Added user check on list and get handlers

grycap · Jan 29, 2024 · b568d5f · b568d5f
1 parent 9e1a744
commit b568d5f
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 1 deletion.
diff --git a/pkg/handlers/list.go b/pkg/handlers/list.go
@@ -17,6 +17,7 @@ limitations under the License.
 package handlers
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
@@ -32,6 +33,28 @@ func MakeListHandler(back types.ServerlessBackend) gin.HandlerFunc {
 			return
 		}
 
-		c.JSON(http.StatusOK, services)
+		uidOrigin, uidExists := c.Get("uidOrigin")
+		if !uidExists {
+			c.String(http.StatusInternalServerError, fmt.Sprintln("Missing EGI user uid"))
+		}
+
+		uid, uidParsed := uidOrigin.(string)
+
+		if !uidParsed {
+			c.String(http.StatusInternalServerError, fmt.Sprintf("Error parsing uid origin: %v", uidParsed))
+			return
+		}
+
+		var allowedServicesForUser []*types.Service
+		for _, service := range services {
+			for _, id := range service.AllowedUsers {
+				if uid == id {
+					allowedServicesForUser = append(allowedServicesForUser, service)
+					break
+				}
+			}
+		}
+
+		c.JSON(http.StatusOK, allowedServicesForUser)
 	}
 }
diff --git a/pkg/handlers/read.go b/pkg/handlers/read.go
@@ -17,6 +17,7 @@ limitations under the License.
 package handlers
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
@@ -28,6 +29,7 @@ import (
 func MakeReadHandler(back types.ServerlessBackend) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		service, err := back.ReadService(c.Param("serviceName"))
+
 		if err != nil {
 			// Check if error is caused because the service is not found
 			if errors.IsNotFound(err) || errors.IsGone(err) {
@@ -38,6 +40,31 @@ func MakeReadHandler(back types.ServerlessBackend) gin.HandlerFunc {
 			return
 		}
 
+		uidOrigin, uidExists := c.Get("uidOrigin")
+		if !uidExists {
+			c.String(http.StatusInternalServerError, fmt.Sprintln("Missing EGI user uid"))
+		}
+
+		uid, uidParsed := uidOrigin.(string)
+
+		if !uidParsed {
+			c.String(http.StatusInternalServerError, fmt.Sprintf("Error parsing uid origin: %v", uidParsed))
+			return
+		}
+
+		var isAllowed bool
+		for _, id := range service.AllowedUsers {
+			if uid == id {
+				isAllowed = true
+				break
+			}
+		}
+
+		if !isAllowed {
+			c.String(http.StatusForbidden, "User %s doesn't have permision to get this service", uid)
+			return
+		}
+
 		c.JSON(http.StatusOK, service)
 	}
 }