From bdcf9fcc5ce2fc31ca340a19ed4f0ae3388d71ba Mon Sep 17 00:00:00 2001 From: Silvan Date: Wed, 30 Sep 2020 10:29:41 +0200 Subject: [PATCH] fix(authz): fix user grant handler (#795) --- .../eventsourcing/handler/user_grant.go | 6 ++---- .../eventsourcing/handler/user_grant.go | 19 +++++++++++++++---- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/internal/auth/repository/eventsourcing/handler/user_grant.go b/internal/auth/repository/eventsourcing/handler/user_grant.go index b2fc5baefe..082bee7c88 100644 --- a/internal/auth/repository/eventsourcing/handler/user_grant.go +++ b/internal/auth/repository/eventsourcing/handler/user_grant.go @@ -71,7 +71,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) { case proj_es_model.ProjectAggregate: err = u.processProject(event) case iam_es_model.IAMAggregate: - err = u.processIamMember(event, "IAM", false) + err = u.processIAMMember(event, "IAM", false) case org_es_model.OrgAggregate: return u.processOrg(event) } @@ -132,7 +132,6 @@ func (u *UserGrant) processUser(event *models.Event) (err error) { default: return u.view.ProcessedUserGrantSequence(event.Sequence) } - return nil } func (u *UserGrant) processProject(event *models.Event) (err error) { @@ -161,7 +160,6 @@ func (u *UserGrant) processProject(event *models.Event) (err error) { default: return u.view.ProcessedUserGrantSequence(event.Sequence) } - return nil } func (u *UserGrant) processOrg(event *models.Event) (err error) { @@ -175,7 +173,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) { } } -func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error { +func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suffix bool) error { member := new(iam_es_model.IAMMember) switch event.Type { diff --git a/internal/authz/repository/eventsourcing/handler/user_grant.go b/internal/authz/repository/eventsourcing/handler/user_grant.go index 1f4a4c4f03..897186b8e8 100644 --- a/internal/authz/repository/eventsourcing/handler/user_grant.go +++ b/internal/authz/repository/eventsourcing/handler/user_grant.go @@ -57,7 +57,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) { case proj_es_model.ProjectAggregate: err = u.processProject(event) case iam_es_model.IAMAggregate: - err = u.processIamMember(event, "IAM", false) + err = u.processIAMMember(event, "IAM", false) case org_es_model.OrgAggregate: return u.processOrg(event) } @@ -90,7 +90,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) { } } -func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error { +func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suffix bool) error { member := new(iam_es_model.IAMMember) switch event.Type { @@ -158,6 +158,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st RoleKeys: roleKeys, CreationDate: event.CreationDate, } + } else { newRoles := roleKeys if grant.RoleKeys != nil { @@ -174,10 +175,20 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st proj_es_model.ProjectGrantMemberRemoved: grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID) - if err != nil { + if err != nil && !errors.IsNotFound(err) { return err } - return u.view.DeleteUserGrant(grant.ID, event.Sequence) + if errors.IsNotFound(err) { + return u.view.ProcessedUserGrantSequence(event.Sequence) + } + if roleSuffix != "" { + roleKeys = suffixRoles(roleSuffix, roleKeys) + } + if grant.RoleKeys == nil { + return u.view.ProcessedUserGrantSequence(event.Sequence) + } + grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil) + return u.view.PutUserGrant(grant, event.Sequence) default: return u.view.ProcessedUserGrantSequence(event.Sequence) }