fix panic bug & minor permission problem (#2936)

Signed-off-by: N Min Min <minmin@koderover.com> Co-authored-by: N Min Min <minmin@koderover.com>

fix panic bug & minor permission problem (#2936)
Signed-off-by: N Min Min <minmin@koderover.com> Co-authored-by: N Min Min <minmin@koderover.com>
26133377 · Min Min · GitHub · 58c79abe · 26133377 · 26133377
16 changed file
--- a/pkg/microservice/aslan/core/build/handler/build.go
+++ b/pkg/microservice/aslan/core/build/handler/build.go
@@ -81,9 +81,7 @@ func ListBuildModules(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
@@ -130,14 +128,10 @@ func ListBuildModulesByServiceModule(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if ctx.Resources.SystemActions.Template.Create ||
+	} else if ctx.Resources.SystemActions.Template.Create ||
 		ctx.Resources.SystemActions.Template.Edit {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true

--- a/pkg/microservice/aslan/core/build/handler/target.go
+++ b/pkg/microservice/aslan/core/build/handler/target.go
@@ -46,9 +46,7 @@ func ListDeployTarget(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
@@ -94,9 +92,7 @@ func ListBuildModulesForProduct(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		if projectedAuthInfo.IsProjectAdmin {
 			permitted = true
 		}

--- a/pkg/microservice/aslan/core/environment/handler/configmap.go
+++ b/pkg/microservice/aslan/core/environment/handler/configmap.go
@@ -93,8 +93,11 @@ func ListProductionConfigMaps(c *gin.Context) {
 		}
 		if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
 			!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.View {
-			ctx.UnAuthorized = true
-			return
+			permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionView)
+			if err != nil || !permitted {
+				ctx.UnAuthorized = true
+				return
+			}
 		}
 	}


--- a/pkg/microservice/aslan/core/environment/handler/environment.go
+++ b/pkg/microservice/aslan/core/environment/handler/environment.go
@@ -1511,9 +1511,7 @@ func updateMultiK8sEnv(c *gin.Context, request *service.UpdateEnvRequest, produc

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[request.ProjectName]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[request.ProjectName]; ok {
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
 		}
@@ -1567,9 +1565,7 @@ func updateMultiHelmEnv(c *gin.Context, request *service.UpdateEnvRequest, produ

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[request.ProjectName]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[request.ProjectName]; ok {
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
 		}
@@ -1625,9 +1621,7 @@ func updateMultiHelmChartEnv(c *gin.Context, request *service.UpdateEnvRequest,

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[request.ProjectName]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[request.ProjectName]; ok {
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
 		}

--- a/pkg/microservice/aslan/core/environment/handler/image.go
+++ b/pkg/microservice/aslan/core/environment/handler/image.go
@@ -120,9 +120,7 @@ func UpdateDeploymentContainerImage(c *gin.Context) {
 	permitted := false
 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[args.ProductName]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[args.ProductName]; ok {
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
 		}
@@ -189,9 +187,7 @@ func UpdateProductionDeploymentContainerImage(c *gin.Context) {
 	permitted := false
 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[args.ProductName]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[args.ProductName]; ok {
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true
 		}

--- a/pkg/microservice/aslan/core/environment/handler/ingress.go
+++ b/pkg/microservice/aslan/core/environment/handler/ingress.go
@@ -89,8 +89,11 @@ func ListProductionIngresses(c *gin.Context) {
 		}
 		if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
 			!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.View {
-			ctx.UnAuthorized = true
-			return
+			permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionView)
+			if err != nil || !permitted {
+				ctx.UnAuthorized = true
+				return
+			}
 		}
 	}


--- a/pkg/microservice/aslan/core/environment/handler/pvc.go
+++ b/pkg/microservice/aslan/core/environment/handler/pvc.go
@@ -89,8 +89,11 @@ func ListProductionPvcs(c *gin.Context) {
 		}
 		if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
 			!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.View {
-			ctx.UnAuthorized = true
-			return
+			permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionView)
+			if err != nil || !permitted {
+				ctx.UnAuthorized = true
+				return
+			}
 		}
 	}


--- a/pkg/microservice/aslan/core/environment/handler/renderset.go
+++ b/pkg/microservice/aslan/core/environment/handler/renderset.go
@@ -337,9 +337,7 @@ func GetGlobalVariables(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		if projectedAuthInfo.IsProjectAdmin {
 			permitted = true
 		}

--- a/pkg/microservice/aslan/core/environment/handler/secret.go
+++ b/pkg/microservice/aslan/core/environment/handler/secret.go
@@ -89,8 +89,11 @@ func ListProductionSecrets(c *gin.Context) {
 		}
 		if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
 			!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.View {
-			ctx.UnAuthorized = true
-			return
+			permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionView)
+			if err != nil || !permitted {
+				ctx.UnAuthorized = true
+				return
+			}
 		}
 	}


--- a/pkg/microservice/aslan/core/environment/handler/service.go
+++ b/pkg/microservice/aslan/core/environment/handler/service.go
@@ -59,9 +59,7 @@ func ListSvcsInEnv(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		if projectedAuthInfo.IsProjectAdmin {
 			permitted = true
 		}
@@ -162,9 +160,7 @@ func GetProductionService(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		if projectedAuthInfo.IsProjectAdmin {
 			permitted = true
 		}

--- a/pkg/microservice/aslan/core/project/handler/product.go
+++ b/pkg/microservice/aslan/core/project/handler/product.go
@@ -491,9 +491,7 @@ func GetGlobalVariables(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectedAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		if projectedAuthInfo.IsProjectAdmin {
 			permitted = true
 		}

--- a/pkg/microservice/aslan/core/service/handler/service.go
+++ b/pkg/microservice/aslan/core/service/handler/service.go
@@ -151,9 +151,7 @@ func GetServiceTemplateOption(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectName]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectName]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true

--- a/pkg/microservice/aslan/core/workflow/handler/workflow.go
+++ b/pkg/microservice/aslan/core/workflow/handler/workflow.go
@@ -80,9 +80,7 @@ func AutoCreateWorkflow(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true

--- a/pkg/microservice/aslan/core/workflow/testing/handler/scanning.go
+++ b/pkg/microservice/aslan/core/workflow/testing/handler/scanning.go
@@ -193,9 +193,7 @@ func ListScanningModule(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true

--- a/pkg/microservice/aslan/core/workflow/testing/handler/testing.go
+++ b/pkg/microservice/aslan/core/workflow/testing/handler/testing.go
@@ -205,9 +205,7 @@ func GetTestModule(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
+	} else if projectAuthInfo, ok := ctx.Resources.ProjectAuthInfo[projectKey]; ok {
 		// first check if the user is projectAdmin
 		if projectAuthInfo.IsProjectAdmin {
 			permitted = true

--- a/pkg/microservice/picket/core/filter/handler/project.go
+++ b/pkg/microservice/picket/core/filter/handler/project.go
@@ -56,9 +56,7 @@ func CreateProject(c *gin.Context) {

 	if ctx.Resources.IsSystemAdmin {
 		permitted = true
-	}
-
-	if ctx.Resources.SystemActions.Project.Create {
+	} else if ctx.Resources.SystemActions.Project.Create {
 		permitted = true
 	}