Skip to content
This repository has been archived by the owner on Jun 6, 2024. It is now read-only.

Commit

Permalink
use check admin middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
suiguoxin committed Nov 3, 2020
1 parent 730a23c commit 1a748fb
Show file tree
Hide file tree
Showing 10 changed files with 121 additions and 258 deletions.
184 changes: 52 additions & 132 deletions src/rest-server/src/controllers/v2/group.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,6 @@ const getAllGroup = async (req, res, next) => {

const getGroupUserList = async (req, res, next) => {
try {
if (!req.user.admin) {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
}
const groupname = req.params.groupname;
const allUserInfoList = await userModel.getAllUser();
const userlist = [];
Expand All @@ -79,15 +70,6 @@ const getGroupUserList = async (req, res, next) => {

const createGroup = async (req, res, next) => {
try {
if (!req.user.admin) {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
}
const groupname = req.body.groupname;
const groupValue = {
groupname: req.body.groupname,
Expand All @@ -107,42 +89,30 @@ const createGroup = async (req, res, next) => {
const updateGroup = async (req, res, next) => {
const groupname = req.body.data.groupname;
try {
if (req.user.admin) {
const groupInfo = await groupModel.getGroup(groupname);
if (req.body.patch) {
if ('description' in req.body.data) {
groupInfo.description = req.body.data.description;
}
if ('externalName' in req.body.data) {
groupInfo.externalName = req.body.data.externalName;
}
if ('extension' in req.body.data) {
if (Object.keys(req.body.data.extension).length > 0) {
for (const [key, value] of Object.entries(
req.body.data.extension,
)) {
groupInfo.extension[key] = value;
}
}
}
} else {
const groupInfo = await groupModel.getGroup(groupname);
if (req.body.patch) {
if ('description' in req.body.data) {
groupInfo.description = req.body.data.description;
}
if ('externalName' in req.body.data) {
groupInfo.externalName = req.body.data.externalName;
groupInfo.extension = req.body.data.extension;
}
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: `update group ${groupname} successfully.`,
});
if ('extension' in req.body.data) {
if (Object.keys(req.body.data.extension).length > 0) {
for (const [key, value] of Object.entries(req.body.data.extension)) {
groupInfo.extension[key] = value;
}
}
}
} else {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
groupInfo.description = req.body.data.description;
groupInfo.externalName = req.body.data.externalName;
groupInfo.extension = req.body.data.extension;
}
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: `update group ${groupname} successfully.`,
});
} catch (error) {
if (error.status === 404) {
return next(
Expand All @@ -160,20 +130,10 @@ const updateGroup = async (req, res, next) => {
const deleteGroup = async (req, res, next) => {
try {
const groupname = req.params.groupname;
if (req.user.admin) {
await groupModel.deleteGroup(groupname);
return res.status(200).json({
message: 'group is removed successfully',
});
} else {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
}
await groupModel.deleteGroup(groupname);
return res.status(200).json({
message: 'group is removed successfully',
});
} catch (error) {
return next(createError.unknown(error));
}
Expand All @@ -184,24 +144,14 @@ const updateGroupExtension = async (req, res, next) => {
try {
const groupname = req.params.groupname;
const extensionData = req.body.extension;
if (req.user.admin) {
const groupInfo = await groupModel.getGroup(groupname);
for (const [key, value] of Object.entries(extensionData)) {
groupInfo.extension[key] = value;
}
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'update group extension data successfully.',
});
} else {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
const groupInfo = await groupModel.getGroup(groupname);
for (const [key, value] of Object.entries(extensionData)) {
groupInfo.extension[key] = value;
}
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'update group extension data successfully.',
});
} catch (error) {
return next(createError.unknown(error));
}
Expand All @@ -213,26 +163,16 @@ const updateGroupExtensionAttr = async (req, res, next) => {
const groupname = req.params.groupname;
const attrs = req.params[0].split('/');
const updateData = req.body.data;
if (req.user.admin) {
const groupInfo = await groupModel.getGroup(groupname);
groupInfo.extension = common.assignValueByKeyarray(
groupInfo.extension,
attrs,
updateData,
);
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'Update group extension data successfully.',
});
} else {
return next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
}
const groupInfo = await groupModel.getGroup(groupname);
groupInfo.extension = common.assignValueByKeyarray(
groupInfo.extension,
attrs,
updateData,
);
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'Update group extension data successfully.',
});
} catch (error) {
if (error.status === 404) {
return next(
Expand All @@ -252,22 +192,12 @@ const updateGroupDescription = async (req, res, next) => {
try {
const groupname = req.params.groupname;
const descriptionData = req.body.description;
if (req.user.admin) {
const groupInfo = await groupModel.getGroup(groupname);
groupInfo.description = descriptionData;
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'update group description data successfully.',
});
} else {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
}
const groupInfo = await groupModel.getGroup(groupname);
groupInfo.description = descriptionData;
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'update group description data successfully.',
});
} catch (error) {
return next(createError.unknown(error));
}
Expand All @@ -278,22 +208,12 @@ const updateGroupExternalName = async (req, res, next) => {
try {
const groupname = req.params.groupname;
const externalNameData = req.body.externalName;
if (req.user.admin) {
const groupInfo = await groupModel.getGroup(groupname);
groupInfo.externalName = externalNameData;
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'update group externalNameData data successfully.',
});
} else {
next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
),
);
}
const groupInfo = await groupModel.getGroup(groupname);
groupInfo.externalName = externalNameData;
await groupModel.updateGroup(groupname, groupInfo);
return res.status(201).json({
message: 'update group externalNameData data successfully.',
});
} catch (error) {
return next(createError.unknown(error));
}
Expand Down
16 changes: 0 additions & 16 deletions src/rest-server/src/controllers/v2/job.js
Original file line number Diff line number Diff line change
Expand Up @@ -222,14 +222,6 @@ const getSshInfo = asyncHandler(async (req, res) => {
});

const addTag = asyncHandler(async (req, res) => {
// only admin users can add tags
if (!req.user.admin) {
throw createError(
'Unauthorized',
'UnauthorizedUserError',
'Only admin users are allowed to do this operation.',
);
}
await job.addTag(req.params.frameworkName, req.body.value);
res.status(status('OK')).json({
status: status('OK'),
Expand All @@ -238,14 +230,6 @@ const addTag = asyncHandler(async (req, res) => {
});

const deleteTag = asyncHandler(async (req, res) => {
// only admin users can delete tags
if (!req.user.admin) {
throw createError(
'Unauthorized',
'UnauthorizedUserError',
'Only admin users are allowed to do this operation.',
);
}
await job.deleteTag(req.params.frameworkName, req.body.value);
res.status(status('OK')).json({
status: status('OK'),
Expand Down
76 changes: 28 additions & 48 deletions src/rest-server/src/controllers/v2/user.js
Original file line number Diff line number Diff line change
Expand Up @@ -293,48 +293,38 @@ const updateVirtualClusterInternal = async (newVc) => {
const updateUserVirtualCluster = async (req, res, next) => {
try {
const username = req.params.username;
if (req.user.admin) {
const newGroupList = await updateVirtualClusterInternal(
req.body.virtualCluster,
);
let userInfo;
try {
userInfo = await userModel.getUser(username);
} catch (error) {
if (error.status === 404) {
return next(
createError(
'Not Found',
'NoUserError',
`User ${req.params.username} not found.`,
),
);
}
return next(createError.unknown(error));
}
if (await userModel.checkAdmin(username)) {
const newGroupList = await updateVirtualClusterInternal(
req.body.virtualCluster,
);
let userInfo;
try {
userInfo = await userModel.getUser(username);
} catch (error) {
if (error.status === 404) {
return next(
createError(
'Forbidden',
'ForbiddenUserError',
"Admin's virtual clusters cannot be updated.",
'Not Found',
'NoUserError',
`User ${req.params.username} not found.`,
),
);
}
userInfo.grouplist = newGroupList;
await userModel.updateUser(username, userInfo);
return res.status(201).json({
message: 'Update user virtualCluster data successfully.',
});
} else {
return next(createError.unknown(error));
}
if (await userModel.checkAdmin(username)) {
return next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
"Admin's virtual clusters cannot be updated.",
),
);
}
userInfo.grouplist = newGroupList;
await userModel.updateUser(username, userInfo);
return res.status(201).json({
message: 'Update user virtualCluster data successfully.',
});
} catch (error) {
if (error.code === 'NoVirtualClusterError') {
return next(error);
Expand Down Expand Up @@ -757,29 +747,19 @@ const oidcUserUpdate = async (req, res, next) => {
const deleteUser = async (req, res, next) => {
try {
const username = req.params.username;
if (req.user.admin) {
if (await userModel.checkAdmin(username)) {
return next(
createError(
'Forbidden',
'RemoveAdminError',
`Admin ${username} is not allowed to remove.`,
),
);
}
await userModel.deleteUser(username);
return res.status(200).json({
message: 'user is removed successfully',
});
} else {
next(
if (await userModel.checkAdmin(username)) {
return next(
createError(
'Forbidden',
'ForbiddenUserError',
`Non-admin is not allow to do this operation.`,
'RemoveAdminError',
`Admin ${username} is not allowed to remove.`,
),
);
}
await userModel.deleteUser(username);
return res.status(200).json({
message: 'user is removed successfully',
});
} catch (error) {
if (error.status === 404) {
return next(
Expand Down
Loading

0 comments on commit 1a748fb

Please sign in to comment.