, error) { - err := validate.ValidateRole(ctx, workflowInput.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, workflowInput.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -363,7 +362,7 @@ func (r *queryResolver) ListWorkflow(ctx context.Context, workflowInput model.Li } func (r *queryResolver) GetCharts(ctx context.Context, hubName string, projectID string) ([]*model.Chart, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -371,7 +370,7 @@ func (r *queryResolver) GetCharts(ctx context.Context, hubName string, projectID } func (r *queryResolver) GetHubExperiment(ctx context.Context, experimentInput model.ExperimentInput) (*model.Chart, error) { - err := validate.ValidateRole(ctx, experimentInput.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, experimentInput.ProjectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } @@ -379,7 +378,7 @@ func (r *queryResolver) GetHubExperiment(ctx context.Context, experimentInput mo } func (r *queryResolver) GetHubStatus(ctx context.Context, projectID string) ([]*model.MyHubStatus, error) { - err := validate.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) + err := authorization.ValidateRole(ctx, projectID, []model.MemberRole{model.MemberRoleOwner, model.MemberRoleEditor, model.MemberRoleViewer}, usermanagement.AcceptedInvitation) if err != nil { return nil, err } diff --git a/litmus-portal/graphql-server/pkg/rbac/validate.go b/litmus-portal/graphql-server/pkg/authorization/validate.go similarity index 72% rename from litmus-portal/graphql-server/pkg/rbac/validate.go rename to litmus-portal/graphql-server/pkg/authorization/validate.go index 08cc391eb..4bfdb7a9d 100644 --- a/litmus-portal/graphql-server/pkg/rbac/validate.go +++ b/litmus-portal/graphql-server/pkg/authorization/validate.go @@ -1,4 +1,4 @@ -package validate +package authorization import ( "context" @@ -9,19 +9,18 @@ import ( "go.mongodb.org/mongo-driver/bson" "github.com/litmuschaos/litmus/litmus-portal/graphql-server/graph/model" - "github.com/litmuschaos/litmus/litmus-portal/graphql-server/pkg/authorization" ) -// ValidateRole :Validates the role of a user in a given project +// ValidateRole Validates the role of a user in a given project func ValidateRole(ctx context.Context, projectID string, requiredRoles []model.MemberRole, invitation string) error { - claims := ctx.Value(authorization.UserClaim).(jwt.MapClaims) + claims := ctx.Value(UserClaim).(jwt.MapClaims) uid := claims["uid"].(string) filter := bson.D{{"members", bson.D{{"$elemMatch", bson.D{{"user_id", uid}, {"role", bson.D{{"$in", requiredRoles}}}, {"invitation", invitation}}}}}, {"_id", projectID}} _, err := dbOperationsProject.GetProject(ctx, filter) if err != nil { - return errors.New("Permission Denied") + return errors.New("permission denied") } return nil