Skip to content

Commit

Permalink
chore: pass right access
Browse files Browse the repository at this point in the history 
Signed-off-by: tygao <tygao@amazon.com>
  • Loading branch information
@raintygao
raintygao committed Aug 18, 2023
1 parent 90f04e1 commit 29fb64a
Showing 1 changed file with 20 additions and 12 deletions.
32 changes: 20 additions & 12 deletions src/plugins/workspace/server/saved_objects/workspace_saved_objects_client_wrapper.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,6 @@ export class WorkspaceSavedObjectsClientWrapper {
) {
// PermissionMode here is an array which is merged by workspace type required permission and other saved object required permission.
// So we only need to do one permission check no matter its type.
let permitted = true;

for (const { id, type } of objects) {
const validateResult = await this.permissionControl.validate(
request,
Expand All @@ -108,10 +106,9 @@ export class WorkspaceSavedObjectsClientWrapper {
this.formatWorkspacePermissionModeToStringArray(permissionMode)
);
if (!validateResult?.result) {
permitted = false;
break;
return false;
}
return permitted;
return true;
}
}

Expand Down Expand Up @@ -152,7 +149,6 @@ export class WorkspaceSavedObjectsClientWrapper {
if (!workspaces || workspaces.length === 0) {
return false;
}
let permitted = false;
for (const workspaceId of workspaces) {
const validateResult = await this.permissionControl.validate(
request,
Expand All @@ -163,11 +159,10 @@ export class WorkspaceSavedObjectsClientWrapper {
this.formatWorkspacePermissionModeToStringArray(permissionMode)
);
if (validateResult?.result) {
permitted = true;
break;
return true;
}
}
return permitted;
return false;
}

/**
Expand Down Expand Up @@ -197,7 +192,11 @@ export class WorkspaceSavedObjectsClientWrapper {
const objectsPermitted = await this.validateMultiObjectsPermissions(
[{ type, id }],
wrapperOptions.request,
[WorkspacePermissionMode.Management, WorkspacePermissionMode.Write]
[
WorkspacePermissionMode.Management,
WorkspacePermissionMode.LibraryWrite,
WorkspacePermissionMode.Write,
]
);
if (!objectsPermitted) {
throw generateSavedObjectsPermissionError();
Expand All @@ -221,6 +220,7 @@ export class WorkspaceSavedObjectsClientWrapper {
if (!workspacePermitted) {
await this.validateSingleObjectPermissions(id, type, wrapperOptions.request, [
WorkspacePermissionMode.Management,
WorkspacePermissionMode.LibraryWrite,
WorkspacePermissionMode.Write,
]);
}
Expand All @@ -243,7 +243,11 @@ export class WorkspaceSavedObjectsClientWrapper {
object.id,
object.type,
wrapperOptions.request,
[WorkspacePermissionMode.Management, WorkspacePermissionMode.Write]
[
WorkspacePermissionMode.Management,
WorkspacePermissionMode.LibraryWrite,
WorkspacePermissionMode.Write,
]
);
}
}
Expand Down Expand Up @@ -294,7 +298,11 @@ export class WorkspaceSavedObjectsClientWrapper {
const workspacePermitted = await this.validateAtLeastOnePermittedWorkspaces(
objectToGet.workspaces,
wrapperOptions.request,
[WorkspacePermissionMode.Read]
[
WorkspacePermissionMode.LibraryRead,
WorkspacePermissionMode.LibraryWrite,
WorkspacePermissionMode.Management,
]
);

if (!workspacePermitted) {
Expand Down

0 comments on commit 29fb64a

Please sign in to comment.