Created
October 4, 2022 17:55
-
-
Save ahobson/0cd6411b9f285d56588cb4f6744ca60c to your computer and use it in GitHub Desktop.
use permissions from session
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/pkg/handlers/authentication/auth.go b/pkg/handlers/authentication/auth.go | |
index 3e2cb5af15..6cb99e5d1f 100644 | |
--- a/pkg/handlers/authentication/auth.go | |
+++ b/pkg/handlers/authentication/auth.go | |
@@ -58,13 +58,12 @@ type APIWithContext interface { | |
Context() *middleware.Context | |
} | |
-func PermissionsMiddleware(appCtx appcontext.AppContext, api APIWithContext) func(next http.Handler) http.Handler { | |
+func PermissionsMiddleware(api APIWithContext) func(next http.Handler) http.Handler { | |
return func(next http.Handler) http.Handler { | |
mw := func(w http.ResponseWriter, r *http.Request) { | |
logger := logging.FromContext(r.Context()) | |
session := auth.SessionFromRequestContext(r) | |
- | |
route, r, _ := api.Context().RouteInfo(r) | |
if route == nil { | |
// If we reach this error, something went wrong with the swagger router initialization, in reality will probably never be an issue except potentially in local testing | |
@@ -88,7 +87,7 @@ func PermissionsMiddleware(appCtx appcontext.AppContext, api APIWithContext) fun | |
for _, v := range permissionsRequiredAsInterfaceArray { | |
permission := v.(string) | |
logger.Info("Permission required: ", zap.String("permission", permission)) | |
- access, err := checkUserPermission(appCtx, session, permission) | |
+ access, err := checkUserPermission(logger, session, permission) | |
if err != nil { | |
logger.Error("Unexpected error looking up permissions", zap.String("permission error", err.Error())) | |
diff --git a/pkg/handlers/authentication/auth_test.go b/pkg/handlers/authentication/auth_test.go | |
index bba06df741..c3dd860c3b 100644 | |
--- a/pkg/handlers/authentication/auth_test.go | |
+++ b/pkg/handlers/authentication/auth_test.go | |
@@ -251,6 +251,7 @@ func (suite *AuthSuite) TestRequirePermissionsMiddlewareAuthorized() { | |
} | |
handlerSession.Roles = append(handlerSession.Roles, identity.Roles...) | |
+ handlerSession.Permissions = append(handlerSession.Permissions, getPermissionsForUser(suite.AppContextForTest(), handlerSession.UserID)...) | |
ctx := auth.SetSessionInRequestContext(req, &handlerSession) | |
req = req.WithContext(ctx) | |
@@ -260,7 +261,7 @@ func (suite *AuthSuite) TestRequirePermissionsMiddlewareAuthorized() { | |
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) | |
- middleware := PermissionsMiddleware(suite.AppContextForTest(), api) | |
+ middleware := PermissionsMiddleware(api) | |
root := mux.NewRouter() | |
ghcMux := root.PathPrefix("/ghc/v1/").Subrouter() | |
@@ -302,6 +303,7 @@ func (suite *AuthSuite) TestRequirePermissionsMiddlewareUnauthorized() { | |
} | |
handlerSession.Roles = append(handlerSession.Roles, identity.Roles...) | |
+ handlerSession.Permissions = append(handlerSession.Permissions, getPermissionsForUser(suite.AppContextForTest(), handlerSession.UserID)...) | |
ctx := auth.SetSessionInRequestContext(req, &handlerSession) | |
req = req.WithContext(ctx) | |
@@ -311,7 +313,7 @@ func (suite *AuthSuite) TestRequirePermissionsMiddlewareUnauthorized() { | |
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) | |
- middleware := PermissionsMiddleware(suite.AppContextForTest(), api) | |
+ middleware := PermissionsMiddleware(api) | |
root := mux.NewRouter() | |
ghcMux := root.PathPrefix("/ghc/v1/").Subrouter() | |
diff --git a/pkg/handlers/authentication/permissions.go b/pkg/handlers/authentication/permissions.go | |
index cdac2524f1..1dd13dc208 100644 | |
--- a/pkg/handlers/authentication/permissions.go | |
+++ b/pkg/handlers/authentication/permissions.go | |
@@ -39,10 +39,9 @@ var QAECSR = RolePermissions{ | |
var AllRolesPermissions = []RolePermissions{TOO, TIO, ServicesCounselor, QAECSR} | |
// check if a [user.role] has permissions on a given object | |
-func checkUserPermission(appCtx appcontext.AppContext, session *auth.Session, permission string) (bool, error) { | |
+func checkUserPermission(logger *zap.Logger, session *auth.Session, permission string) (bool, error) { | |
- logger := appCtx.Logger() | |
- userPermissions := getPermissionsForUser(appCtx, session.UserID) | |
+ userPermissions := session.Permissions | |
for _, perm := range userPermissions { | |
if permission == perm { | |
diff --git a/pkg/handlers/routing/routing_init.go b/pkg/handlers/routing/routing_init.go | |
index 9f3c11a703..0ff234e64a 100644 | |
--- a/pkg/handlers/routing/routing_init.go | |
+++ b/pkg/handlers/routing/routing_init.go | |
@@ -357,7 +357,7 @@ func InitRouting(appCtx appcontext.AppContext, redisPool *redis.Pool, | |
ghcAPIMux.Use(userAuthMiddleware) | |
ghcAPIMux.Use(middleware.NoCache(appCtx.Logger())) | |
api := ghcapi.NewGhcAPIHandler(routingConfig.HandlerConfig) | |
- permissionsMiddleware := authentication.PermissionsMiddleware(appCtx, api) | |
+ permissionsMiddleware := authentication.PermissionsMiddleware(api) | |
ghcAPIMux.Use(permissionsMiddleware) | |
tracingMiddleware := middleware.OpenAPITracing(api) | |
ghcAPIMux.PathPrefix("/").Handler(api.Serve(tracingMiddleware)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment