sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 08:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable deletion of integration resources (#1294)

Browse Source 
* Enforce admin service user role for integration group deletion

Added a check to prevent non-admin service users from deleting integration groups.

* Restrict deletion of integration user to admin service user only

* Refactor user and group deletion tests
This commit is contained in:
Bethuel Mmbaga
2023-11-07 17:02:51 +03:00
committed by GitHub
parent 8be6e92563
commit 9f7e13fc87
4 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
management/server/group.go
View File

@@ -163,9 +163,15 @@ func (am *DefaultAccountManager) DeleteGroup(accountId, userId, groupID string)
return nil
}
// check integration link
// disable a deleting integration group if the initiator is not an admin service user
if g.Issued == GroupIssuedIntegration {
return &GroupLinkError{GroupIssuedIntegration, g.IntegrationReference.String()}
executingUser := account.Users[userId]
if executingUser == nil {
return status.Errorf(status.NotFound, "user not found")
}
if executingUser.Role != UserRoleAdmin || !executingUser.IsServiceUser {
return status.Errorf(status.PermissionDenied, "only admins service user can delete integration group")
}
}
// check route links