Skip to content
Snippets Groups Projects
Commit 7cae6582 authored by jensilo's avatar jensilo
Browse files

fix visibility bug with templates and template sets

parent 38fc9e09
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/app/eiffel/service.go
+ 10
0
View file @ 7cae6582
...@@ -55,6 +55,7 @@ func TemplateIntoBasicTemplate(t *template.Template, validator validation.V, rul ...@@ -55,6 +55,7 @@ func TemplateIntoBasicTemplate(t *template.Template, validator validation.V, rul
// TemplateFormData struct. If the template or variant could not be found, an error is returned. // TemplateFormData struct. If the template or variant could not be found, an error is returned.
// However, using the defaultFirstVariant flag, the first variant will be used if no variant was specified and no // However, using the defaultFirstVariant flag, the first variant will be used if no variant was specified and no
// error will be returned. TemplateFormFromRequest will also parse and validate the template. // error will be returned. TemplateFormFromRequest will also parse and validate the template.
// TemplateFormFromRequest will return an error if the user is not permitted to access the template.
// //
// Returned errors from TemplateFormFromRequest are safe to display to the user. // Returned errors from TemplateFormFromRequest are safe to display to the user.
func TemplateFormFromRequest( func TemplateFormFromRequest(
...@@ -76,6 +77,15 @@ func TemplateFormFromRequest( ...@@ -76,6 +77,15 @@ func TemplateFormFromRequest(
return TemplateFormData{}, ErrTemplateNotFound return TemplateFormData{}, ErrTemplateNotFound
} }
usr, err := user.CtxUser(ctx)
if err != nil {
return TemplateFormData{}, ErrTemplateNotFound
}
if tmpl.CreatedBy != usr.ID {
return TemplateFormData{}, ErrTemplateNotFound
}
bt, err := TemplateIntoBasicTemplate(tmpl, validator, ruleParsers) bt, err := TemplateIntoBasicTemplate(tmpl, validator, ruleParsers)
if err != nil { if err != nil {
return TemplateFormData{}, err return TemplateFormData{}, err
... ...
......
src/app/eiffel/web.go
+ 2
1
View file @ 7cae6582
...@@ -202,7 +202,8 @@ func searchTemplate(appCtx *hctx.AppCtx, webCtx *web.Ctx) http.Handler { ...@@ -202,7 +202,8 @@ func searchTemplate(appCtx *hctx.AppCtx, webCtx *web.Ctx) http.Handler {
) )
} }
templates, err := templateRepository.FindByQueryForType(io.Context(), query, BasicTemplateType) ctx := io.Context()
templates, err := templateRepository.FindByQueryForTypeAndUser(ctx, query, BasicTemplateType, user.MustCtxUser(ctx))
if err != nil && !errors.Is(err, persistence.ErrNotFound) { if err != nil && !errors.Is(err, persistence.ErrNotFound) {
return io.InlineError(web.ErrInternal, err) return io.InlineError(web.ErrInternal, err)
} }
... ...
......
src/app/template/template.go
+ 19
14
View file @ 7cae6582
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"errors" "errors"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/jackc/pgx/v5/pgxpool" "github.com/jackc/pgx/v5/pgxpool"
"github.com/org-harmony/harmony/src/app/user"
"github.com/org-harmony/harmony/src/core/persistence" "github.com/org-harmony/harmony/src/core/persistence"
"strings" "strings"
"time" "time"
...@@ -40,6 +41,8 @@ type Template struct { ...@@ -40,6 +41,8 @@ type Template struct {
CreatedBy uuid.UUID CreatedBy uuid.UUID
CreatedAt time.Time CreatedAt time.Time
UpdatedAt *time.Time UpdatedAt *time.Time
// TemplateSetElem is the template set that the template belongs to joined onto the template.
// Don't expect this to be filled unless the origin of the template object explicitly states that it is filled.
TemplateSetElem *Set TemplateSetElem *Set
} }
...@@ -110,11 +113,12 @@ type PGSetRepository struct { ...@@ -110,11 +113,12 @@ type PGSetRepository struct {
type Repository interface { type Repository interface {
persistence.Repository persistence.Repository
// FindByQueryForType finds all templates by a query for a specified template type. // FindByQueryForTypeAndUser finds all templates by a query for a specified template type and user.
// The query will be searched for in the template's name, version and in the template set's name. // The query will be searched for in the template's name, version and in the template set's name.
// It will join the template.Set onto template.Template and read it into Set.TemplateSetElem. // It will join the template.Set onto template.Template and read it into Set.TemplateSetElem.
// The search is limited to the user's templates as templates are private.
// It returns persistence.ErrNotFound if no templates could be found and persistence.ErrReadRow for any other error. // It returns persistence.ErrNotFound if no templates could be found and persistence.ErrReadRow for any other error.
FindByQueryForType(ctx context.Context, query string, templateType string) ([]*Template, error) FindByQueryForTypeAndUser(ctx context.Context, query, templateType string, usr *user.User) ([]*Template, error)
// FindByID finds a template by its id. // FindByID finds a template by its id.
// It returns persistence.ErrNotFound if the template could not be found and persistence.ErrReadRow for any other error. // It returns persistence.ErrNotFound if the template could not be found and persistence.ErrReadRow for any other error.
FindByID(ctx context.Context, id uuid.UUID) (*Template, error) FindByID(ctx context.Context, id uuid.UUID) (*Template, error)
...@@ -227,18 +231,19 @@ func (r *PGSetRepository) RepositoryName() string { ...@@ -227,18 +231,19 @@ func (r *PGSetRepository) RepositoryName() string {
return SetRepositoryName return SetRepositoryName
} }
// FindByQueryForType finds all templates by a query for a specified template type. // FindByQueryForTypeAndUser finds all templates by a query for a specified template type and user.
// It returns persistence.ErrNotFound if no templates could be found and persistence.ErrReadRow for any other error. // It returns persistence.ErrNotFound if no templates could be found and persistence.ErrReadRow for any other error.
func (r *PGRepository) FindByQueryForType(ctx context.Context, query string, templateType string) ([]*Template, error) { func (r *PGRepository) FindByQueryForTypeAndUser(ctx context.Context, query, templateType string, usr *user.User) ([]*Template, error) {
rows, err := r.db.Query( rows, err := r.db.Query(
ctx, ctx,
`SELECT `SELECT
templates.id, templates.template_set, templates.type, templates.name, templates.version, templates.config, templates.created_by, templates.created_at, templates.updated_at, templates.id, templates.template_set, templates.type, templates.name, templates.version, templates.config, templates.created_by, templates.created_at, templates.updated_at,
template_sets.name, template_sets.version, template_sets.description, template_sets.created_by, template_sets.created_at, template_sets.updated_at template_sets.name, template_sets.version, template_sets.description, template_sets.created_by, template_sets.created_at, template_sets.updated_at
FROM templates LEFT JOIN template_sets ON templates.template_set = template_sets.id FROM templates LEFT JOIN template_sets ON templates.template_set = template_sets.id
WHERE templates.name ILIKE $1 OR templates.version ILIKE $1 OR template_sets.name ILIKE $1 AND templates.type = $2`, WHERE (templates.name ILIKE $1 OR templates.version ILIKE $1 OR template_sets.name ILIKE $1) AND templates.type = $2 AND templates.created_by = $3`,
"%"+query+"%", "%"+query+"%",
templateType, templateType,
usr.ID,
) )
if err != nil { if err != nil {
return nil, persistence.PGReadErr(err) return nil, persistence.PGReadErr(err)
... ...
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment