Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix roles in controllers where it was set on the whole class #139

Merged
merged 1 commit into from
Jan 27, 2022

Conversation

AramAlsabti
Copy link
Contributor

Before, any role requirement set in a controller at class-level didn't have any effect. This PR fixed this.
This PR is about setting the roles properly for the affected controllers. Looking through the controllers, I only found the chirpstack gateway endpoint to be affected. If a user with only read permissions tried to access the page before, they would get 401. The changes here address this.

The current implementation of roles has the role guard set on each endpoint take priority. I.e. if the gateway controller has @Write on a class-level but @Read on a POST-endpoint (say, create()), then only @Read is evaluated.

Copy link
Contributor

@augusthjerrild augusthjerrild left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good :-)

@AramAlsabti AramAlsabti merged commit fa3b1e3 into stage Jan 27, 2022
@AramAlsabti AramAlsabti deleted the feature/1220_fix-too-high-roles branch January 27, 2022 13:13
GufCab added a commit that referenced this pull request Feb 22, 2022
* Feature/IOT_16_MulticastBackend (#132)

* Made CRUD operationer for multicast. Tested with frontend.

* Made CRUD for multicast in backend plus connection to chirpStack.

* Changed chirpstack applicationID since there will always only be one.

* Split multicast in two entities so it's easier to expand later. Made a new entity called lorawanMulticastDefinition which will contain the informations about a lorawan multicast

* made functionality so devices now will be added to chirpstack if they are a lorawan device. Also made the update functionality, so a device will be removed if it's not a part of the new multicast

* Send message. Possible to get current message queue and to overwrite it

* Made validation for service profile. Devices should only be added to multicast if they alle have same service profile.

* PR changes

* PR changes - fixed pagination for multicast

* PR Changes

* PR Changes

* Pr changes

Co-authored-by: August Andersen <[email protected]>

* Db migrations (#133)

* Made migrations. Now it's nessesary to add migrations when changes are made in db.

The command - npm run typeorm migration:generate -- -n <migrationName> - will generate a migration file if changes are made compared to the db.

When you launch the app, a migration:run command will be called. This will apply the newly migration.

If you want to revert a migration, npm run typeorm migration:revert can be called. It will revert the latest migration.

If you are in doubt which migrations has been called or not, you can write npm run typeorm migration:show. This will show you the pending/fulfilled migrations.

* Since migrations are made in prestart, no need to check on dist.

* PR Changes

* PR changes

Co-authored-by: August Andersen <[email protected]>

* Migrations changes in ormconfig file to make migrations possible in test environment

* Initial migration (#134)

* Initial migration

* Fix proper linting ignore of migrations

* Changed ormconfig.ts to .js so dist folder is created correctly.

Minor changes in package.json.
Removed multicast from initialmigration and made a seperate migration with multicast.

Co-authored-by: augusthjerrild <[email protected]>

* Feature/1220 api key (#136)

* Init api key auth with hardcoded keys

* Added TODOs. Throw 401 if api key is invalid

* Fix roles metadata not set on class controller

* Fetch api keys and sort. Prepare for create and update

* Api key fetch and create done

* Cleanup api key flow. Remove update flow for now

* Validate api key access

* Works - typeerror when building

* Fixed circular dependency error

* Added API guard to relevant controllers

* Fix indentation. Delete unused auth api key request

Co-authored-by: Aram Al-Sabti <[email protected]>
Co-authored-by: nlg <[email protected]>

* Fix roles in controllers where it was set on the whole class (#139)

* Edit API keys (#138)

* Add option for editing API key

* Fix API keys with admin not having write access

* Edit API key PR

* Clean up API key

* CVE-2019-18413. Patch for potential SQL injections (#137)

* CVE-2019-18413. Patch for potential SQL injections

* Fix request 400 on get applications by permission

* Spell organization with British English ("z")

* Simplified migration names

* Optimize chirpstack calls when fetching devices (#143)

* FIWARE datatarget (#141)

* Fiware DataTarget Support

* Migration for Fiware Datatarget

* Fixing incorrect log message

* PR Fixes

* Optimize bulk import and the load on chirpstack (#140)

* Adjust eslint

* Modify bulk import create to take batches. Update missing

* Remove restriction on devices belonging to the same application

* Optimize chirpstack calls. Init updatemany endpoint.

* Implement updateMany and cleanup

* Fix device model not set. Cleanup code. Add comments

* Refactor iot device helpers

* Make device model error code more specific

* Added comment every time invalid devices are filtered

* Fixed issue when creating new IoT device with no device model

* Fixed Fiware datatarget headers declarations and corresponding unit tests (#144)

Co-authored-by: August Andersen <[email protected]>
Co-authored-by: Aram Al-Sabti <[email protected]>
Co-authored-by: nlg <[email protected]>
Co-authored-by: Bartek <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants