OrgGo/Mainflux.mainflux
1
0
Fork 0
mirror of https://github.com/mainflux/mainflux.git synced 2025-04-26 13:48:53 +08:00
Code Issues Projects Releases Wiki Activity

NOISSUE - Fix assigning invalid group policy (#1487)

Browse Source 
Signed-off-by: Burak Sekili <buraksekili@gmail.com>
This commit is contained in:
Burak Sekili 2021-10-28 14:10:03 +03:00 committed by GitHub
parent 27d4646db4
commit 30912e5a45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
auth/service.go
View File

@ -19,6 +19,7 @@ const (
thingsGroupType = "things"
memberRelation = "member"
accessRelation = "access"
)
var (
@ -209,7 +210,7 @@ func (svc service) AssignGroupAccessRights(ctx context.Context, token, thingGrou
if _, err := svc.Identify(ctx, token); err != nil {
return errors.Wrap(ErrUnauthorizedAccess, err)
}
return svc.agent.AddPolicy(ctx, PolicyReq{Object: thingGroupID, Relation: "access", Subject: fmt.Sprintf("%s:%s#%s", "members", userGroupID, memberRelation)})
return svc.agent.AddPolicy(ctx, PolicyReq{Object: thingGroupID, Relation: accessRelation, Subject: fmt.Sprintf("%s:%s#%s", "members", userGroupID, memberRelation)})
}
func (svc service) tmpKey(duration time.Duration, key Key) (Key, string, error) {
@ -359,7 +360,7 @@ func (svc service) Assign(ctx context.Context, token string, groupID, groupType
}
if groupType == thingsGroupType {
ss := fmt.Sprintf("%s:%s#%s", "members", groupID, "access")
ss := fmt.Sprintf("%s:%s#%s", "members", groupID, accessRelation)
var errs error
for _, memberID := range memberIDs {
for _, action := range []string{"read", "write", "delete"} {
@ -373,7 +374,7 @@ func (svc service) Assign(ctx context.Context, token string, groupID, groupType
var errs error
for _, memberID := range memberIDs {
if err := svc.agent.AddPolicy(ctx, PolicyReq{Object: groupID, Relation: memberRelation, Subject: memberID}); err != nil {
if err := svc.agent.AddPolicy(ctx, PolicyReq{Object: groupID, Relation: accessRelation, Subject: memberID}); err != nil {
errs = errors.Wrap(fmt.Errorf("cannot add user: '%s' to user group: '%s'", memberID, groupID), errs)
}
}
@ -385,11 +386,11 @@ func (svc service) Unassign(ctx context.Context, token string, groupID string, m
return errors.Wrap(ErrUnauthorizedAccess, err)
}
ss := fmt.Sprintf("%s:%s#%s", "members", groupID, "access")
ss := fmt.Sprintf("%s:%s#%s", "members", groupID, accessRelation)
var errs error
for _, memberID := range memberIDs {
for _, action := range []string{"read", "write", "delete"} {
if err := svc.agent.DeletePolicy(ctx, PolicyReq{Object: groupID, Relation: memberRelation, Subject: memberID}); err != nil {
if err := svc.agent.DeletePolicy(ctx, PolicyReq{Object: groupID, Relation: accessRelation, Subject: memberID}); err != nil {
errs = errors.Wrap(fmt.Errorf("cannot delete a membership of member '%s' from group '%s'", memberID, groupID), errs)
}
if err := svc.agent.DeletePolicy(ctx, PolicyReq{Object: memberID, Relation: action, Subject: ss}); err != nil {