Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enforce repo management permission #4976

Merged
merged 6 commits into from
Nov 18, 2024

Conversation

gmazoyer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the group/backend Issue related to the backend (API Server, Git Agent) label Nov 18, 2024
@gmazoyer gmazoyer marked this pull request as ready for review November 18, 2024 15:49
Comment on lines 30 to 54
if action != "view":
if node.kind in (InfrahubKind.ACCOUNTGROUP, InfrahubKind.ACCOUNTROLE, InfrahubKind.GENERICACCOUNT) or (
node.inherit_from and InfrahubKind.GENERICACCOUNT in node.inherit_from
):
return (
BranchRelativePermissionDecision.ALLOW
if global_permission_report[GlobalPermissions.MANAGE_ACCOUNTS]
else BranchRelativePermissionDecision.DENY
)
if node.kind in (InfrahubKind.BASEPERMISSION, InfrahubKind.GLOBALPERMISSION, InfrahubKind.OBJECTPERMISSION) or (
node.inherit_from and InfrahubKind.BASEPERMISSION in node.inherit_from
):
return (
BranchRelativePermissionDecision.ALLOW
if global_permission_report[GlobalPermissions.MANAGE_PERMISSIONS]
else BranchRelativePermissionDecision.DENY
)
if node.kind in (InfrahubKind.GENERICREPOSITORY, InfrahubKind.REPOSITORY, InfrahubKind.READONLYREPOSITORY) or (
node.inherit_from and InfrahubKind.GENERICREPOSITORY in node.inherit_from
):
return (
BranchRelativePermissionDecision.ALLOW
if global_permission_report[GlobalPermissions.MANAGE_REPOSITORIES]
else BranchRelativePermissionDecision.DENY
)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably not the prettiest code to achieve that.

Copy link

codspeed-hq bot commented Nov 18, 2024

CodSpeed Performance Report

Merging #4976 will not alter performance

Comparing gma-20241118-fix-repo-global-perm-stable (ad9fc47) with stable (68d105f)

Summary

✅ 10 untouched benchmarks

@gmazoyer gmazoyer requested a review from a team November 18, 2024 16:48
@lykinsbd
Copy link
Contributor

lykinsbd commented Nov 18, 2024

Looks like the E2E tests don't like something about this, they've failed with this error twice:

  1 failed
    [chromium] › permissions/role-management.spec.ts:7:3 › Users & Permissions - Admin › should be allowed to add accounts 

backend/infrahub/permissions/report.py Outdated Show resolved Hide resolved
@gmazoyer gmazoyer merged commit 0ec2fdc into stable Nov 18, 2024
31 checks passed
@gmazoyer gmazoyer deleted the gma-20241118-fix-repo-global-perm-stable branch November 18, 2024 20:55
gmazoyer added a commit that referenced this pull request Nov 19, 2024
Also fix permission report for kinds relying on global permissions.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
group/backend Issue related to the backend (API Server, Git Agent)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants