extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-10 15:48:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix prevent users from creating PATs for other users

Browse Source 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
This commit is contained in:
bcmmbaga
2024-11-21 21:03:16 +03:00
parent 7af55fbd71
commit 7d0331f41e
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
management/server/status/error.go
View File

@ -93,7 +93,7 @@ func NewPeerNotPartOfAccountError() error {
// NewUserNotFoundError creates a new Error with NotFound type for a missing user // NewUserNotFoundError creates a new Error with NotFound type for a missing user
func NewUserNotFoundError(userKey string) error { func NewUserNotFoundError(userKey string) error {
return Errorf(NotFound, "user not found: %s", userKey) return Errorf(NotFound, "user: %s not found", userKey)
} }
// NewPeerNotRegisteredError creates a new Error with NotFound type for a missing peer // NewPeerNotRegisteredError creates a new Error with NotFound type for a missing peer

10
management/server/user.go
View File

@ -539,15 +539,15 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string
return nil, status.NewUserNotPartOfAccountError() return nil, status.NewUserNotPartOfAccountError()
} }
if initiatorUserID != targetUserID && initiatorUser.IsRegularUser() { targetUser, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, targetUserID)
return nil, status.NewAdminPermissionError()
}
targetUser, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, initiatorUserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if initiatorUserID != targetUserID && !(initiatorUser.HasAdminPower() && targetUser.IsServiceUser) {
return nil, status.NewAdminPermissionError()
}
pat, err := CreateNewPAT(tokenName, expiresIn, targetUserID, initiatorUser.Id) pat, err := CreateNewPAT(tokenName, expiresIn, targetUserID, initiatorUser.Id)
if err != nil { if err != nil {
return nil, status.Errorf(status.Internal, "failed to create PAT: %v", err) return nil, status.Errorf(status.Internal, "failed to create PAT: %v", err)