Commit 9d94fcff authored by Varunkumar Manohar's avatar Varunkumar Manohar
Browse files

Fix user removal logic

parent 5508367a
Pipeline #32991 failed with stages
in 1 minute and 29 seconds
......@@ -200,20 +200,29 @@ export class UserHandler {
// check authorizations
if (sdPath.subproject) {
// remove user from the subproject groups
// could this be done in parallel, via Promise?
await this.doNotThrowIfNotMember(
AuthGroups.removeUserFromGroup(req.headers.authorization, SubprojectGroups.serviceAdminGroup(
tenant.name, sdPath.subproject, tenant.esd), userEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY]));
await this.doNotThrowIfNotMember(
AuthGroups.removeUserFromGroup(req.headers.authorization, SubprojectGroups.serviceEditorGroup(
tenant.name, sdPath.subproject, tenant.esd), userEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY]));
await this.doNotThrowIfNotMember(
AuthGroups.removeUserFromGroup(req.headers.authorization, SubprojectGroups.serviceViewerGroup(
tenant.name, sdPath.subproject, tenant.esd), userEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY]));
const journalClient = JournalFactoryTenantClient.get(tenant);
const spkey = journalClient.createKey({
namespace: Config.SEISMIC_STORE_NS + '-' + tenant.name,
path: [Config.SUBPROJECTS_KIND, sdPath.subproject],
});
const subproject = await SubProjectDAO.get(journalClient, tenant.name, sdPath.subproject, spkey);
const adminGroups = subproject.acls.admins
const viewerGroups = subproject.acls.viewers
for (const group of adminGroups) {
await this.doNotThrowIfNotMember(
AuthGroups.removeUserFromGroup(req.headers.authorization, group, userEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY]));
}
for (const group of viewerGroups) {
await this.doNotThrowIfNotMember(
AuthGroups.removeUserFromGroup(req.headers.authorization, group, userEmail,
tenant.esd, req[Config.DE_FORWARD_APPKEY]));
}
} else {
throw (Error.make(Error.Status.BAD_REQUEST,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment