This is an automated email from the ASF dual-hosted git repository.
srijeet0406 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new c0ebe87ad9 Fixed job route permission (#7891)
c0ebe87ad9 is described below
commit c0ebe87ad90c2ba2a215f4c47d9b1080c2a59e5e
Author: Rima Shah <[email protected]>
AuthorDate: Wed Dec 20 16:30:30 2023 -0700
Fixed job route permission (#7891)
* Created clause to distinguish api versions < 5 when handling 403 in
middleware wrappers
* Removed required permission `DELIVERY-SERVICE:READ` from the job routes
in v4 and v5.
---------
Co-authored-by: Michie, Kurtis <[email protected]>
---
CHANGELOG.md | 3 ++-
.../traffic_ops_golang/routing/middleware/wrappers.go | 8 +++++---
traffic_ops/traffic_ops_golang/routing/routes.go | 12 ++++++------
3 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43a60753c5..a4cb04d569 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,7 +15,6 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
### Fixed
- [#7846](https://github.com/apache/trafficcontrol/pull/7846) *Traffic Portal*
Increase State character limit
-- [#7887](https://github.com/apache/trafficcontrol/pull/7887) *Traffic Ops*
Limit Delivery Services returned for GET /servers/{id}/deliveryservices to ones
in the same CDN
## [8.0.0] - 2023-09-20
### Added
@@ -99,7 +98,9 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
- [#7814](https://github.com/apache/trafficcontrol/issues/7814) All Go
components: Updated the module path to
[`github.com/apache/trafficcontrol/v8`](https://pkg.go.dev/github.com/apache/trafficcontrol/v8).
Module https://pkg.go.dev/github.com/apache/trafficcontrol will not receive
further updates.
### Fixed
+- [#7891](https://github.com/apache/trafficcontrol/pull/7891) *Traffic Ops*:
Created clause to distinguish api versions < 5 when handling 403 in middleware
wrappers and updated job routes for v4 and v5
- [#7890](https://github.com/apache/trafficcontrol/pull/7890) *Traffic Ops*:
Fixed missing changelog entries to v5 routes.
+- [#7887](https://github.com/apache/trafficcontrol/pull/7887) *Traffic Ops*:
Limit Delivery Services returned for GET /servers/{id}/deliveryservices to ones
in the same CDN
- [#7885](https://github.com/apache/trafficcontrol/pull/7885) *Traffic
Portal*: Fixed the issue where Compare Profiles page was not being displayed.
- [#7879](https://github.com/apache/trafficcontrol/7879) *Traffic Ops, Traffic
Portal*: Fixed broken capability links for delivery service and added required
capability as a column in DS table.
- [#7878](https://github.com/apache/trafficcontrol/pull/7878) *Traffic Ops,
Traffic Portal*: Fixed the case where TO was failing to assign delivery
services to a server, due to a bug in the way the list of preexisting delivery
services was being returned.
diff --git a/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
b/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
index 4785916036..6f1fc71c1c 100644
--- a/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
+++ b/traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go
@@ -120,9 +120,11 @@ func (a AuthBase) GetWrapper(privLevelRequired int)
Middleware {
return
}
} else {
- if !cfg.RoleBasedPermissions && user.PrivLevel
< privLevelRequired {
- api.HandleErr(w, r, nil,
http.StatusForbidden, errors.New("Forbidden."), nil)
- return
+ if v.Major < 5 {
+ if !cfg.RoleBasedPermissions &&
user.PrivLevel < privLevelRequired {
+ api.HandleErr(w, r, nil,
http.StatusForbidden, errors.New("Forbidden."), nil)
+ return
+ }
}
}
api.AddUserToReq(r, user)
diff --git a/traffic_ops/traffic_ops_golang/routing/routes.go
b/traffic_ops/traffic_ops_golang/routing/routes.go
index 6dfbbfd2c8..548c16b548 100644
--- a/traffic_ops/traffic_ops_golang/routing/routes.go
+++ b/traffic_ops/traffic_ops_golang/routing/routes.go
@@ -224,9 +224,9 @@ func Routes(d ServerData) ([]Route, http.Handler, error) {
//Content invalidation jobs
{Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodGet, Path: `jobs/?$`, Handler:
api.ReadHandler(&invalidationjobs.InvalidationJobV4{}), RequiredPrivLevel:
auth.PrivLevelReadOnly, RequiredPermissions: []string{"JOB:READ",
"DELIVERY-SERVICE:READ"}, Authenticated: Authenticated, Middlewares: nil, ID:
496678204131},
- {Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodDelete, Path: `jobs/?$`, Handler: invalidationjobs.DeleteV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:DELETE", "JOB:READ", "DELIVERY-SERVICE:UPDATE",
"DELIVERY-SERVICE:READ"}, Authenticated: Authenticated, Middlewares: nil, ID:
41678077631},
- {Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodPut, Path: `jobs/?$`, Handler: invalidationjobs.UpdateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:UPDATE", "DELIVERY-SERVICE:UPDATE", "JOB:READ",
"DELIVERY-SERVICE:READ"}, Authenticated: Authenticated, Middlewares: nil, ID:
48613422631},
- {Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodPost, Path: `jobs/?`, Handler: invalidationjobs.CreateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:CREATE", "JOB:READ", "DELIVERY-SERVICE:READ",
"DELIVERY-SERVICE:UPDATE"}, Authenticated: Authenticated, Middlewares: nil, ID:
4045095531},
+ {Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodDelete, Path: `jobs/?$`, Handler: invalidationjobs.DeleteV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:DELETE", "JOB:READ", "DELIVERY-SERVICE:READ"}, Authenticated:
Authenticated, Middlewares: nil, ID: 41678077631},
+ {Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodPut, Path: `jobs/?$`, Handler: invalidationjobs.UpdateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:UPDATE", "JOB:READ", "DELIVERY-SERVICE:READ"}, Authenticated:
Authenticated, Middlewares: nil, ID: 48613422631},
+ {Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodPost, Path: `jobs/?`, Handler: invalidationjobs.CreateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:CREATE", "JOB:READ", "DELIVERY-SERVICE:READ"}, Authenticated:
Authenticated, Middlewares: nil, ID: 4045095531},
//Login
{Version: api.Version{Major: 5, Minor: 0}, Method:
http.MethodPost, Path: `user/login/?$`, Handler: login.LoginHandler(d.DB,
d.Config), RequiredPrivLevel: auth.PrivLevelUnauthenticated,
RequiredPermissions: nil, Authenticated: NoAuth, Middlewares: nil, ID:
439267082131},
@@ -629,9 +629,9 @@ func Routes(d ServerData) ([]Route, http.Handler, error) {
//Content invalidation jobs
{Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodGet, Path: `jobs/?$`, Handler:
api.ReadHandler(&invalidationjobs.InvalidationJobV4{}), RequiredPrivLevel:
auth.PrivLevelReadOnly, RequiredPermissions: []string{"JOB:READ",
"DELIVERY-SERVICE:READ"}, Authenticated: Authenticated, Middlewares: nil, ID:
49667820413},
- {Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodDelete, Path: `jobs/?$`, Handler: invalidationjobs.DeleteV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:DELETE", "JOB:READ", "DELIVERY-SERVICE:UPDATE",
"DELIVERY-SERVICE:READ"}, Authenticated: Authenticated, Middlewares: nil, ID:
4167807763},
- {Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodPut, Path: `jobs/?$`, Handler: invalidationjobs.UpdateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:UPDATE", "DELIVERY-SERVICE:UPDATE", "JOB:READ",
"DELIVERY-SERVICE:READ"}, Authenticated: Authenticated, Middlewares: nil, ID:
4861342263},
- {Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodPost, Path: `jobs/?`, Handler: invalidationjobs.CreateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:CREATE", "JOB:READ", "DELIVERY-SERVICE:READ",
"DELIVERY-SERVICE:UPDATE"}, Authenticated: Authenticated, Middlewares: nil, ID:
404509553},
+ {Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodDelete, Path: `jobs/?$`, Handler: invalidationjobs.DeleteV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:DELETE", "JOB:READ", "DELIVERY-SERVICE:READ"}, Authenticated:
Authenticated, Middlewares: nil, ID: 4167807763},
+ {Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodPut, Path: `jobs/?$`, Handler: invalidationjobs.UpdateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:UPDATE", "JOB:READ", "DELIVERY-SERVICE:READ"}, Authenticated:
Authenticated, Middlewares: nil, ID: 4861342263},
+ {Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodPost, Path: `jobs/?`, Handler: invalidationjobs.CreateV40,
RequiredPrivLevel: auth.PrivLevelPortal, RequiredPermissions:
[]string{"JOB:CREATE", "JOB:READ", "DELIVERY-SERVICE:READ"}, Authenticated:
Authenticated, Middlewares: nil, ID: 404509553},
//Login
{Version: api.Version{Major: 4, Minor: 0}, Method:
http.MethodPost, Path: `user/login/?$`, Handler: login.LoginHandler(d.DB,
d.Config), RequiredPrivLevel: auth.PrivLevelUnauthenticated,
RequiredPermissions: nil, Authenticated: NoAuth, Middlewares: nil, ID:
43926708213},
