Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading
Loading status checks…
minor refactoring
Browse files Browse the repository at this point in the history
@ashishdevtron
ashishdevtron committed May 17, 2024
1 parent c5a273b commit 84ea49b
Showing 3 changed files with 20 additions and 19 deletions.
8 changes: 4 additions & 4 deletions api/auth/user/UserRestHandler.go
View file
Original file line number Diff line number Diff line change
@@ -210,12 +210,12 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req

if len(restrictedGroups) != len(userInfo.UserRoleGroup) {
// warning
message := fmt.Errorf("User permissions added partially. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("User permissions added partially. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusExpectationFailed)

} else {
//error
message := fmt.Errorf("Permission could not be added. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("Permission could not be added. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusBadRequest)
}
}
@@ -271,12 +271,12 @@ func (handler UserRestHandlerImpl) UpdateUser(w http.ResponseWriter, r *http.Req

if rolesChanged || groupsModified {
// warning
message := fmt.Errorf("User permissions updated partially. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("User permissions updated partially. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusExpectationFailed)

} else {
//error
message := fmt.Errorf("Permission could not be added/removed. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("Permission could not be added/removed. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusBadRequest)
}
}
21 changes: 6 additions & 15 deletions pkg/auth/user/UserService.go
View file
Original file line number Diff line number Diff line change
@@ -415,11 +415,8 @@ func (impl *UserServiceImpl) createUserIfNotExists(userInfo *bean.UserInfo, emai
if hasAccessToGroup {
policies = append(policies, casbin2.Policy{Type: "g", Sub: casbin2.Subject(userInfo.EmailId), Obj: casbin2.Object(userGroup.CasbinName)})
} else {
trimmedGroup := strings.TrimPrefix(item.RoleGroup.Name, "group:")
restrictedGroups = append(restrictedGroups, bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
})
restrictedGroup := adapter.CreateRestrictedGroup(item.RoleGroup.Name, hasSuperAdminPermission)
restrictedGroups = append(restrictedGroups, restrictedGroup)
}
}
// END GROUP POLICY
@@ -787,11 +784,8 @@ func (impl *UserServiceImpl) UpdateUser(userInfo *bean.UserInfo, token string, m
groupsModified = true
addedPolicies = append(addedPolicies, casbin2.Policy{Type: "g", Sub: casbin2.Subject(userInfo.EmailId), Obj: casbin2.Object(userGroup.CasbinName)})
} else {
trimmedGroup := strings.TrimPrefix(item.RoleGroup.Name, "group:")
restrictedGroups = append(restrictedGroups, bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
})
restrictedGroup := adapter.CreateRestrictedGroup(item.RoleGroup.Name, hasSuperAdminPermission)
restrictedGroups = append(restrictedGroups, restrictedGroup)
}
}
}
@@ -808,11 +802,8 @@ func (impl *UserServiceImpl) UpdateUser(userInfo *bean.UserInfo, token string, m
}
eliminatedPolicies = append(eliminatedPolicies, casbin2.Policy{Type: "g", Sub: casbin2.Subject(userInfo.EmailId), Obj: casbin2.Object(item)})
} else {
trimmedGroup := strings.TrimPrefix(item, "group:")
restrictedGroups = append(restrictedGroups, bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
})
restrictedGroup := adapter.CreateRestrictedGroup(item, hasSuperAdminPermission)
restrictedGroups = append(restrictedGroups, restrictedGroup)
}
}
}
10 changes: 10 additions & 0 deletions pkg/auth/user/adapter/adapter.go
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package adapter

import (
"github.com/devtron-labs/devtron/api/bean"
"github.com/devtron-labs/devtron/pkg/auth/user/repository"
"strings"
"time"
)

@@ -12,3 +14,11 @@ func GetLastLoginTime(model repository.UserModel) time.Time {
}
return lastLoginTime
}

func CreateRestrictedGroup(roleGroupName string, hasSuperAdminPermission bool) bean.RestrictedGroup {
trimmedGroup := strings.TrimPrefix(roleGroupName, "group:")
return bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
}
}

0 comments on commit 84ea49b

Please sign in to comment.