Skip to content

Commit

Permalink
Bug fix for : Admin Users must be able to access all monitors #139 (#280
Browse files Browse the repository at this point in the history
)

Signed-off-by: skkosuri-amzn <skkosuri@amazon.com>
  • Loading branch information
skkosuri-amzn authored Jan 15, 2022
1 parent d8e6e54 commit 0351155
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ interface SecureTransportAction {
)
)
return false
} else if (isAdmin(user)) {
return true
} else if (user.backendRoles.isNullOrEmpty()) {
actionListener.onFailure(
AlertingException.wrap(
Expand All @@ -112,7 +114,7 @@ interface SecureTransportAction {
resourceId: String
): Boolean {

if (!filterByEnabled) return true
if (!doFilterForUser(requesterUser)) return true

val resourceBackendRoles = resourceUser?.backendRoles
val requesterBackendRoles = requesterUser?.backendRoles
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -509,6 +509,25 @@ class SecureMonitorRestApiIT : AlertingRestTestCase() {
)
assertEquals("Search monitor failed", RestStatus.OK, adminSearchResponse.restStatus())
assertEquals("Monitor not found during search", 1, getDocs(adminSearchResponse))

// get as "admin" - must get 1 docs
val id: String = monitorJson["_id"] as String
val adminGetResponse = client().makeRequest(
"GET",
"$ALERTING_BASE_URI/$id",
emptyMap(),
NStringEntity(search, ContentType.APPLICATION_JSON)
)
assertEquals("Get monitor failed", RestStatus.OK, adminGetResponse.restStatus())

// delete as "admin"
val adminDeleteResponse = client().makeRequest(
"DELETE",
"$ALERTING_BASE_URI/$id",
emptyMap(),
NStringEntity(search, ContentType.APPLICATION_JSON)
)
assertEquals("Delete monitor failed", RestStatus.OK, adminGetResponse.restStatus())
} finally {
deleteRoleMapping("hr_role")
deleteRole("hr_role")
Expand Down

0 comments on commit 0351155

Please sign in to comment.