Skip to content

Commit

Permalink
Merge pull request #142 from D10S0VSkY-OSS/hotfix/variables-perms
Browse files Browse the repository at this point in the history 
🐛fix: variable path operator validate roles
  • Loading branch information
@D10S0VSkY-OSS
D10S0VSkY-OSS authored Dec 6, 2022
2 parents 94ae5e4 + 7cd586a commit a38e44a
Showing 1 changed file with 54 additions and 12 deletions.
66 changes: 54 additions & 12 deletions sld-api-backend/src/variables/api/container/get.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,32 @@ async def get_json(
try:
if stack.isdigit():
result = crud_stacks.get_stack_by_id(db=db, stack_id=stack)
if result == None:
raise HTTPException(
status_code=404, detail=f"Not found"
)
if not crud_users.is_master(db, current_user):
if "*" not in result.squad_access:
if not check_squad_user(current_user.squad, result.squad_access):
raise HTTPException(
status_code=403, detail=f"Not enough permissions"
)
return result.var_json.get("variable")
else:
result = crud_stacks.get_stack_by_name(db=db, stack_name=stack)
return result.var_json.get("variable")
if result == None:
raise HTTPException(
status_code=404, detail=f"Not found"
)
if not crud_users.is_master(db, current_user):
if "*" not in result.squad_access:
if not check_squad_user(current_user.squad, result.squad_access):
raise HTTPException(
status_code=403, detail=f"Not enough permissions"
)
return result.var_json.get("variable")
except Exception as err:
raise HTTPException(status_code=404, detail=f"{err}")
raise err


async def get_list(
Expand All @@ -39,12 +59,32 @@ async def get_list(
try:
if stack.isdigit():
result = crud_stacks.get_stack_by_id(db=db, stack_id=stack)
if result == None:
raise HTTPException(
status_code=404, detail=f"Not found"
)
if not crud_users.is_master(db, current_user):
if "*" not in result.squad_access:
if not check_squad_user(current_user.squad, result.squad_access):
raise HTTPException(
status_code=403, detail=f"Not enough permissions"
)
return result.var_list
else:
result = crud_stacks.get_stack_by_name(db=db, stack_name=stack)
return result.var_list
if result == None:
raise HTTPException(
status_code=404, detail=f"Not found"
)
if not crud_users.is_master(db, current_user):
if "*" not in result.squad_access:
if not check_squad_user(current_user.squad, result.squad_access):
raise HTTPException(
status_code=403, detail=f"Not enough permissions"
)
return result.var_list
except Exception as err:
raise HTTPException(status_code=404, detail=f"{err}")
raise err


async def get_deploy_by_id(
Expand All @@ -53,15 +93,17 @@ async def get_deploy_by_id(
db: Session = Depends(deps.get_db),
):

result = crud_deploys.get_deploy_by_id(db=db, deploy_id=deploy_id)
if not crud_users.is_master(db, current_user):
if not check_squad_user(current_user.squad, [result.squad]):
try:
result = crud_deploys.get_deploy_by_id(db=db, deploy_id=deploy_id)
if result == None:
raise HTTPException(
status_code=403, detail=f"Not enough permissions in {squad}"
status_code=404, detail=f"Not found"
)
try:
if result is None:
raise Exception("Deploy id Not Found")
if not crud_users.is_master(db, current_user):
if not check_squad_user(current_user.squad, [result.squad]):
raise HTTPException(
status_code=403, detail=f"Not enough permissions"
)
return result.variables
except Exception as err:
raise HTTPException(status_code=404, detail=f"{err}")
raise err

0 comments on commit a38e44a

Please sign in to comment.