Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
minor refactoring
Browse files Browse the repository at this point in the history
ashishdevtron committed May 17, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent c5a273b commit 84ea49b
Showing 3 changed files with 20 additions and 19 deletions.
8 changes: 4 additions & 4 deletions api/auth/user/UserRestHandler.go
Original file line number Diff line number Diff line change
@@ -210,12 +210,12 @@ func (handler UserRestHandlerImpl) CreateUser(w http.ResponseWriter, r *http.Req

if len(restrictedGroups) != len(userInfo.UserRoleGroup) {
// warning
message := fmt.Errorf("User permissions added partially. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("User permissions added partially. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusExpectationFailed)

} else {
//error
message := fmt.Errorf("Permission could not be added. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("Permission could not be added. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusBadRequest)
}
}
@@ -271,12 +271,12 @@ func (handler UserRestHandlerImpl) UpdateUser(w http.ResponseWriter, r *http.Req

if rolesChanged || groupsModified {
// warning
message := fmt.Errorf("User permissions updated partially. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("User permissions updated partially. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusExpectationFailed)

} else {
//error
message := fmt.Errorf("Permission could not be added/removed. %v%v", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
message := fmt.Errorf("Permission could not be added/removed. %s%s", errorMessageForGroupsWithoutSuperAdmin, errorMessageForGroupsWithSuperAdmin)
common.WriteJsonResp(w, message, nil, http.StatusBadRequest)
}
}
21 changes: 6 additions & 15 deletions pkg/auth/user/UserService.go
Original file line number Diff line number Diff line change
@@ -415,11 +415,8 @@ func (impl *UserServiceImpl) createUserIfNotExists(userInfo *bean.UserInfo, emai
if hasAccessToGroup {
policies = append(policies, casbin2.Policy{Type: "g", Sub: casbin2.Subject(userInfo.EmailId), Obj: casbin2.Object(userGroup.CasbinName)})
} else {
trimmedGroup := strings.TrimPrefix(item.RoleGroup.Name, "group:")
restrictedGroups = append(restrictedGroups, bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
})
restrictedGroup := adapter.CreateRestrictedGroup(item.RoleGroup.Name, hasSuperAdminPermission)
restrictedGroups = append(restrictedGroups, restrictedGroup)
}
}
// END GROUP POLICY
@@ -787,11 +784,8 @@ func (impl *UserServiceImpl) UpdateUser(userInfo *bean.UserInfo, token string, m
groupsModified = true
addedPolicies = append(addedPolicies, casbin2.Policy{Type: "g", Sub: casbin2.Subject(userInfo.EmailId), Obj: casbin2.Object(userGroup.CasbinName)})
} else {
trimmedGroup := strings.TrimPrefix(item.RoleGroup.Name, "group:")
restrictedGroups = append(restrictedGroups, bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
})
restrictedGroup := adapter.CreateRestrictedGroup(item.RoleGroup.Name, hasSuperAdminPermission)
restrictedGroups = append(restrictedGroups, restrictedGroup)
}
}
}
@@ -808,11 +802,8 @@ func (impl *UserServiceImpl) UpdateUser(userInfo *bean.UserInfo, token string, m
}
eliminatedPolicies = append(eliminatedPolicies, casbin2.Policy{Type: "g", Sub: casbin2.Subject(userInfo.EmailId), Obj: casbin2.Object(item)})
} else {
trimmedGroup := strings.TrimPrefix(item, "group:")
restrictedGroups = append(restrictedGroups, bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
})
restrictedGroup := adapter.CreateRestrictedGroup(item, hasSuperAdminPermission)
restrictedGroups = append(restrictedGroups, restrictedGroup)
}
}
}
10 changes: 10 additions & 0 deletions pkg/auth/user/adapter/adapter.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package adapter

import (
"github.com/devtron-labs/devtron/api/bean"
"github.com/devtron-labs/devtron/pkg/auth/user/repository"
"strings"
"time"
)

@@ -12,3 +14,11 @@ func GetLastLoginTime(model repository.UserModel) time.Time {
}
return lastLoginTime
}

func CreateRestrictedGroup(roleGroupName string, hasSuperAdminPermission bool) bean.RestrictedGroup {
trimmedGroup := strings.TrimPrefix(roleGroupName, "group:")
return bean.RestrictedGroup{
Group: trimmedGroup,
HasSuperAdminPermission: hasSuperAdminPermission,
}
}

0 comments on commit 84ea49b

Please sign in to comment.