satellite/console: only allow project member to get all bucket names

Change-Id: I8ceb0b7eb19e221072b4ff3411a4ec1a7817d16f
This commit is contained in:
Yingrong Zhao 2020-11-30 11:51:47 -05:00
parent 65919f9f7d
commit d8ba7b3057
3 changed files with 29 additions and 28 deletions

View File

@ -32,8 +32,18 @@ func Test_AllBucketNames(t *testing.T) {
},
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
sat := planet.Satellites[0]
project := planet.Uplinks[0].Projects[0]
service := sat.API.Console.Service
newUser := console.CreateUser{
FullName: "Jack-bucket",
ShortName: "",
Email: "bucketest@test.test",
}
user, err := sat.AddUser(ctx, newUser, 1)
require.NoError(t, err)
project, err := sat.AddProject(ctx, user.ID, "buckettest")
require.NoError(t, err)
bucket1 := storj.Bucket{
ID: testrand.UUID(),
@ -47,33 +57,14 @@ func Test_AllBucketNames(t *testing.T) {
ProjectID: project.ID,
}
_, err := sat.DB.Buckets().CreateBucket(ctx, bucket1)
_, err = sat.DB.Buckets().CreateBucket(ctx, bucket1)
require.NoError(t, err)
_, err = sat.DB.Buckets().CreateBucket(ctx, bucket2)
require.NoError(t, err)
user := console.CreateUser{
FullName: "Jack",
ShortName: "",
Email: "bucketest@test.test",
Password: "123a123",
}
refUserID := ""
regToken, err := service.CreateRegToken(ctx, 1)
require.NoError(t, err)
createdUser, err := service.CreateUser(ctx, user, regToken.Secret, refUserID)
require.NoError(t, err)
activationToken, err := service.GenerateActivationToken(ctx, createdUser.ID, createdUser.Email)
require.NoError(t, err)
err = service.ActivateAccount(ctx, activationToken)
require.NoError(t, err)
token, err := service.Token(ctx, user.Email, user.Password)
// we are using full name as a password
token, err := sat.API.Console.Service.Token(ctx, user.Email, user.FullName)
require.NoError(t, err)
client := http.Client{}

View File

@ -1460,7 +1460,12 @@ func (s *Service) GetBucketTotals(ctx context.Context, projectID uuid.UUID, curs
func (s *Service) GetAllBucketNames(ctx context.Context, projectID uuid.UUID) (_ []string, err error) {
defer mon.Task()(&ctx)(&err)
_, err = s.getAuthAndAuditLog(ctx, "get all bucket names", zap.String("projectID", projectID.String()))
auth, err := s.getAuthAndAuditLog(ctx, "get all bucket names", zap.String("projectID", projectID.String()))
if err != nil {
return nil, Error.Wrap(err)
}
_, err = s.isProjectMember(ctx, auth.User.ID, projectID)
if err != nil {
return nil, Error.Wrap(err)
}

View File

@ -160,16 +160,21 @@ func TestService(t *testing.T) {
ProjectID: up2Pro1.ID,
}
_, err := sat.DB.Buckets().CreateBucket(authCtx1, bucket1)
_, err := sat.DB.Buckets().CreateBucket(authCtx2, bucket1)
require.NoError(t, err)
_, err = sat.DB.Buckets().CreateBucket(authCtx1, bucket2)
_, err = sat.DB.Buckets().CreateBucket(authCtx2, bucket2)
require.NoError(t, err)
bucketNames, err := service.GetAllBucketNames(authCtx1, up2Pro1.ID)
bucketNames, err := service.GetAllBucketNames(authCtx2, up2Pro1.ID)
require.NoError(t, err)
require.Equal(t, bucket1.Name, bucketNames[0])
require.Equal(t, bucket2.Name, bucketNames[1])
// Getting someone else buckets should not work
bucketsForUnauthorizedUser, err := service.GetAllBucketNames(authCtx1, up2Pro1.ID)
require.Error(t, err)
require.Nil(t, bucketsForUnauthorizedUser)
})
})
}