[GitHub] [trafficcontrol] rawlinp commented on a change in pull request #5974: Every endpoint that modifies a CDN, or components related to a CDN, needs to be "lock safe"

Thu, 08 Jul 2021 10:07:01 -0700 


rawlinp commented on a change in pull request #5974:
URL: https://github.com/apache/trafficcontrol/pull/5974#discussion_r666374080



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -242,52 +289,59 @@ func CheckIfCurrentUserCanModifyCDNWithID(tx *sql.Tx, 
cdnID int64, user string)
        } else if !ok {
                return errors.New("CDN not found"), nil, http.StatusNotFound
        }
-       query := `SELECT username, soft FROM cdn_lock WHERE cdn=$1`
+       return CheckIfCurrentUserCanModifyCDN(tx, string(cdnName), user)
+}
+
+// CheckIfCurrentUserCanModifyCachegroup checks if the current user has the 
lock on the cdns that are associated with the provided cachegroup ID.
+// This will succeed if no other user has a hard lock on any of the CDNs that 
relate to the cachegroup in question.
+func CheckIfCurrentUserCanModifyCachegroup(tx *sql.Tx, cachegroupID int, user 
string) (error, error, int) {
+       query := `SELECT username, cdn, soft FROM cdn_lock WHERE cdn IN (SELECT 
name FROM cdn WHERE id IN (SELECT cdn_id FROM server WHERE cachegroup = ($1)))`
        var userName string
+       var cdn string
        var soft bool
-       rows, err := tx.Query(query, string(cdnName))
+       rows, err := tx.Query(query, cachegroupID)
        if err != nil {
                if errors.Is(err, sql.ErrNoRows) {
                        return nil, nil, http.StatusOK
                }
-               return nil, errors.New("querying cdn_lock for user " + user + " 
and cdn " + string(cdnName) + ": " + err.Error()), 
http.StatusInternalServerError
+               return nil, errors.New("querying cdn_lock for user " + user + " 
and cachegroup ID " + strconv.Itoa(cachegroupID) + ": " + err.Error()), 
http.StatusInternalServerError
        }
        defer rows.Close()
        for rows.Next() {
-               err = rows.Scan(&userName, &soft)
+               err = rows.Scan(&userName, &cdn, &soft)
                if err != nil {
-                       return nil, errors.New("scanning cdn_lock for user " + 
user + " and cdn " + string(cdnName) + ": " + err.Error()), 
http.StatusInternalServerError
+                       return nil, errors.New("scanning cdn_lock for user " + 
user + " and cachegroup ID " + strconv.Itoa(cachegroupID) + ": " + 
err.Error()), http.StatusInternalServerError
                }
        }
        if userName != "" && user != userName && !soft {

Review comment:
       Ok, this was marked resolved, but this check wasn't moved into the loop 
above




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to