Skip to content

Commit

Permalink
fix: missing org ids in service user tokens
Browse files Browse the repository at this point in the history
Signed-off-by: Kush Sharma <thekushsharma@gmail.com>
  • Loading branch information
kushsharma committed Oct 6, 2024
1 parent fbf670a commit 827f893
Show file tree
Hide file tree
Showing 12 changed files with 103 additions and 48 deletions.
5 changes: 4 additions & 1 deletion core/authenticate/authenticate.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,10 @@ type RegistrationFinishResponse struct {
}

type Principal struct {
ID string
// ID is the unique identifier of principal
ID string
// Type is the namespace of principal
// E.g. app/user, app/serviceuser
Type string

User *user.User
Expand Down
9 changes: 7 additions & 2 deletions core/deleter/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import (
"errors"
"fmt"

"github.com/raystack/frontier/core/authenticate"

"github.com/raystack/frontier/billing/invoice"

"github.com/raystack/frontier/billing/customer"
Expand Down Expand Up @@ -39,7 +41,7 @@ type OrganizationService interface {
Get(ctx context.Context, id string) (organization.Organization, error)
DeleteModel(ctx context.Context, id string) error
RemoveUsers(ctx context.Context, orgID string, userIDs []string) error
ListByUser(ctx context.Context, userID string, f organization.Filter) ([]organization.Organization, error)
ListByUser(ctx context.Context, principal authenticate.Principal, f organization.Filter) ([]organization.Organization, error)
}

type RoleService interface {
Expand Down Expand Up @@ -320,7 +322,10 @@ func (d Service) RemoveUsersFromOrg(ctx context.Context, orgID string, userIDs [
}

func (d Service) DeleteUser(ctx context.Context, userID string) error {
userOrgs, err := d.orgService.ListByUser(ctx, userID, organization.Filter{})
userOrgs, err := d.orgService.ListByUser(ctx, authenticate.Principal{
ID: userID,
Type: schema.UserPrincipal,
}, organization.Filter{})
if err != nil {
return err
}
Expand Down
12 changes: 9 additions & 3 deletions core/domain/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ type UserService interface {
}

type OrgService interface {
ListByUser(ctx context.Context, userID string, filter organization.Filter) ([]organization.Organization, error)
ListByUser(ctx context.Context, principal authenticate.Principal, filter organization.Filter) ([]organization.Organization, error)
AddMember(ctx context.Context, orgID, relationName string, principal authenticate.Principal) error
Get(ctx context.Context, id string) (organization.Organization, error)
}
Expand Down Expand Up @@ -134,7 +134,10 @@ func (s Service) Join(ctx context.Context, orgID string, userId string) error {
}

// check if user is already a member of the organization. if yes, do nothing and return nil
userOrgs, err := s.orgService.ListByUser(ctx, currUser.ID, organization.Filter{})
userOrgs, err := s.orgService.ListByUser(ctx, authenticate.Principal{
ID: currUser.ID,
Type: schema.UserPrincipal,
}, organization.Filter{})
if err != nil {
return err
}
Expand Down Expand Up @@ -190,7 +193,10 @@ func (s Service) ListJoinableOrgsByDomain(ctx context.Context, email string) ([]
return nil, err
}

userOrgs, err := s.orgService.ListByUser(ctx, currUser.ID, organization.Filter{})
userOrgs, err := s.orgService.ListByUser(ctx, authenticate.Principal{
ID: currUser.ID,
Type: schema.UserPrincipal,
}, organization.Filter{})
if err != nil {
return nil, err
}
Expand Down
30 changes: 15 additions & 15 deletions core/invitation/mocks/organization_service.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 5 additions & 2 deletions core/invitation/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ type UserService interface {
type OrganizationService interface {
Get(ctx context.Context, id string) (organization.Organization, error)
AddMember(ctx context.Context, orgID, relationName string, principal authenticate.Principal) error
ListByUser(ctx context.Context, userID string, f organization.Filter) ([]organization.Organization, error)
ListByUser(ctx context.Context, p authenticate.Principal, f organization.Filter) ([]organization.Organization, error)
}

type GroupService interface {
Expand Down Expand Up @@ -263,7 +263,10 @@ func (s Service) isUserOrgMember(ctx context.Context, orgID, userID string) (use
return userOb, false, err
}

orgs, err := s.orgSvc.ListByUser(ctx, userOb.ID, organization.Filter{})
orgs, err := s.orgSvc.ListByUser(ctx, authenticate.Principal{
ID: userOb.ID,
Type: schema.UserPrincipal,
}, organization.Filter{})
if err != nil {
return userOb, false, err
}
Expand Down
11 changes: 7 additions & 4 deletions core/organization/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,10 @@ func (s Service) AttachToPlatform(ctx context.Context, orgID string) error {

func (s Service) List(ctx context.Context, f Filter) ([]Organization, error) {
if f.UserID != "" {
return s.ListByUser(ctx, f.UserID, f)
return s.ListByUser(ctx, authenticate.Principal{
ID: f.UserID,
Type: schema.UserPrincipal,
}, f)
}

// state gets filtered in db
Expand All @@ -220,14 +223,14 @@ func (s Service) Update(ctx context.Context, org Organization) (Organization, er
return s.repository.UpdateByName(ctx, org)
}

func (s Service) ListByUser(ctx context.Context, userID string, filter Filter) ([]Organization, error) {
func (s Service) ListByUser(ctx context.Context, principal authenticate.Principal, filter Filter) ([]Organization, error) {
subjectIDs, err := s.relationService.LookupResources(ctx, relation.Relation{
Object: relation.Object{
Namespace: schema.OrganizationNamespace,
},
Subject: relation.Subject{
ID: userID,
Namespace: schema.UserPrincipal,
ID: principal.ID,
Namespace: principal.Type,
},
RelationName: schema.MembershipPermission,
})
Expand Down
2 changes: 1 addition & 1 deletion internal/api/v1beta1/authenticate.go
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ func (h Handler) getAccessToken(ctx context.Context, principal authenticate.Prin

if h.authConfig.Token.Claims.AddOrgIDsClaim {
// get orgs a user belongs to
orgs, err := h.orgService.ListByUser(ctx, principal.ID, organization.Filter{})
orgs, err := h.orgService.ListByUser(ctx, principal, organization.Filter{})
if err != nil {
return nil, err
}
Expand Down
37 changes: 20 additions & 17 deletions internal/api/v1beta1/mocks/organization_service.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion internal/api/v1beta1/org.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package v1beta1
import (
"context"

"github.com/raystack/frontier/core/authenticate"

"go.uber.org/zap"

"github.com/raystack/frontier/core/audit"
Expand Down Expand Up @@ -41,7 +43,7 @@ type OrganizationService interface {
Create(ctx context.Context, org organization.Organization) (organization.Organization, error)
List(ctx context.Context, f organization.Filter) ([]organization.Organization, error)
Update(ctx context.Context, toUpdate organization.Organization) (organization.Organization, error)
ListByUser(ctx context.Context, userID string, flt organization.Filter) ([]organization.Organization, error)
ListByUser(ctx context.Context, principal authenticate.Principal, flt organization.Filter) ([]organization.Organization, error)
AddUsers(ctx context.Context, orgID string, userID []string) error
Enable(ctx context.Context, id string) error
Disable(ctx context.Context, id string) error
Expand Down
7 changes: 5 additions & 2 deletions internal/api/v1beta1/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,10 @@ func (h Handler) ListCurrentUserGroups(ctx context.Context, request *frontierv1b
}

func (h Handler) ListOrganizationsByUser(ctx context.Context, request *frontierv1beta1.ListOrganizationsByUserRequest) (*frontierv1beta1.ListOrganizationsByUserResponse, error) {
orgList, err := h.orgService.ListByUser(ctx, request.GetId(), organization.Filter{})
orgList, err := h.orgService.ListByUser(ctx, authenticate.Principal{
ID: request.GetId(),
Type: schema.UserPrincipal,
}, organization.Filter{})
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -497,7 +500,7 @@ func (h Handler) ListOrganizationsByCurrentUser(ctx context.Context, request *fr
if request.GetState() != "" {
orgFilter.State = organization.State(request.GetState())
}
orgList, err := h.orgService.ListByUser(ctx, principal.ID, orgFilter)
orgList, err := h.orgService.ListByUser(ctx, principal, orgFilter)
if err != nil {
return nil, err
}
Expand Down
21 changes: 21 additions & 0 deletions test/e2e/regression/api_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ import (
const (
fixturesDir = "testdata"
computeOrderNamespace = "compute/order"
computeDiskNamespace = "compute/disk"
computeViewerRoleName = "compute_order_viewer"
)

Expand Down Expand Up @@ -1460,12 +1461,32 @@ func (s *APIRegressionTestSuite) TestResourceAPI() {
})
s.Assert().NoError(err)
s.Assert().NotNil(createResourceResp)
createResourceResp2, err := s.testBench.Client.CreateProjectResource(ctxOrgAdminAuth, &frontierv1beta1.CreateProjectResourceRequest{
ProjectId: createProjResp.GetProject().GetId(),
Body: &frontierv1beta1.ResourceRequestBody{
Name: "res-2",
Namespace: computeDiskNamespace,
Principal: userResp.GetUser().GetId(),
Metadata: &structpb.Struct{},
},
})
s.Assert().NoError(err)
s.Assert().NotNil(createResourceResp2)

listResourcesResp, err := s.testBench.Client.ListProjectResources(ctxOrgAdminAuth, &frontierv1beta1.ListProjectResourcesRequest{
ProjectId: createProjResp.GetProject().GetId(),
})
s.Assert().NoError(err)
s.Assert().Equal("res-1", listResourcesResp.GetResources()[0].GetName())

// filter user by namespace
listAllResourcesResp, err := s.testBench.AdminClient.ListResources(ctxOrgAdminAuth, &frontierv1beta1.ListResourcesRequest{
ProjectId: createProjResp.GetProject().GetId(),
Namespace: computeDiskNamespace,
})
s.Assert().NoError(err)
s.Assert().Len(listAllResourcesResp.GetResources(), 1)
s.Assert().Equal("res-2", listAllResourcesResp.GetResources()[0].GetName())
})
}

Expand Down
6 changes: 6 additions & 0 deletions test/e2e/regression/testdata/resource/compute.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ permissions:
- name: create
namespace: compute/order
- key: compute.order.configure
- name: get
namespace: compute/disk
- name: create
namespace: compute/disk
- name: delete
namespace: compute/disk
roles:
- name: compute_order_manager
permissions:
Expand Down

0 comments on commit 827f893

Please sign in to comment.