Fix authorization rules to the Assistant and UserPreferences service#29481
Merged
Fix authorization rules to the Assistant and UserPreferences service#29481
Conversation
jakule
force-pushed
the
jakule/assist-rbac
branch
from
2a4b0f5 to
c8fdd9c
Compare
zmb3
reviewed
Jul 24, 2023
zmb3
reviewed
Jul 24, 2023
Joerger
reviewed
Jul 24, 2023
jakule
force-pushed
the
jakule/assist-rbac
branch
from
7e2587c to
547ef71
Compare
jentfoo
approved these changes
Jul 25, 2023
Joerger
reviewed
Jul 25, 2023
jakule
force-pushed
the
jakule/assist-rbac
branch
from
1ee274c to
a33a3e0
Compare
Joerger
reviewed
Jul 27, 2023
This commit introduces authorization rules into the Assistant service to restrict operations based on the authenticated user's role permissions. Now each method in the Assistant service checks if the authenticated user has necessary permissions to perform the requested operation. The permissions are checked via defined RBAC rules. A user requires specific permissions to perform various operations such as creating a conversation, updating a conversation, fetching a user's conversations, deleting a conversation, and adding a message to a conversation. Also, even if a user has necessary permissions, they cannot perform operations for a different user. Each user can only access their own data.
This commit refactors how GetUserPreferences and UpsertUserPreferences handle requests. The `username` field is removed from request parameters. Instead of having the client send the user's username in a request, the server now automatically uses the username of the authenticated user making the request. This change improves the security by preventing a user from attempting to fetch or manipulate another user's preferences. Removed tests were specifically testing the old, insecure behavior.
Refactored code in the 'auth_with_roles.go' file to use 'authz.HasBuiltinRole' instead of 'HasBuiltinRole'. This change is in line with recommended practices for deprecation and makes the code more standard and easier to manage. The original 'HasBuiltinRole' function is marked as deprecated and will be removed in future once 'teleport.e' is updated to use 'authz.HasBuiltinRole'.
This commit introduces two new methods in permissions.go to check if a user is a local user, and if a given action is performed by a local user. These permission checks are then used to replace existing checks in service.go, when performing actions like creating conversation, updating, listing, etc. This simplifies checks and provides a more consolidated and unified method for verifying user actions.
jakule
force-pushed
the
jakule/assist-rbac
branch
from
a33a3e0 to
ac9a4de
Compare
Joerger
approved these changes
Jul 31, 2023
Co-authored-by: Brian Joerger <bjoerger@goteleport.com>
jakule
force-pushed
the
jakule/assist-rbac
branch
from
d0afa59 to
d38636a
Compare
Contributor
Author
|
Ping @r0mant @zmb3 @ryanclark |
public-teleport-github-review-bot
Bot
removed the request for review
from ryanclark
jentfoo
pushed a commit
that referenced
this pull request
Oct 31, 2023
…29481) * "Add authorization rules to the Assistant and UserPreferences service" This commit introduces authorization rules into the Assistant service to restrict operations based on the authenticated user's role permissions. Now each method in the Assistant service checks if the authenticated user has necessary permissions to perform the requested operation. The permissions are checked via defined RBAC rules. A user requires specific permissions to perform various operations such as creating a conversation, updating a conversation, fetching a user's conversations, deleting a conversation, and adding a message to a conversation. Also, even if a user has necessary permissions, they cannot perform operations for a different user. Each user can only access their own data. * Add missing logger * "Refactor user preferences request handling" This commit refactors how GetUserPreferences and UpsertUserPreferences handle requests. The `username` field is removed from request parameters. Instead of having the client send the user's username in a request, the server now automatically uses the username of the authenticated user making the request. This change improves the security by preventing a user from attempting to fetch or manipulate another user's preferences. Removed tests were specifically testing the old, insecure behavior. * Refactor to use authz.HasBuiltinRole Refactored code in the 'auth_with_roles.go' file to use 'authz.HasBuiltinRole' instead of 'HasBuiltinRole'. This change is in line with recommended practices for deprecation and makes the code more standard and easier to manage. The original 'HasBuiltinRole' function is marked as deprecated and will be removed in future once 'teleport.e' is updated to use 'authz.HasBuiltinRole'. * Reserve removed username again? * Fix UT * Add local user permissions checks in authz This commit introduces two new methods in permissions.go to check if a user is a local user, and if a given action is performed by a local user. These permission checks are then used to replace existing checks in service.go, when performing actions like creating conversation, updating, listing, etc. This simplifies checks and provides a more consolidated and unified method for verifying user actions. * Fix tests * Tweak RBAC * Address review comments * Separate client and server interfaces for user preference services. * Apply core review suggestions * Apply suggestions from code review Co-authored-by: Brian Joerger <bjoerger@goteleport.com> --------- Co-authored-by: joerger <bjoerger@goteleport.com>
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Nov 6, 2023
…rvice (#34090) * Fix authorization rules to the Assistant and UserPreferences service (#29481) * "Add authorization rules to the Assistant and UserPreferences service" This commit introduces authorization rules into the Assistant service to restrict operations based on the authenticated user's role permissions. Now each method in the Assistant service checks if the authenticated user has necessary permissions to perform the requested operation. The permissions are checked via defined RBAC rules. A user requires specific permissions to perform various operations such as creating a conversation, updating a conversation, fetching a user's conversations, deleting a conversation, and adding a message to a conversation. Also, even if a user has necessary permissions, they cannot perform operations for a different user. Each user can only access their own data. * Add missing logger * "Refactor user preferences request handling" This commit refactors how GetUserPreferences and UpsertUserPreferences handle requests. The `username` field is removed from request parameters. Instead of having the client send the user's username in a request, the server now automatically uses the username of the authenticated user making the request. This change improves the security by preventing a user from attempting to fetch or manipulate another user's preferences. Removed tests were specifically testing the old, insecure behavior. * Refactor to use authz.HasBuiltinRole Refactored code in the 'auth_with_roles.go' file to use 'authz.HasBuiltinRole' instead of 'HasBuiltinRole'. This change is in line with recommended practices for deprecation and makes the code more standard and easier to manage. The original 'HasBuiltinRole' function is marked as deprecated and will be removed in future once 'teleport.e' is updated to use 'authz.HasBuiltinRole'. * Reserve removed username again? * Fix UT * Add local user permissions checks in authz This commit introduces two new methods in permissions.go to check if a user is a local user, and if a given action is performed by a local user. These permission checks are then used to replace existing checks in service.go, when performing actions like creating conversation, updating, listing, etc. This simplifies checks and provides a more consolidated and unified method for verifying user actions. * Fix tests * Tweak RBAC * Address review comments * Separate client and server interfaces for user preference services. * Apply core review suggestions * Apply suggestions from code review Co-authored-by: Brian Joerger <bjoerger@goteleport.com> --------- Co-authored-by: joerger <bjoerger@goteleport.com> * Fix errors after cherry-pick * Fix UT --------- Co-authored-by: Jakub Nyckowski <jakub.nyckowski@goteleport.com> Co-authored-by: joerger <bjoerger@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes https://github.com/gravitational/teleport-private/issues/797