fix sae env auth bugs

Signed-off-by: Patrick Zhao <[email protected]>

pkg/microservice/aslan/core/environment/handler/environment.go

@@ -2934,13 +2934,13 @@ func DeleteSAEEnv(c *gin.Context) {
 
 		if production {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.EditConfig {
+				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.Delete {
 				ctx.UnAuthorized = true
 				return
 			}
 		} else {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].Env.EditConfig {
+				!ctx.Resources.ProjectAuthInfo[projectKey].Env.Delete {
 				ctx.UnAuthorized = true
 				return
 			}
@@ -3330,17 +3330,17 @@ func RollbackSAEApp(c *gin.Context) {
 
 		if production {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
 				}
 			}
 		} else {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].Env.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].Env.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
@@ -3713,17 +3713,17 @@ func AbortSAEChangeOrder(c *gin.Context) {
 
 		if production {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
 				}
 			}
 		} else {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].Env.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].Env.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
@@ -3769,17 +3769,17 @@ func RollbackSAEChangeOrder(c *gin.Context) {
 
 		if production {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
 				}
 			}
 		} else {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].Env.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].Env.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
@@ -3825,17 +3825,17 @@ func ConfirmSAEPipelineBatch(c *gin.Context) {
 
 		if production {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].ProductionEnv.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.ProductionEnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return
 				}
 			}
 		} else {
 			if !ctx.Resources.ProjectAuthInfo[projectKey].IsProjectAdmin &&
-				!ctx.Resources.ProjectAuthInfo[projectKey].Env.EditConfig {
-				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionEditConfig)
+				!ctx.Resources.ProjectAuthInfo[projectKey].Env.ManagePods {
+				permitted, err := internalhandler.GetCollaborationModePermission(ctx.UserID, projectKey, types.ResourceTypeEnvironment, envName, types.EnvActionManagePod)
 				if err != nil || !permitted {
 					ctx.UnAuthorized = true
 					return

pkg/microservice/aslan/core/environment/handler/router.go

@@ -226,9 +226,9 @@ func (*Router) Inject(router *gin.RouterGroup) {
 		environments.GET("sae/namespace", ListSAENamespaces)
 		environments.POST("sae/:name/app", AddSAEServiceToEnv)
 		environments.PUT("sae/:name/app", DeleteSAEServiceFromEnv)
+		environments.POST("sae/:name/app/:appID/serviceBind", BindSAEAppToService)
 		environments.GET("sae/:name/app/:appID/versions", ListSAEAppVersion)
 		environments.POST("sae/:name/app/:appID/restart", RestartSAEApp)
-		environments.POST("sae/:name/app/:appID/serviceBind", BindSAEAppToService)
 		environments.POST("sae/:name/app/:appID/rescale", RescaleSAEApp)
 		environments.POST("sae/:name/app/:appID/rollback", RollbackSAEApp)
 		environments.GET("sae/:name/app/:appID/instance", ListSAEAppInstances)