Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-10-27 11:02:16 +01:00
Code Issues Projects Releases Wiki Activity

feat: RBAC read params from body (#2846)

Browse Source 
## About the changes
This is a follow-up on #1953

This implementation generalizes how we fetch some standard parameters
from the query parameters or request body.

## Discussion points
Unfortunately, we have not used standard names for our APIs and one
example is our `projectId` (in some cases we just used `project`).
Ideally, we're only using one way of sending these parameters either
`projectId` or `project` (same applies to `environment` vs
`environmentId`).

If both parameters are present, due to historical reasons, we'll give
precedence to:
- `projectId` over `project`
- `environment` over `environmentId` 

In the presence of both query parameters and body, we'll give precedence
to query parameters also for historical reasons.
This commit is contained in:
Gastón Fournier 2023-01-11 10:48:27 +01:00 committed by GitHub
parent 7c8647f9f3
commit fa47fee55e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/lib/middleware/rbac-middleware.ts
View File

@ -1,4 +1,3 @@
/* eslint-disable @typescript-eslint/explicit-module-boundary-types */
import { import {
CREATE_FEATURE, CREATE_FEATURE,
DELETE_FEATURE, DELETE_FEATURE,
@ -18,6 +17,18 @@ interface PermissionChecker {
): Promise<boolean>; ): Promise<boolean>;
} }
function findParam(
name: string,
{ params, body }: any,
defaultValue?: string,
): string | undefined {
let found = params ? params[name] : undefined;
if (found === undefined) {
found = body ? body[name] : undefined;
}
return found || defaultValue;
}
const rbacMiddleware = ( const rbacMiddleware = (
config: Pick<IUnleashConfig, 'getLogger'>, config: Pick<IUnleashConfig, 'getLogger'>,
{ featureToggleStore }: Pick<IUnleashStores, 'featureToggleStore'>, { featureToggleStore }: Pick<IUnleashStores, 'featureToggleStore'>,
@ -44,16 +55,23 @@ const rbacMiddleware = (
return false; return false;
} }
// For /api/admin/projects/:projectId we will find it as part of params let projectId =
let { projectId, environment } = params; findParam('projectId', req) || findParam('project', req);
let environment =
findParam('environment', req) ||
findParam('environmentId', req);
// Temporary workaround to figure out projectId for feature toggle updates. // Temporary workaround to figure out projectId for feature toggle updates.
// will be removed in Unleash v5.0 // will be removed in Unleash v5.0
if ([DELETE_FEATURE, UPDATE_FEATURE].includes(permission)) { if ([DELETE_FEATURE, UPDATE_FEATURE].includes(permission)) {
const { featureName } = params; const { featureName } = params;
projectId = await featureToggleStore.getProjectId(featureName); projectId = await featureToggleStore.getProjectId(featureName);
} else if (permission === CREATE_FEATURE) { } else if (
projectId = projectId || req.body.project || 'default'; projectId === undefined &&
(permission == CREATE_FEATURE ||
permission.endsWith('FEATURE_STRATEGY'))
) {
projectId = 'default';
} }
return accessService.hasPermission( return accessService.hasPermission(