dangogh commented on a change in pull request #3163: Fix Traffic Ops Tenancy
and Activity Bugs, Fix TO API Test Framework to work with Tenancy
URL: https://github.com/apache/trafficcontrol/pull/3163#discussion_r244387559
##########
File path: traffic_ops/traffic_ops_golang/tenant/tenancy.go
##########
@@ -171,13 +188,46 @@ func IsTenancyEnabledTx(tx *sql.Tx) (bool, error) {
}
// IsResourceAuthorizedToUserTx returns a boolean value describing if the user
has access to the provided resource tenant id and an error
-// if use_tenancy is set to false (0 in the db) this method will return true
allowing access.
+// If use_tenancy is set to false (0 in the db) this method will return true
allowing access.
+// If the user tenant is inactive (or any of its parent tenants are inactive),
false will be returned.
func IsResourceAuthorizedToUserTx(resourceTenantID int, user
*auth.CurrentUser, tx *sql.Tx) (bool, error) {
- // $1 is the user tenant ID and $2 is the resource tenant ID
- query := `WITH RECURSIVE q AS (SELECT id, active FROM tenant WHERE id =
$1
- UNION SELECT t.id, t.active FROM TENANT t JOIN q ON q.id = t.parent_id),
- tenancy AS (SELECT COALESCE(value::boolean,FALSE) AS value FROM
parameter WHERE name = 'use_tenancy' AND config_file = 'global' UNION ALL
SELECT FALSE FETCH FIRST 1 ROW ONLY)
- SELECT id, active, tenancy.value AS use_tenancy FROM tenancy, q WHERE
id = $2 UNION ALL SELECT -1, false, tenancy.value AS use_tenancy FROM tenancy
FETCH FIRST 1 ROW ONLY;`
+ query := `
+WITH RECURSIVE
+user_tenant_id as (select $1::bigint as v),
+resource_tenant_id as (select $2::bigint as v),
+user_tenant_parents AS (
+ SELECT active, parent_id FROM tenant WHERE id = (select v from
user_tenant_id)
+ UNION
+ SELECT t.active, t.parent_id FROM TENANT t JOIN user_tenant_parents ON
user_tenant_parents.parent_id = t.id
+),
+q AS (
+ SELECT id, active FROM tenant WHERE id = (select v from user_tenant_id)
+ UNION
+ SELECT t.id, t.active FROM TENANT t JOIN q ON q.id = t.parent_id
+),
+tenancy AS (
+ SELECT
+ COALESCE(value::boolean,FALSE) AS value
+ FROM
+ parameter
+ WHERE
+ name = 'use_tenancy'
+ AND config_file = 'global'
+ UNION ALL SELECT FALSE
+ FETCH FIRST 1 ROW ONLY
+)
+SELECT
+ id,
+ (select bool_and(active) from user_tenant_parents) as active,
+ tenancy.value AS use_tenancy
+FROM
+ tenancy,
+ q
+WHERE
+ id = (select v from resource_tenant_id)
+UNION ALL SELECT -1, false, tenancy.value AS use_tenancy FROM tenancy
+FETCH FIRST 1 ROW ONLY;
+`
Review comment:
We've already decided to eliminate the `use_tenancy` param and have it now
always set to 1. Can we get rid of that portion?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
