feat(engine): admin can delete public integration (#6630)

Signed-off-by: Yvonnick Esnault <[email protected]>
ovh · Oct 10, 2023 · 12af8fc · 12af8fc
1 parent f1a8c41
commit 12af8fc
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/engine/api/project_integration.go b/engine/api/project_integration.go
@@ -158,8 +158,9 @@ func (api *API) deleteProjectIntegrationHandler() service.Handler {
 		var deletedIntegration sdk.ProjectIntegration
 		for _, plat := range p.Integrations {
 			if plat.Name == integrationName {
-				//If the integration model is public, it's forbidden to delete the integration
-				if plat.Model.Public {
+				//If the integration model is public
+				// it's forbidden to delete the integration if not admin
+				if plat.Model.Public && !isAdmin(ctx) {
 					return sdk.WithStack(sdk.ErrForbidden)
 				}
 

diff --git a/engine/api/project_integration_test.go b/engine/api/project_integration_test.go
@@ -18,6 +18,7 @@ func TestAddUpdateAndDeleteProjectIntegration(t *testing.T) {
 
 	proj := assets.InsertTestProject(t, db, api.Cache, sdk.RandomString(10), sdk.RandomString(10))
 	u, pass := assets.InsertAdminUser(t, db)
+	u2, pass2 := assets.InsertLambdaUser(t, db)
 
 	integrationModel, err := integration.LoadModelByName(context.TODO(), db, sdk.KafkaIntegration.Name)
 	if err != nil {
@@ -70,6 +71,17 @@ func TestAddUpdateAndDeleteProjectIntegration(t *testing.T) {
 	router.Mux.ServeHTTP(w, req)
 	assert.Equal(t, 200, w.Code)
 
+	// DELETE integration with lamba user, forbidden
+	vars = map[string]string{}
+	vars["permProjectKeyWithHooksAllowed"] = proj.Key
+	vars["integrationName"] = pp.Name
+	uri = router.GetRoute("DELETE", api.deleteProjectIntegrationHandler, vars)
+	req = assets.NewAuthentifiedRequest(t, u2, pass2, "DELETE", uri, nil)
+
+	w = httptest.NewRecorder()
+	router.Mux.ServeHTTP(w, req)
+	assert.Equal(t, 403, w.Code)
+
 	// DELETE integration
 	vars = map[string]string{}
 	vars["permProjectKeyWithHooksAllowed"] = proj.Key