Skip to content
This repository has been archived by the owner on Jan 27, 2021. It is now read-only.

Manage account permissions #100

Merged
merged 15 commits into from
Sep 1, 2020
Merged

Manage account permissions #100

merged 15 commits into from
Sep 1, 2020

Conversation

kulmann
Copy link
Member

@kulmann kulmann commented Aug 27, 2020

We make use of the roles cache from ocis-pkg to enforce permission checks in the accounts handler.

@update-docs

This comment has been minimized.

Sign in to view
butonic
butonic approved these changes Aug 27, 2020
View reviewed changes
Copy link
Member

@butonic butonic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking at https://github.com/owncloud/ocis-accounts/pull/100/files#diff-1bc5586c5f4afccf828e3161c29aa9f2 I wonder if there is a cleaner way to check the permissions. googling led me to https://github.com/ory/ladon?branch=master#conditions and since we are aiming for fine grained permissions here, I think this is the right direction.

go.mod Outdated Show resolved Hide resolved
go.mod Outdated Show resolved Hide resolved
@kulmann kulmann mentioned this pull request Aug 28, 2020
Closed
23 tasks
@kulmann
Copy link
Member Author

kulmann commented Aug 28, 2020

UI tests need to be adjusted. The accounts list can only be viewed by admin accounts now, so we need to have an admin user in the test suite.

@kulmann
Copy link
Member Author

kulmann commented Aug 31, 2020

Rebased to current master

@kulmann kulmann mentioned this pull request Aug 31, 2020
Closed
@exalate-issue-sync exalate-issue-sync bot mentioned this pull request Aug 31, 2020
Open
@kulmann
Copy link
Member Author

kulmann commented Aug 31, 2020

Tests are failing, because the accounts service is starting faster than the settings service: https://cloud.drone.io/owncloud/ocis-accounts/466/2/6

@dpakach
Copy link
Contributor

dpakach commented Sep 1, 2020
edited
Loading

@kulmann I tried running in this branch locally but for me, the user moss doesn't get created and I cant login.
Also in /var/tmp/ocis-accounts/accounts the user is not there

tmp/ocis-accounts/accounts 
❯ la
total 20K
-rw------- 1 dipakacharya dipakacharya 584 Sep  1 10:58 4c510ada-c86b-4815-8820-42cdf82c3d51
-rw------- 1 dipakacharya dipakacharya 440 Sep  1 10:58 820ba2a1-3f54-4538-80a4-2d73007e30bf
-rw------- 1 dipakacharya dipakacharya 580 Sep  1 10:58 932b4540-8d16-481e-8ef4-588e4b6b151c
-rw------- 1 dipakacharya dipakacharya 453 Sep  1 10:58 bc596f3c-c955-4328-80a0-60d018b4ad57
-rw------- 1 dipakacharya dipakacharya 571 Sep  1 10:58 f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c

Seems like that is why the UI tests are failing

@kulmann
Copy link
Member Author

kulmann commented Sep 1, 2020

@kulmann I tried running in this branch locally but for me, the user moss doesn't get created and I cant login.
Also in /var/tmp/ocis-accounts/accounts the user is not there

tmp/ocis-accounts/accounts 
❯ la
total 20K
-rw------- 1 dipakacharya dipakacharya 584 Sep  1 10:58 4c510ada-c86b-4815-8820-42cdf82c3d51
-rw------- 1 dipakacharya dipakacharya 440 Sep  1 10:58 820ba2a1-3f54-4538-80a4-2d73007e30bf
-rw------- 1 dipakacharya dipakacharya 580 Sep  1 10:58 932b4540-8d16-481e-8ef4-588e4b6b151c
-rw------- 1 dipakacharya dipakacharya 453 Sep  1 10:58 bc596f3c-c955-4328-80a0-60d018b4ad57
-rw------- 1 dipakacharya dipakacharya 571 Sep  1 10:58 f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c

Seems like that is why the UI tests are failing

Can you delete /var/tmp/ocis-accounts on your machine and restart the accounts service? We only create the set of default users if the accounts folder doesn't exist. So if there are users missing on your disk, they won't get created if the other users already exist.

@dpakach
Copy link
Contributor

dpakach commented Sep 1, 2020

@kulmann that worked. But now if I go to the accounts page, the account service panics

2020-09-01 12:01:14.664847 I | http: panic serving 127.0.0.1:53750: runtime error: invalid memory address or nil pointer dereference
goroutine 109 [running]:
net/http.(*conn).serve.func1(0xc0000ca000)
	/usr/local/go/src/net/http/server.go:1767 +0x139
panic(0x1c6d520, 0x2bb2e90)
	/usr/local/go/src/runtime/panic.go:679 +0x1b2
github.com/owncloud/ocis-pkg/v2/middleware.ExtractAccountUUID.func1.1(0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/home/dipakacharya/go/pkg/mod/github.com/owncloud/ocis-pkg/v2@v2.4.1-0.20200828095914-d3b859484b2b/middleware/account.go:61 +0x21c
net/http.HandlerFunc.ServeHTTP(0xc000718030, 0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/usr/local/go/src/net/http/server.go:2007 +0x44
github.com/owncloud/ocis-pkg/v2/middleware.Secure.func1(0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/home/dipakacharya/go/pkg/mod/github.com/owncloud/ocis-pkg/v2@v2.4.1-0.20200828095914-d3b859484b2b/middleware/header.go:47 +0x3d0
net/http.HandlerFunc.ServeHTTP(0xc00082f940, 0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/usr/local/go/src/net/http/server.go:2007 +0x44
github.com/owncloud/ocis-pkg/v2/middleware.Cors.func1(0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/home/dipakacharya/go/pkg/mod/github.com/owncloud/ocis-pkg/v2@v2.4.1-0.20200828095914-d3b859484b2b/middleware/header.go:23 +0x5e
net/http.HandlerFunc.ServeHTTP(0xc00082f960, 0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/usr/local/go/src/net/http/server.go:2007 +0x44
github.com/owncloud/ocis-pkg/v2/middleware.Cache.func1(0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/home/dipakacharya/go/pkg/mod/github.com/owncloud/ocis-pkg/v2@v2.4.1-0.20200828095914-d3b859484b2b/middleware/header.go:15 +0x3d5
net/http.HandlerFunc.ServeHTTP(0xc00082f980, 0x20f3960, 0xc0008d2380, 0xc0004e6500)
	/usr/local/go/src/net/http/server.go:2007 +0x44
github.com/ascarter/requestid.RequestIDHandler.func1(0x20f3960, 0xc0008d2380, 0xc0004e6400)
	/home/dipakacharya/go/pkg/mod/github.com/ascarter/requestid@v0.0.0-20170313220838-5b76ab3d4aee/requestid.go:36 +0x1f0
net/http.HandlerFunc.ServeHTTP(0xc00082f9a0, 0x20f3960, 0xc0008d2380, 0xc0004e6400)
	/usr/local/go/src/net/http/server.go:2007 +0x44
github.com/owncloud/ocis-pkg/v2/middleware.RealIP.func1(0x20f3960, 0xc0008d2380, 0xc0004e6400)
	/home/dipakacharya/go/pkg/mod/github.com/owncloud/ocis-pkg/v2@v2.4.1-0.20200828095914-d3b859484b2b/middleware/realip.go:16 +0x99
net/http.HandlerFunc.ServeHTTP(0xc00082f9c0, 0x20f3960, 0xc0008d2380, 0xc0004e6400)
	/usr/local/go/src/net/http/server.go:2007 +0x44
github.com/go-chi/chi.(*Mux).ServeHTTP(0xc0003efbc0, 0x20f3960, 0xc0008d2380, 0xc0004e6700)
	/home/dipakacharya/go/pkg/mod/github.com/go-chi/chi@v4.1.2+incompatible/mux.go:86 +0x2b2
net/http.(*ServeMux).ServeHTTP(0xc0004d3980, 0x20f3960, 0xc0008d2380, 0xc0004e6700)
	/usr/local/go/src/net/http/server.go:2387 +0x1bd
net/http.serverHandler.ServeHTTP(0xc0002201c0, 0x20f3960, 0xc0008d2380, 0xc0004e6700)
	/usr/local/go/src/net/http/server.go:2802 +0xa4
net/http.(*conn).serve(0xc0000ca000, 0x20fa2a0, 0xc0004fa5c0)
	/usr/local/go/src/net/http/server.go:1890 +0x875
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2927 +0x38e

@ownclouders
Copy link

Codacy Here is an overview of what got changed by this pull request:

Complexity increasing per file
==============================
- pkg/service/v0/permissions.go  3
- pkg/service/v0/accounts.go  1
         

Clones added
============
- pkg/service/v0/permissions.go  4
         

Clones removed
==============
+ pkg/service/v0/settings.go  -2

See the complete overview on Codacy

@sonarcloud
Copy link

sonarcloud bot commented Sep 1, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@kulmann
Copy link
Member Author

kulmann commented Sep 1, 2020

CI is green now. It was again an issue with drone running on an ocis version that doesn't have all the features needed for this PR.

@kulmann kulmann merged commit 848658e into master Sep 1, 2020
@delete-merged-branch delete-merged-branch bot deleted the manage-account-permissions branch September 1, 2020 07:31
@kulmann kulmann mentioned this pull request Sep 1, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dpakach dpakach dpakach left review comments

@butonic butonic butonic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kulmann @dpakach @ownclouders @butonic