From 7d0331f41e2d0fce1ebe27d79f45334ec4c7d051 Mon Sep 17 00:00:00 2001 From: bcmmbaga Date: Thu, 21 Nov 2024 21:03:16 +0300 Subject: [PATCH] Fix prevent users from creating PATs for other users Signed-off-by: bcmmbaga --- management/server/status/error.go | 2 +- management/server/user.go | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/management/server/status/error.go b/management/server/status/error.go index ce145a29a..045469306 100644 --- a/management/server/status/error.go +++ b/management/server/status/error.go @@ -93,7 +93,7 @@ func NewPeerNotPartOfAccountError() error { // NewUserNotFoundError creates a new Error with NotFound type for a missing user func NewUserNotFoundError(userKey string) error { - return Errorf(NotFound, "user not found: %s", userKey) + return Errorf(NotFound, "user: %s not found", userKey) } // NewPeerNotRegisteredError creates a new Error with NotFound type for a missing peer diff --git a/management/server/user.go b/management/server/user.go index 8bbf18e63..1639ec50f 100644 --- a/management/server/user.go +++ b/management/server/user.go @@ -539,15 +539,15 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string return nil, status.NewUserNotPartOfAccountError() } - if initiatorUserID != targetUserID && initiatorUser.IsRegularUser() { - return nil, status.NewAdminPermissionError() - } - - targetUser, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, initiatorUserID) + targetUser, err := am.Store.GetUserByUserID(ctx, LockingStrengthShare, targetUserID) if err != nil { return nil, err } + if initiatorUserID != targetUserID && !(initiatorUser.HasAdminPower() && targetUser.IsServiceUser) { + return nil, status.NewAdminPermissionError() + } + pat, err := CreateNewPAT(tokenName, expiresIn, targetUserID, initiatorUser.Id) if err != nil { return nil, status.Errorf(status.Internal, "failed to create PAT: %v", err)