This is an automated email from the ASF dual-hosted git repository. rob pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-trafficcontrol.git
commit 3967c650e27b86e426bfd95463a7c471624f4da2 Author: Dylan Volz <dylan_v...@comcast.com> AuthorDate: Thu May 31 21:13:51 2018 -0600 refactor AddTenancyCheck into dbhelpers where it belongs --- .../traffic_ops_golang/dbhelpers/db_helpers.go | 12 +++++++++ .../deliveryservice/deliveryservicesv13.go | 25 ++--------------- traffic_ops/traffic_ops_golang/tenant/tenancy.go | 31 ++++++++++++++++++++++ 3 files changed, 45 insertions(+), 23 deletions(-) diff --git a/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go b/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go index c396d74..8fed9e9 100644 --- a/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go +++ b/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go @@ -144,3 +144,15 @@ func FinishTxX(tx *sqlx.Tx, commit *bool) { } tx.Commit() } + +func AddTenancyCheck(where string, queryValues map[string]interface{},tenantColumnName string, tenantIDs []int) (string, map[string]interface{}) { + if where == "" { + where = BaseWhere + " " + tenantColumnName + " = ANY((:accessibleTenants)::::bigint[])" + } else { + where += " AND "+ tenantColumnName + " = ANY((:accessibleTenants)::::bigint[])" + } + + queryValues["accessibleTenants"] = pq.Array(tenantIDs) + + return where, queryValues +} \ No newline at end of file diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/deliveryservicesv13.go b/traffic_ops/traffic_ops_golang/deliveryservice/deliveryservicesv13.go index 8b1b8b7..3d74e69 100644 --- a/traffic_ops/traffic_ops_golang/deliveryservice/deliveryservicesv13.go +++ b/traffic_ops/traffic_ops_golang/deliveryservice/deliveryservicesv13.go @@ -615,27 +615,6 @@ func filterAuthorized(dses []tc.DeliveryServiceNullableV13, user auth.CurrentUse return newDSes, nil } -func addTenancyCheck(where string, queryValues map[string]interface{}, user auth.CurrentUser, db *sqlx.DB) (string, map[string]interface{}, error) { - if where == "" { - where = dbhelpers.BaseWhere + " ds.tenant_id = ANY((:accessibleTenants)::::bigint[])" - } else { - where += " AND ds.tenant_id = ANY((:accessibleTenants)::::bigint[])" - } - - tenants, err := tenant.GetUserTenantList(user, db) - if err != nil { - return "", queryValues, err - } - - tenantIDs := make([]int, len(tenants)) - for i, tenant := range tenants { - tenantIDs[i] = tenant.ID - } - queryValues["accessibleTenants"] = pq.Array(tenantIDs) - - return where, queryValues, nil -} - func readGetDeliveryServices(params map[string]string, db *sqlx.DB, user auth.CurrentUser) ([]tc.DeliveryServiceNullableV13, []error, tc.ApiErrorType) { if strings.HasSuffix(params["id"], ".json") { params["id"] = params["id"][:len(params["id"])-len(".json")] @@ -654,12 +633,12 @@ func readGetDeliveryServices(params map[string]string, db *sqlx.DB, user auth.Cu if tenant.IsTenancyEnabled(db) { log.Debugln("Tenancy is enabled") - var err error - where, queryValues, err = addTenancyCheck(where, queryValues, user, db) + tenantIDs, err := tenant.GetUserTenantIDList(user, db) if err != nil { log.Errorln("received error querying for user's tenants: " + err.Error()) return nil, []error{tc.DBError}, tc.SystemError } + where, queryValues = dbhelpers.AddTenancyCheck(where, queryValues, "ds.tenant_id", tenantIDs) } query := selectQuery() + where + orderBy diff --git a/traffic_ops/traffic_ops_golang/tenant/tenancy.go b/traffic_ops/traffic_ops_golang/tenant/tenancy.go index b802483..b3298cd 100644 --- a/traffic_ops/traffic_ops_golang/tenant/tenancy.go +++ b/traffic_ops/traffic_ops_golang/tenant/tenancy.go @@ -122,6 +122,37 @@ func GetUserTenantList(user auth.CurrentUser, db *sqlx.DB) ([]Tenant, error) { return tenants, nil } +// returns a TenantID list that the specified user has access too. +// NOTE: This method does not use the use_tenancy parameter and if this method is being used +// to control tenancy the parameter must be checked. The method IsResourceAuthorizedToUser checks the use_tenancy parameter +// and should be used for this purpose in most cases. +func GetUserTenantIDList(user auth.CurrentUser, db *sqlx.DB) ([]int, error) { + query := `WITH RECURSIVE q AS (SELECT id, name, active, parent_id FROM tenant WHERE id = $1 + UNION SELECT t.id, t.name, t.active, t.parent_id FROM tenant t JOIN q ON q.id = t.parent_id) + SELECT id FROM q;` + + log.Debugln("\nQuery: ", query) + + var tenantID int + + rows, err := db.Query(query, user.TenantID) + if err != nil { + return nil, err + } + defer rows.Close() + + tenants := []int{} + + for rows.Next() { + if err := rows.Scan(&tenantID); err != nil { + return nil, err + } + tenants = append(tenants, tenantID) + } + + return tenants, nil +} + // IsTenancyEnabled returns true if tenancy is enabled or false otherwise func IsTenancyEnabled(db *sqlx.DB) bool { query := `SELECT COALESCE(value::boolean,FALSE) AS value FROM parameter WHERE name = 'use_tenancy' AND config_file = 'global' UNION ALL SELECT FALSE FETCH FIRST 1 ROW ONLY` -- To stop receiving notification emails like this one, please contact r...@apache.org.