From 597436cad8d60e4b34a5044f0c224de160f11574 Mon Sep 17 00:00:00 2001 From: vebjorre Date: Tue, 13 Aug 2024 11:32:01 +0200 Subject: [PATCH] trim nais-team prefix --- Makefile | 7 ++++++ pkg/service/core/service_story.go | 9 ++++--- test/integration/story_test.go | 42 +++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 6f031eed..daba2566 100644 --- a/Makefile +++ b/Makefile @@ -13,6 +13,13 @@ define install-binary fi endef +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + STATICCHECK ?= $(shell command -v staticcheck || echo "$(GOBIN)/staticcheck") STATICCHECK_VERSION := v0.4.6 SQLC ?= $(shell command -v sqlc || echo "$(GOBIN)/sqlc") diff --git a/pkg/service/core/service_story.go b/pkg/service/core/service_story.go index 6eee77ba..ff44e33b 100644 --- a/pkg/service/core/service_story.go +++ b/pkg/service/core/service_story.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/google/uuid" + "github.com/navikt/nada-backend/pkg/auth" "github.com/navikt/nada-backend/pkg/errs" "github.com/navikt/nada-backend/pkg/service" ) @@ -37,8 +38,8 @@ func (s *storyService) AppendStoryFiles(ctx context.Context, id uuid.UUID, creat return errs.E(op, err) } - if story.Group != creatorEmail { - return errs.E(errs.Unauthorized, op, errs.UserName(creatorEmail), fmt.Errorf("user not in the group of the data story: %s", story.Group)) + if auth.TrimNaisTeamPrefix(story.Group) != creatorEmail { + return errs.E(errs.Unauthorized, op, errs.UserName(creatorEmail), fmt.Errorf("user %s not in the group of the data story: %s", creatorEmail, story.Group)) } err = s.storyAPI.WriteFilesToBucket(ctx, id.String(), files, false) @@ -57,8 +58,8 @@ func (s *storyService) RecreateStoryFiles(ctx context.Context, id uuid.UUID, cre return errs.E(op, err) } - if story.Group != creatorEmail { - return errs.E(errs.Unauthorized, op, errs.UserName(creatorEmail), fmt.Errorf("user not in the group of the data story: %s", story.Group)) + if auth.TrimNaisTeamPrefix(story.Group) != creatorEmail { + return errs.E(errs.Unauthorized, op, errs.UserName(creatorEmail), fmt.Errorf("user %s not in the group of the data story: %s", creatorEmail, story.Group)) } _, err = s.storyAPI.DeleteObjectsWithPrefix(ctx, id.String()) diff --git a/test/integration/story_test.go b/test/integration/story_test.go index 671b79a2..7573fef0 100644 --- a/test/integration/story_test.go +++ b/test/integration/story_test.go @@ -297,6 +297,48 @@ func TestStory(t *testing.T) { } }) + t.Run("Recreate story files with token and nais-team prefix", func(t *testing.T) { + storage := postgres.NewStoryStorage(repo) + + updateStory, err := storage.CreateStory(context.Background(), "nais-team-nada@nav.no", &service.NewStory{ + Name: "My update story", + Description: strToStrPtr("This is my update story, and it is pretty bad"), + Keywords: []string{"story", "bad"}, + Group: "nais-team-nada@nav.no", + }) + assert.NoError(t, err) + + files := map[string]string{ + "index.html": defaultHtml, + "subpage/index.html": "

Subpage

", + "subsubsubpage/something.html": "

Subsubsubpage

", + } + + req := CreateMultipartFormRequest( + t, + http.MethodPut, + server.URL+"/quarto/update/"+updateStory.ID.String(), + files, + nil, + map[string]string{ + "Authorization": fmt.Sprintf("Bearer %s", token), + }, + ) + + NewTester(t, server). + Send(req). + HasStatusCode(http.StatusNoContent) + + for path, content := range files { + got := NewTester(t, server). + Get("/quarto/" + updateStory.ID.String() + "/" + path). + HasStatusCode(http.StatusOK). + Body() + + assert.Equal(t, content, got) + } + }) + t.Run("Append story files with token", func(t *testing.T) { files := map[string]string{ "newpage/test.html": "

New page

",