fix(authz): fix user grant handler (#795)

This commit is contained in:
Silvan 2020-09-30 10:29:41 +02:00 committed by GitHub
parent c2e046548e
commit bdcf9fcc5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 8 deletions

View File

@ -71,7 +71,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
case proj_es_model.ProjectAggregate: case proj_es_model.ProjectAggregate:
err = u.processProject(event) err = u.processProject(event)
case iam_es_model.IAMAggregate: case iam_es_model.IAMAggregate:
err = u.processIamMember(event, "IAM", false) err = u.processIAMMember(event, "IAM", false)
case org_es_model.OrgAggregate: case org_es_model.OrgAggregate:
return u.processOrg(event) return u.processOrg(event)
} }
@ -132,7 +132,6 @@ func (u *UserGrant) processUser(event *models.Event) (err error) {
default: default:
return u.view.ProcessedUserGrantSequence(event.Sequence) return u.view.ProcessedUserGrantSequence(event.Sequence)
} }
return nil
} }
func (u *UserGrant) processProject(event *models.Event) (err error) { func (u *UserGrant) processProject(event *models.Event) (err error) {
@ -161,7 +160,6 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
default: default:
return u.view.ProcessedUserGrantSequence(event.Sequence) return u.view.ProcessedUserGrantSequence(event.Sequence)
} }
return nil
} }
func (u *UserGrant) processOrg(event *models.Event) (err error) { func (u *UserGrant) processOrg(event *models.Event) (err error) {
@ -175,7 +173,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
} }
} }
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error { func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suffix bool) error {
member := new(iam_es_model.IAMMember) member := new(iam_es_model.IAMMember)
switch event.Type { switch event.Type {

View File

@ -57,7 +57,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
case proj_es_model.ProjectAggregate: case proj_es_model.ProjectAggregate:
err = u.processProject(event) err = u.processProject(event)
case iam_es_model.IAMAggregate: case iam_es_model.IAMAggregate:
err = u.processIamMember(event, "IAM", false) err = u.processIAMMember(event, "IAM", false)
case org_es_model.OrgAggregate: case org_es_model.OrgAggregate:
return u.processOrg(event) return u.processOrg(event)
} }
@ -90,7 +90,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
} }
} }
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error { func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suffix bool) error {
member := new(iam_es_model.IAMMember) member := new(iam_es_model.IAMMember)
switch event.Type { switch event.Type {
@ -158,6 +158,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
RoleKeys: roleKeys, RoleKeys: roleKeys,
CreationDate: event.CreationDate, CreationDate: event.CreationDate,
} }
} else { } else {
newRoles := roleKeys newRoles := roleKeys
if grant.RoleKeys != nil { if grant.RoleKeys != nil {
@ -174,10 +175,20 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
proj_es_model.ProjectGrantMemberRemoved: proj_es_model.ProjectGrantMemberRemoved:
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID) grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
if err != nil { if err != nil && !errors.IsNotFound(err) {
return err return err
} }
return u.view.DeleteUserGrant(grant.ID, event.Sequence) if errors.IsNotFound(err) {
return u.view.ProcessedUserGrantSequence(event.Sequence)
}
if roleSuffix != "" {
roleKeys = suffixRoles(roleSuffix, roleKeys)
}
if grant.RoleKeys == nil {
return u.view.ProcessedUserGrantSequence(event.Sequence)
}
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
return u.view.PutUserGrant(grant, event.Sequence)
default: default:
return u.view.ProcessedUserGrantSequence(event.Sequence) return u.view.ProcessedUserGrantSequence(event.Sequence)
} }