extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-08-10 23:55:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

check user accounts for setup keys

Browse Source 
Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
This commit is contained in:
bcmmbaga
2024-10-17 11:59:46 +03:00
parent d7c63d5c04
commit d7a6996bed
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
management/server/setupkey.go
View File

@ -217,7 +217,7 @@ func (am *DefaultAccountManager) CreateSetupKey(ctx context.Context, accountID s
}
if user.AccountID != accountID {
return nil, status.Errorf(status.PermissionDenied, "only users with admin power can update setup keys")
return nil, status.Errorf(status.PermissionDenied, errUserNotPartOfAccountMsg)
}
keyDuration := DefaultSetupKeyDuration
@ -275,7 +275,7 @@ func (am *DefaultAccountManager) SaveSetupKey(ctx context.Context, accountID str
}
if user.AccountID != accountID {
return nil, status.Errorf(status.PermissionDenied, "only users with admin power can update setup keys")
return nil, status.Errorf(status.PermissionDenied, errUserNotPartOfAccountMsg)
}
groups, err := am.Store.GetAccountGroups(ctx, LockingStrengthShare, accountID)
@ -348,10 +348,14 @@ func (am *DefaultAccountManager) ListSetupKeys(ctx context.Context, accountID, u
return nil, err
}
if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
if !user.IsAdminOrServiceUser() {
return nil, status.Errorf(status.Unauthorized, "only users with admin power can view setup keys")
}
if user.AccountID != accountID {
return nil, status.Errorf(status.PermissionDenied, errUserNotPartOfAccountMsg)
}
setupKeys, err := am.Store.GetAccountSetupKeys(ctx, LockingStrengthShare, accountID)
if err != nil {
return nil, err
@ -378,10 +382,14 @@ func (am *DefaultAccountManager) GetSetupKey(ctx context.Context, accountID, use
return nil, err
}
if !user.IsAdminOrServiceUser() || user.AccountID != accountID {
if !user.IsAdminOrServiceUser() {
return nil, status.Errorf(status.Unauthorized, "only users with admin power can view setup keys")
}
if user.AccountID != accountID {
return nil, status.Errorf(status.PermissionDenied, errUserNotPartOfAccountMsg)
}
setupKey, err := am.Store.GetSetupKeyByID(ctx, LockingStrengthShare, accountID, keyID)
if err != nil {
return nil, err