Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMQ-2670 - Fix Unauthorized User IDs can be added to domain entity role members #2684

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

SMQ-2670 - Fix Unauthorized User IDs can be added to domain entity role members #2684

wants to merge 3 commits into from
+59 −0

Conversation

nyagamunene
Copy link
Contributor

What type of PR is this?

This is a bug fix because it fixes the following issue: #2670

What does this do?

It add a authorization check for every member provided.

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

No

Did you document any new/modified feature?

No

Notes

@nyagamunene nyagamunene self-assigned this Feb 5, 2025
@nyagamunene nyagamunene marked this pull request as ready for review February 5, 2025 12:40
@nyagamunene nyagamunene requested a review from a team as a code owner February 5, 2025 12:40
@dborovcanin
Copy link
Collaborator

@arvindh123 Please review.

arvindh123
arvindh123 requested changes Feb 6, 2025
View reviewed changes
Copy link
Contributor

@arvindh123 arvindh123 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the same check to the entity creation middleware, as the entity creation functions CreateDomain, CreateGroup, CreateChannels, and CreateClients will call the roles.AddNewEntitiesRoles function, which also adds members to the entity. Therefore, we need the same check in the entity creation middleware.

@nyagamunene
fix authorization
20819c7 
Signed-off-by: nyagamunene <[email protected]>
@nyagamunene
fix linter error
a28d588 
Signed-off-by: nyagamunene <[email protected]>
@nyagamunene
add authorization to create middleware
04fe267 
Signed-off-by: nyagamunene <[email protected]>
@codecov Codecov
Copy link

codecov bot commented Feb 6, 2025

Codecov Report

Attention: Patch coverage is 0% with 9 lines in your changes missing coverage. Please review.

Project coverage is 34.23%. Comparing base (3cb41fa) to head (04fe267).
Report is 14 commits behind head on main.

Files with missing lines Patch % Lines
channels/middleware/authorization.go 0.00% 3 Missing ⚠️
clients/middleware/authorization.go 0.00% 3 Missing ⚠️
groups/middleware/authorization.go 0.00% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2684      +/-   ##
==========================================
- Coverage   43.87%   34.23%   -9.65%     
==========================================
  Files         350      113     -237     
  Lines       45718    23267   -22451     
==========================================
- Hits        20059     7965   -12094     
+ Misses      23438    14690    -8748     
+ Partials     2221      612    -1609

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arvindh123 arvindh123 arvindh123 requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@nyagamunene nyagamunene

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug: Random unauthorized User IDs Can Be Added to domain entity role Members
3 participants
@nyagamunene @dborovcanin @arvindh123