fix:
* added logic if role is deleted then also be deleted from user side if role is assigned to that user. * default role should be subset of roles
This commit is contained in:
lemonScaletech
@@ -7,6 +7,7 @@ import (
|
||||
"fmt"
|
||||
"reflect"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
||||
@@ -93,6 +94,42 @@ func clearSessionIfRequired(currentData, updatedData map[string]interface{}) {
|
||||
}
|
||||
}
|
||||
|
||||
func updateRoles(ctx context.Context, deletedRoles []string) error {
|
||||
data, err := db.Provider.ListUsers(ctx, &model.Pagination{
|
||||
Limit: 1,
|
||||
Offset: 1,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
allData, err := db.Provider.ListUsers(ctx, &model.Pagination{
|
||||
Limit: data.Pagination.Total,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for i := range allData.Users {
|
||||
now := time.Now().Unix()
|
||||
allData.Users[i].Roles = utils.DeleteFromArray(allData.Users[i].Roles, deletedRoles)
|
||||
allData.Users[i].UpdatedAt = &now
|
||||
}
|
||||
|
||||
for i := range allData.Users {
|
||||
updatedValues := map[string]interface{}{
|
||||
"roles": strings.Join(allData.Users[i].Roles, ","),
|
||||
"updated_at": time.Now().Unix(),
|
||||
}
|
||||
id := []string{allData.Users[i].ID}
|
||||
err = db.Provider.UpdateUsers(ctx, updatedValues, id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// UpdateEnvResolver is a resolver for update config mutation
|
||||
// This is admin only mutation
|
||||
func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model.Response, error) {
|
||||
@@ -291,12 +328,17 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
||||
}, nil)
|
||||
}
|
||||
|
||||
previousRoles := strings.Split(currentData[constants.EnvKeyRoles].(string), ",")
|
||||
updatedRoles := strings.Split(updatedData[constants.EnvKeyRoles].(string), ",")
|
||||
updatedDefaultRoles := strings.Split(updatedData[constants.EnvKeyDefaultRoles].(string), ",")
|
||||
updatedProtectedRoles := strings.Split(updatedData[constants.EnvKeyProtectedRoles].(string), ",")
|
||||
|
||||
// check the roles change
|
||||
if len(params.Roles) > 0 {
|
||||
if len(params.DefaultRoles) > 0 {
|
||||
if len(updatedRoles) > 0 {
|
||||
if len(updatedDefaultRoles) > 0 {
|
||||
// should be subset of roles
|
||||
for _, role := range params.DefaultRoles {
|
||||
if !utils.StringSliceContains(params.Roles, role) {
|
||||
for _, role := range updatedDefaultRoles {
|
||||
if !utils.StringSliceContains(updatedRoles, role) {
|
||||
log.Debug("Default roles should be subset of roles")
|
||||
return res, fmt.Errorf("default role %s is not in roles", role)
|
||||
}
|
||||
@@ -304,15 +346,20 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
|
||||
}
|
||||
}
|
||||
|
||||
if len(params.ProtectedRoles) > 0 {
|
||||
for _, role := range params.ProtectedRoles {
|
||||
if utils.StringSliceContains(params.Roles, role) || utils.StringSliceContains(params.DefaultRoles, role) {
|
||||
if len(updatedProtectedRoles) > 0 {
|
||||
for _, role := range updatedProtectedRoles {
|
||||
if utils.StringSliceContains(updatedRoles, role) || utils.StringSliceContains(updatedDefaultRoles, role) {
|
||||
log.Debug("Protected roles should not be in roles or default roles")
|
||||
return res, fmt.Errorf("protected role %s found roles or default roles", role)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
deletedRoles := utils.FindDeletedValues(previousRoles, updatedRoles)
|
||||
if len(deletedRoles) > 0 {
|
||||
go updateRoles(ctx, deletedRoles)
|
||||
}
|
||||
|
||||
// Update local store
|
||||
memorystore.Provider.UpdateEnvStore(updatedData)
|
||||
jwk, err := crypto.GenerateJWKBasedOnEnv()
|
||||
|
||||
Reference in New Issue
Block a user