mirror of
https://github.com/netbirdio/netbird.git
synced 2026-07-16 11:39:57 +00:00
[misc] apply feedback
This commit is contained in:
@@ -513,11 +513,6 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
|
||||
return err
|
||||
}
|
||||
|
||||
// @note not necessary, below it explicitly checks for Owner role
|
||||
// if !user.HasAdminPower() {
|
||||
// return status.Errorf(status.PermissionDenied, "user is not allowed to delete account")
|
||||
// }
|
||||
|
||||
if user.Role != types.UserRoleOwner {
|
||||
return status.Errorf(status.PermissionDenied, "user is not allowed to delete account. Only account owner can delete account")
|
||||
}
|
||||
@@ -1067,9 +1062,8 @@ func (am *DefaultAccountManager) GetAccountIDFromUserAuth(ctx context.Context, u
|
||||
return accountID, user.Id, nil
|
||||
}
|
||||
|
||||
// @note, this can remain cause above we explicitly early return if auth id for a child account
|
||||
if user.AccountID != accountID {
|
||||
return "", "", status.Errorf(status.PermissionDenied, "user %s is not part of the account %s", userAuth.UserId, accountID)
|
||||
if err := am.permissionsManager.ValidateAccountAccess(ctx, accountID, user); err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
if !user.IsServiceUser && userAuth.Invited {
|
||||
|
||||
@@ -347,7 +347,6 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// @todo how to handle this case, PAT can only be created own user?
|
||||
if initiatorUserID != targetUserID && !(initiatorUser.HasAdminPower() && targetUser.IsServiceUser) {
|
||||
return nil, status.NewAdminPermissionError()
|
||||
}
|
||||
@@ -381,7 +380,6 @@ func (am *DefaultAccountManager) DeletePAT(ctx context.Context, accountID string
|
||||
return err
|
||||
}
|
||||
|
||||
// @todo how to handle this case, PAT can only be deleted by own user?
|
||||
if initiatorUserID != targetUserID && initiatorUser.IsRegularUser() {
|
||||
return status.NewAdminPermissionError()
|
||||
}
|
||||
@@ -417,7 +415,6 @@ func (am *DefaultAccountManager) GetPAT(ctx context.Context, accountID string, i
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// @todo how to handle this case, PAT can only be got by own user?
|
||||
if initiatorUserID != targetUserID && initiatorUser.IsRegularUser() {
|
||||
return nil, status.NewAdminPermissionError()
|
||||
}
|
||||
@@ -971,7 +968,9 @@ func (am *DefaultAccountManager) DeleteRegularUsers(ctx context.Context, account
|
||||
return err
|
||||
}
|
||||
|
||||
// @todo maybe add ValidateAccountPermission?
|
||||
if err := am.permissionsManager.ValidateAccountAccess(ctx, accountID, initiatorUser); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if !initiatorUser.HasAdminPower() {
|
||||
return status.NewAdminPermissionError()
|
||||
|
||||
Reference in New Issue
Block a user