Push missed files and fix lint

couchbase · Feb 13, 2024 · 1174bb7 · 1174bb7
1 parent 39daf5e
commit 1174bb7
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 32 deletions.
diff --git a/auth/auth.go b/auth/auth.go
@@ -339,10 +339,8 @@ func (auth *Authenticator) rebuildCollectionChannels(princ Principal, scope, col
 
 	channels := ca.ExplicitChannels().Copy()
 
-	var viewChannels ch.TimedSet
-	var err error
 	if auth.channelComputer != nil {
-		viewChannels, err = auth.channelComputer.ComputeChannelsForPrincipal(auth.LogCtx, princ, scope, collection)
+		viewChannels, err := auth.channelComputer.ComputeChannelsForPrincipal(auth.LogCtx, princ, scope, collection)
 		if err != nil {
 			base.WarnfCtx(auth.LogCtx, "channelComputer.ComputeChannelsForPrincipal returned error for %v: %v", base.UD(princ), err)
 			return err
@@ -359,7 +357,7 @@ func (auth *Authenticator) rebuildCollectionChannels(princ Principal, scope, col
 	// always grant access to the public document channel
 	channels.AddChannel(ch.DocumentStarChannel, 1)
 
-	channelHistory := auth.CalculateHistory(princ.Name(), ca.GetChannelInvalSeq(), ca.InvalidatedChannels(), channels, ca.ChannelHistory())
+	channelHistory := auth.CalculateHistory(princ.Name(), ca.GetChannelInvalSeq(), ca.InvalidatedChannels(), channels, ca.ChannelHistory(), false)
 
 	if len(channelHistory) != 0 {
 		ca.SetChannelHistory(channelHistory)
@@ -373,7 +371,7 @@ func (auth *Authenticator) rebuildCollectionChannels(princ Principal, scope, col
 }
 
 // Calculates history for either roles or channels
-func (auth *Authenticator) CalculateHistory(princName string, invalSeq uint64, invalGrants ch.TimedSet, newGrants ch.TimedSet, currentHistory TimedSetHistory) TimedSetHistory {
+func (auth *Authenticator) CalculateHistory(princName string, invalSeq uint64, invalGrants ch.TimedSet, newGrants ch.TimedSet, currentHistory TimedSetHistory, adminAssigned bool) TimedSetHistory {
 	// Initialize history if currently empty
 	if currentHistory == nil {
 		currentHistory = map[string]GrantHistory{}
@@ -397,6 +395,9 @@ func (auth *Authenticator) CalculateHistory(princName string, invalSeq uint64, i
 		}
 
 		// Add grant to history
+		if adminAssigned {
+			currentHistoryForGrant.AdminAssigned = adminAssigned
+		} // If adminAssigned is set to false, leave it
 		currentHistoryForGrant.UpdatedAt = time.Now().Unix()
 		currentHistoryForGrant.Entries = append(currentHistoryForGrant.Entries, GrantHistorySequencePair{
 			StartSeq: previousInfo.Sequence,
@@ -460,7 +461,7 @@ func (auth *Authenticator) rebuildRoles(user User) error {
 		roles.Add(jwt)
 	}
 
-	roleHistory := auth.CalculateHistory(user.Name(), user.GetRoleInvalSeq(), user.InvalidatedRoles(), roles, user.RoleHistory())
+	roleHistory := auth.CalculateHistory(user.Name(), user.GetRoleInvalSeq(), user.InvalidatedRoles(), roles, user.RoleHistory(), false)
 
 	if len(roleHistory) != 0 {
 		user.SetRoleHistory(roleHistory)
@@ -761,10 +762,8 @@ func (auth *Authenticator) DeleteRole(role Role, purge bool, deleteSeq uint64) e
 		p.setDeleted(true)
 		p.SetSequence(deleteSeq)
 
-		channelHistory := auth.CalculateHistory(p.Name(), deleteSeq, p.Channels(), nil, p.ChannelHistory())
+		channelHistory := auth.CalculateHistory(p.Name(), deleteSeq, p.Channels(), nil, p.ChannelHistory(), false)
 		if len(channelHistory) != 0 {
-			base.InfofCtx(auth.LogCtx, base.KeyAccess, "Edited at DeleteRole %s", channelHistory)
-
 			p.SetChannelHistory(channelHistory)
 		}
 

diff --git a/db/users.go b/db/users.go
@@ -230,7 +230,6 @@ func (dbc *DatabaseContext) UpdatePrincipal(ctx context.Context, updates *auth.P
 // UpdateCollectionExplicitChannels identifies whether a config update requires an update to the principal's collectionAccess.
 func (dbc *DatabaseContext) UpdateCollectionExplicitChannels(ctx context.Context, princ auth.Principal, updates map[string]map[string]*auth.CollectionAccessConfig, seq uint64) {
 	authenticator := dbc.Authenticator(ctx)
-	base.InfofCtx(ctx, base.KeyAuth, "History at UpdateCollectionExplicitChannels", princ.ChannelHistory())
 
 	for scopeName, scope := range updates {
 		if scope == nil {
@@ -252,18 +251,14 @@ func (dbc *DatabaseContext) UpdateCollectionExplicitChannels(ctx context.Context
 						updatedExplicitChannels = ch.TimedSet{}
 					}
 					expChannels := princ.CollectionExplicitChannels(scopeName, collectionName).Copy()
-					allExplicitChannels := expChannels.Copy()
-					allExplicitChannels.Add(updatedExplicitChannels)
 					changed := updatedExplicitChannels.UpdateAtSequence(updatedCollectionAccess.ExplicitChannels_, seq)
 					if changed {
 						princ.SetCollectionExplicitChannels(scopeName, collectionName, updatedExplicitChannels, seq)
-						history := authenticator.CalculateHistory(princ.Name(), princ.GetChannelInvalSeq(), expChannels, updatedExplicitChannels, princ.ChannelHistory())
-						for channel, hist := range history {
-							if _, ok := allExplicitChannels[channel]; ok {
-								hist.AdminAssigned = true
-								history[channel] = hist
-							}
-						}
+						history := authenticator.CalculateHistory(princ.Name(), princ.GetChannelInvalSeq(), expChannels, updatedExplicitChannels, princ.ChannelHistory(), true)
+						//for channel, hist := range history {
+						//	hist.AdminAssigned = true
+						//	history[channel] = hist
+						//}
 						princ.SetChannelHistory(history)
 					}
 				}

diff --git a/rest/diagnostic_api.go b/rest/diagnostic_api.go
@@ -153,7 +153,7 @@ func (h *handler) handleGetAllChannels() error {
 			}
 		}
 	}
-	
+
 	bytes, err := base.JSONMarshal(resp)
 	if err != nil {
 		return err

diff --git a/rest/revocation_test.go b/rest/revocation_test.go
@@ -1403,22 +1403,16 @@ func TestChannelHistoryPruning(t *testing.T) {
 	role, err = authenticator.GetRole("foo")
 	assert.NoError(t, err)
 	channelHistory := role.CollectionChannelHistory(s, c)
-	aHistory := channelHistory["b"]
-	aHistory.UpdatedAt = time.Now().Add(-61 * time.Hour * 24).Unix()
-	channelHistory["b"] = aHistory
-	t.Log(aHistory)
+	aHistory := channelHistory["a"]
+	aHistory.UpdatedAt = time.Now().Add(-31 * time.Hour * 24).Unix()
+	channelHistory["a"] = aHistory
 
 	role.SetChannelHistory(channelHistory)
-	t.Log("CHANHIST", role.ChannelHistory())
 	err = authenticator.Save(role)
 	assert.NoError(t, err)
 
 	// Add another so we have something to wait on
 	revocationTester.addRoleChannel("foo", "random")
-	role, err = authenticator.GetRole("foo")
-	assert.NoError(t, err)
-
-	t.Log(role.CollectionChannelHistory(s, c))
 	resp = rt.SendAdminRequest("PUT", "/{{.keyspace}}/doc3", `{"channels": ["random"]}`)
 	RequireStatus(t, resp, http.StatusCreated)
 
@@ -1428,9 +1422,8 @@ func TestChannelHistoryPruning(t *testing.T) {
 	role, err = authenticator.GetRole("foo")
 	assert.NoError(t, err)
 
-	t.Log(role.CollectionChannelHistory(s, c))
-	assert.NotContains(t, role.CollectionChannelHistory(s, c), "b")
-	assert.Contains(t, role.CollectionChannelHistory(s, c), "a")
+	assert.NotContains(t, role.CollectionChannelHistory(s, c), "a")
+	assert.Contains(t, role.CollectionChannelHistory(s, c), "b")
 }
 
 func TestChannelRevocationWithContiguousSequences(t *testing.T) {
-Original file line number
+Diff line change
@@ Expand Up / @@ -153,7 +153,7 @@ func (h *handler) handleGetAllChannels() error { @@
     			}
     		}
     	}
     	bytes, err := base.JSONMarshal(resp)
     	if err != nil {
     		return err
@@ Expand Down @@