From 9edc8d0fb57a54dcdf7f3d5e0647ba5761111c68 Mon Sep 17 00:00:00 2001 From: Vicg853 Date: Thu, 12 May 2022 16:40:19 -0300 Subject: [PATCH 1/3] Inverted userRoles by role fix. Roles can now be updated --- server/resolvers/update_user.go | 3 +++ server/utils/validator.go | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/server/resolvers/update_user.go b/server/resolvers/update_user.go index a759399..618a60d 100644 --- a/server/resolvers/update_user.go +++ b/server/resolvers/update_user.go @@ -26,6 +26,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod if err != nil { return res, err } + fmt.Println(token.IsSuperAdmin(gc)) if !token.IsSuperAdmin(gc) { return res, fmt.Errorf("unauthorized") @@ -133,6 +134,8 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod inputRoles = append(inputRoles, *item) } + fmt.Println(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles)) + fmt.Println(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)) if !utils.IsValidRoles(inputRoles, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) { return res, fmt.Errorf("invalid list of roles") } diff --git a/server/utils/validator.go b/server/utils/validator.go index f3ac062..280d611 100644 --- a/server/utils/validator.go +++ b/server/utils/validator.go @@ -54,8 +54,8 @@ func IsValidOrigin(url string) bool { // IsValidRoles validates roles func IsValidRoles(userRoles []string, roles []string) bool { valid := true - for _, role := range roles { - if !StringSliceContains(userRoles, role) { + for _, userRole := range userRoles { + if !StringSliceContains(roles, userRole) { valid = false break } From 4ceb6db4ba4920514f09866fe881ce8021ec1e2e Mon Sep 17 00:00:00 2001 From: Vicg853 Date: Thu, 12 May 2022 16:40:49 -0300 Subject: [PATCH 2/3] Adding possible test error cause comment --- server/test/update_user_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/server/test/update_user_test.go b/server/test/update_user_test.go index d072a27..d1f55de 100644 --- a/server/test/update_user_test.go +++ b/server/test/update_user_test.go @@ -24,6 +24,12 @@ func updateUserTest(t *testing.T, s TestSetup) { }) user := *signupRes.User + //! - Found out by testing + //! that the 'supplier' role was being accepted by the server + //! even though that it doesn't exist in the database. + //! (checked it by doing fmt.Println() on role envs) + //! But I'm not removing it as there is maybe a reason for it to be be here... + //! - Appart from that, by removing it test returns 'unauthorized' successfully adminRole := "supplier" userRole := "user" newRoles := []*string{&adminRole, &userRole} From 1efa419cdf9cfbe97f26b2d6b3e7530867f9fcbb Mon Sep 17 00:00:00 2001 From: Vicg853 Date: Thu, 12 May 2022 16:43:07 -0300 Subject: [PATCH 3/3] Clean up --- server/resolvers/update_user.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/resolvers/update_user.go b/server/resolvers/update_user.go index 618a60d..a759399 100644 --- a/server/resolvers/update_user.go +++ b/server/resolvers/update_user.go @@ -26,7 +26,6 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod if err != nil { return res, err } - fmt.Println(token.IsSuperAdmin(gc)) if !token.IsSuperAdmin(gc) { return res, fmt.Errorf("unauthorized") @@ -134,8 +133,6 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod inputRoles = append(inputRoles, *item) } - fmt.Println(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles)) - fmt.Println(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)) if !utils.IsValidRoles(inputRoles, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) { return res, fmt.Errorf("invalid list of roles") }