sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 08:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enable deletion of integration resources (#1294)

Browse Source 
* Enforce admin service user role for integration group deletion

Added a check to prevent non-admin service users from deleting integration groups.

* Restrict deletion of integration user to admin service user only

* Refactor user and group deletion tests
This commit is contained in:
Bethuel Mmbaga
2023-11-07 17:02:51 +03:00
committed by GitHub
parent 8be6e92563
commit 9f7e13fc87
4 changed files with 26 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
management/server/user.go
View File

@@ -387,8 +387,9 @@ func (am *DefaultAccountManager) DeleteUser(accountID, initiatorUserID string, t
return status.Errorf(status.NotFound, "target user not found")
}
if targetUser.Issued == UserIssuedIntegration {
return status.Errorf(status.PermissionDenied, "only integration can delete this user")
// disable deleting integration user if the initiator is not admin service user
if targetUser.Issued == UserIssuedIntegration && !executingUser.IsServiceUser {
return status.Errorf(status.PermissionDenied, "only admin service user can delete this user")
}
// handle service user first and exit, no need to fetch extra data from IDP, etc