Fix posture check name uniqueness per account

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
2024-12-14 02:41:34 +01:00 · 2024-10-01 01:06:52 +03:00 · 2024-10-01 01:06:52 +03:00 · f43a006c34
commit f43a006c34
parent 1a37b12d1b
3 changed files with 25 additions and 6 deletions
--- a/management/server/http/posture_checks_handler.go
+++ b/management/server/http/posture_checks_handler.go
@ -170,6 +170,7 @@ func (p *PostureChecksHandler) savePostureChecks(w http.ResponseWriter, r *http.
 		util.WriteError(r.Context(), err, w)
 		return
 	}
+	postureChecks.AccountID = accountID

 	if err := p.accountManager.SavePostureChecks(r.Context(), accountID, userID, postureChecks, isUpdate); err != nil {
 		util.WriteError(r.Context(), err, w)
--- a/management/server/policy.go
+++ b/management/server/policy.go
@ -397,7 +397,7 @@ func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, po
 	}

 	if !user.HasAdminPower() || user.AccountID != accountID {
-		return status.Errorf(status.PermissionDenied, "only admin users are allowed to delete policies")
+		return status.Errorf(status.PermissionDenied, "deleting policies is restricted to admin users only")
 	}

 	policy, err := am.Store.GetPolicyByID(ctx, LockingStrengthShare, policyID, accountID)
@ -411,7 +411,7 @@ func (am *DefaultAccountManager) DeletePolicy(ctx context.Context, accountID, po
 			return fmt.Errorf("failed to increment network serial: %w", err)
 		}

-		err = transaction.DeletePolicy(ctx, LockingStrengthUpdate, policyID)
+		err = transaction.DeletePolicy(ctx, LockingStrengthUpdate, policyID, accountID)
 		if err != nil {
 			return fmt.Errorf("failed to delete policy: %w", err)
 		}
--- a/management/server/posture_checks.go
+++ b/management/server/posture_checks.go
@ -39,10 +39,9 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
 		return status.Errorf(status.PermissionDenied, "only admin users are allowed to update posture checks")
 	}

-	if err := postureChecks.Validate(); err != nil {
-		return status.Errorf(status.InvalidArgument, err.Error()) //nolint
+	if err = am.validatePostureChecks(ctx, accountID, postureChecks); err != nil {
+		return status.Errorf(status.InvalidArgument, err.Error())
 	}
-	postureChecks.AccountID = accountID

 	action := activity.PostureCheckCreated

@ -81,6 +80,25 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
 	return nil
 }

+func (am *DefaultAccountManager) validatePostureChecks(ctx context.Context, accountID string, postureChecks *posture.Checks) error {
+	if err := postureChecks.Validate(); err != nil {
+		return status.Errorf(status.InvalidArgument, err.Error()) //nolint
+	}
+
+	checks, err := am.Store.GetAccountPostureChecks(ctx, LockingStrengthShare, accountID)
+	if err != nil {
+		return err
+	}
+
+	for _, check := range checks {
+		if check.Name == postureChecks.Name && check.ID != postureChecks.ID {
+			return status.Errorf(status.InvalidArgument, "posture checks with name %s already exists", postureChecks.Name)
+		}
+	}
+
+	return nil
+}
+
 // DeletePostureChecks deletes a posture check by ID.
 func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accountID, postureChecksID, userID string) error {
 	user, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, userID)
@ -106,7 +124,7 @@ func (am *DefaultAccountManager) DeletePostureChecks(ctx context.Context, accoun
 			return fmt.Errorf("failed to increment network serial: %w", err)
 		}

-		if err = transaction.DeletePostureChecks(ctx, LockingStrengthUpdate, postureChecksID); err != nil {
+		if err = transaction.DeletePostureChecks(ctx, LockingStrengthUpdate, postureChecksID, accountID); err != nil {
 			return fmt.Errorf("failed to delete posture checks: %w", err)
 		}
 		return nil