Skip to content

Commit 03ce12a

Browse files
benoit-nexthopbenoit-nexthop
committed
Remove IsAdmin checks from read-only operations to allow non-admin users to view resources
1 parent acc7d27 commit 03ce12a

13 files changed

Lines changed: 0 additions & 173 deletions

apiserver/controllers/controllers.go

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -211,13 +211,6 @@ func (a *APIController) WebhookHandler(w http.ResponseWriter, r *http.Request) {
211211

212212
func (a *APIController) EventsHandler(w http.ResponseWriter, r *http.Request) {
213213
ctx := r.Context()
214-
if !auth.IsAdmin(ctx) {
215-
w.WriteHeader(http.StatusForbidden)
216-
if _, err := w.Write([]byte("events are available to admin users")); err != nil {
217-
slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
218-
}
219-
return
220-
}
221214

222215
conn, err := a.upgrader.Upgrade(w, r, nil)
223216
if err != nil {
@@ -288,13 +281,6 @@ func (a *APIController) MetricsHandler(w http.ResponseWriter, r *http.Request) {
288281

289282
func (a *APIController) WSHandler(writer http.ResponseWriter, req *http.Request) {
290283
ctx := req.Context()
291-
if !auth.IsAdmin(ctx) {
292-
writer.WriteHeader(http.StatusForbidden)
293-
if _, err := writer.Write([]byte("you need admin level access to view logs")); err != nil {
294-
slog.With(slog.Any("error", err)).ErrorContext(ctx, "failed to encode response")
295-
}
296-
return
297-
}
298284

299285
if a.hub == nil {
300286
handleError(ctx, writer, gErrors.NewBadRequestError("log streamer is disabled"))

runner/enterprises.go

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -86,10 +86,6 @@ func (r *Runner) CreateEnterprise(ctx context.Context, param params.CreateEnterp
8686
}
8787

8888
func (r *Runner) ListEnterprises(ctx context.Context, filter params.EnterpriseFilter) ([]params.Enterprise, error) {
89-
if !auth.IsAdmin(ctx) {
90-
return nil, runnerErrors.ErrUnauthorized
91-
}
92-
9389
enterprises, err := r.store.ListEnterprises(ctx, filter)
9490
if err != nil {
9591
return nil, fmt.Errorf("error listing enterprises: %w", err)
@@ -99,10 +95,6 @@ func (r *Runner) ListEnterprises(ctx context.Context, filter params.EnterpriseFi
9995
}
10096

10197
func (r *Runner) GetEnterpriseByID(ctx context.Context, enterpriseID string) (params.Enterprise, error) {
102-
if !auth.IsAdmin(ctx) {
103-
return params.Enterprise{}, runnerErrors.ErrUnauthorized
104-
}
105-
10698
enterprise, err := r.store.GetEnterpriseByID(ctx, enterpriseID)
10799
if err != nil {
108100
return params.Enterprise{}, fmt.Errorf("error fetching enterprise: %w", err)
@@ -215,9 +207,6 @@ func (r *Runner) CreateEnterprisePool(ctx context.Context, enterpriseID string,
215207
}
216208

217209
func (r *Runner) GetEnterprisePoolByID(ctx context.Context, enterpriseID, poolID string) (params.Pool, error) {
218-
if !auth.IsAdmin(ctx) {
219-
return params.Pool{}, runnerErrors.ErrUnauthorized
220-
}
221210
entity := params.ForgeEntity{
222211
ID: enterpriseID,
223212
EntityType: params.ForgeEntityTypeEnterprise,
@@ -261,10 +250,6 @@ func (r *Runner) DeleteEnterprisePool(ctx context.Context, enterpriseID, poolID
261250
}
262251

263252
func (r *Runner) ListEnterprisePools(ctx context.Context, enterpriseID string) ([]params.Pool, error) {
264-
if !auth.IsAdmin(ctx) {
265-
return []params.Pool{}, runnerErrors.ErrUnauthorized
266-
}
267-
268253
entity := params.ForgeEntity{
269254
ID: enterpriseID,
270255
EntityType: params.ForgeEntityTypeEnterprise,
@@ -319,9 +304,6 @@ func (r *Runner) UpdateEnterprisePool(ctx context.Context, enterpriseID, poolID
319304
}
320305

321306
func (r *Runner) ListEnterpriseInstances(ctx context.Context, enterpriseID string) ([]params.Instance, error) {
322-
if !auth.IsAdmin(ctx) {
323-
return nil, runnerErrors.ErrUnauthorized
324-
}
325307
entity := params.ForgeEntity{
326308
ID: enterpriseID,
327309
EntityType: params.ForgeEntityTypeEnterprise,

runner/gitea_credentials.go

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,6 @@ import (
2424
)
2525

2626
func (r *Runner) ListGiteaCredentials(ctx context.Context) ([]params.ForgeCredentials, error) {
27-
if !auth.IsAdmin(ctx) {
28-
return nil, runnerErrors.ErrUnauthorized
29-
}
30-
3127
// Get the credentials from the store. The cache is always updated after the database successfully
3228
// commits the transaction that created/updated the credentials.
3329
// If we create a set of credentials then immediately after we call ListGiteaCredentials,
@@ -57,10 +53,6 @@ func (r *Runner) CreateGiteaCredentials(ctx context.Context, param params.Create
5753
}
5854

5955
func (r *Runner) GetGiteaCredentials(ctx context.Context, id uint) (params.ForgeCredentials, error) {
60-
if !auth.IsAdmin(ctx) {
61-
return params.ForgeCredentials{}, runnerErrors.ErrUnauthorized
62-
}
63-
6456
creds, err := r.store.GetGiteaCredentials(ctx, id, true)
6557
if err != nil {
6658
return params.ForgeCredentials{}, fmt.Errorf("error failed to get gitea credentials: %w", err)

runner/gitea_endpoints.go

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -41,9 +41,6 @@ func (r *Runner) CreateGiteaEndpoint(ctx context.Context, param params.CreateGit
4141
}
4242

4343
func (r *Runner) GetGiteaEndpoint(ctx context.Context, name string) (params.ForgeEndpoint, error) {
44-
if !auth.IsAdmin(ctx) {
45-
return params.ForgeEndpoint{}, runnerErrors.ErrUnauthorized
46-
}
4744
endpoint, err := r.store.GetGiteaEndpoint(ctx, name)
4845
if err != nil {
4946
return params.ForgeEndpoint{}, fmt.Errorf("failed to get gitea endpoint: %w", err)
@@ -82,10 +79,6 @@ func (r *Runner) UpdateGiteaEndpoint(ctx context.Context, name string, param par
8279
}
8380

8481
func (r *Runner) ListGiteaEndpoints(ctx context.Context) ([]params.ForgeEndpoint, error) {
85-
if !auth.IsAdmin(ctx) {
86-
return nil, runnerErrors.ErrUnauthorized
87-
}
88-
8982
endpoints, err := r.store.ListGiteaEndpoints(ctx)
9083
if err != nil {
9184
return nil, fmt.Errorf("failed to list gitea endpoints: %w", err)

runner/github_credentials.go

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -25,10 +25,6 @@ import (
2525
)
2626

2727
func (r *Runner) ListCredentials(ctx context.Context) ([]params.ForgeCredentials, error) {
28-
if !auth.IsAdmin(ctx) {
29-
return nil, runnerErrors.ErrUnauthorized
30-
}
31-
3228
// Get the credentials from the store. The cache is always updated after the database successfully
3329
// commits the transaction that created/updated the credentials.
3430
// If we create a set of credentials then immediately after we call ListCredentials,
@@ -68,10 +64,6 @@ func (r *Runner) CreateGithubCredentials(ctx context.Context, param params.Creat
6864
}
6965

7066
func (r *Runner) GetGithubCredentials(ctx context.Context, id uint) (params.ForgeCredentials, error) {
71-
if !auth.IsAdmin(ctx) {
72-
return params.ForgeCredentials{}, runnerErrors.ErrUnauthorized
73-
}
74-
7567
creds, err := r.store.GetGithubCredentials(ctx, id, true)
7668
if err != nil {
7769
return params.ForgeCredentials{}, fmt.Errorf("failed to get github credentials: %w", err)

runner/github_endpoints.go

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -41,9 +41,6 @@ func (r *Runner) CreateGithubEndpoint(ctx context.Context, param params.CreateGi
4141
}
4242

4343
func (r *Runner) GetGithubEndpoint(ctx context.Context, name string) (params.ForgeEndpoint, error) {
44-
if !auth.IsAdmin(ctx) {
45-
return params.ForgeEndpoint{}, runnerErrors.ErrUnauthorized
46-
}
4744
endpoint, err := r.store.GetGithubEndpoint(ctx, name)
4845
if err != nil {
4946
return params.ForgeEndpoint{}, fmt.Errorf("failed to get github endpoint: %w", err)
@@ -82,10 +79,6 @@ func (r *Runner) UpdateGithubEndpoint(ctx context.Context, name string, param pa
8279
}
8380

8481
func (r *Runner) ListGithubEndpoints(ctx context.Context) ([]params.ForgeEndpoint, error) {
85-
if !auth.IsAdmin(ctx) {
86-
return nil, runnerErrors.ErrUnauthorized
87-
}
88-
8982
endpoints, err := r.store.ListGithubEndpoints(ctx)
9083
if err != nil {
9184
return nil, fmt.Errorf("failed to list github endpoints: %w", err)

runner/object_store.go

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -44,10 +44,6 @@ func (r *Runner) CreateFileObject(ctx context.Context, param params.CreateFileOb
4444
}
4545

4646
func (r *Runner) GetFileObject(ctx context.Context, objID uint) (params.FileObject, error) {
47-
if !auth.IsAdmin(ctx) {
48-
return params.FileObject{}, runnerErrors.ErrUnauthorized
49-
}
50-
5147
fileObj, err := r.store.GetFileObject(ctx, objID)
5248
if err != nil {
5349
return params.FileObject{}, fmt.Errorf("failed to get file object: %w", err)
@@ -83,9 +79,6 @@ func (r *Runner) DeleteFileObjectsByTags(ctx context.Context, tags []string) (in
8379
}
8480

8581
func (r *Runner) ListFileObjects(ctx context.Context, page, pageSize uint64, tags []string) (params.FileObjectPaginatedResponse, error) {
86-
if !auth.IsAdmin(ctx) {
87-
return params.FileObjectPaginatedResponse{}, runnerErrors.ErrUnauthorized
88-
}
8982
var resp params.FileObjectPaginatedResponse
9083
var err error
9184
if len(tags) == 0 {
@@ -126,10 +119,6 @@ func (r *Runner) UpdateFileObject(ctx context.Context, objID uint, param params.
126119
}
127120

128121
func (r *Runner) GetFileObjectReader(ctx context.Context, objID uint) (io.ReadCloser, error) {
129-
if !auth.IsAdmin(ctx) {
130-
return nil, runnerErrors.ErrUnauthorized
131-
}
132-
133122
readCloser, err := r.store.OpenFileObjectContent(ctx, objID)
134123
if err != nil {
135124
return nil, fmt.Errorf("failed to open file object: %w", err)

runner/organizations.go

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -95,10 +95,6 @@ func (r *Runner) CreateOrganization(ctx context.Context, param params.CreateOrgP
9595
}
9696

9797
func (r *Runner) ListOrganizations(ctx context.Context, filter params.OrganizationFilter) ([]params.Organization, error) {
98-
if !auth.IsAdmin(ctx) {
99-
return nil, runnerErrors.ErrUnauthorized
100-
}
101-
10298
orgs, err := r.store.ListOrganizations(ctx, filter)
10399
if err != nil {
104100
return nil, fmt.Errorf("error listing organizations: %w", err)
@@ -108,10 +104,6 @@ func (r *Runner) ListOrganizations(ctx context.Context, filter params.Organizati
108104
}
109105

110106
func (r *Runner) GetOrganizationByID(ctx context.Context, orgID string) (params.Organization, error) {
111-
if !auth.IsAdmin(ctx) {
112-
return params.Organization{}, runnerErrors.ErrUnauthorized
113-
}
114-
115107
org, err := r.store.GetOrganizationByID(ctx, orgID)
116108
if err != nil {
117109
return params.Organization{}, fmt.Errorf("error fetching organization: %w", err)
@@ -238,10 +230,6 @@ func (r *Runner) CreateOrgPool(ctx context.Context, orgID string, param params.C
238230
}
239231

240232
func (r *Runner) GetOrgPoolByID(ctx context.Context, orgID, poolID string) (params.Pool, error) {
241-
if !auth.IsAdmin(ctx) {
242-
return params.Pool{}, runnerErrors.ErrUnauthorized
243-
}
244-
245233
entity := params.ForgeEntity{
246234
ID: orgID,
247235
EntityType: params.ForgeEntityTypeOrganization,
@@ -290,9 +278,6 @@ func (r *Runner) DeleteOrgPool(ctx context.Context, orgID, poolID string) error
290278
}
291279

292280
func (r *Runner) ListOrgPools(ctx context.Context, orgID string) ([]params.Pool, error) {
293-
if !auth.IsAdmin(ctx) {
294-
return []params.Pool{}, runnerErrors.ErrUnauthorized
295-
}
296281
entity := params.ForgeEntity{
297282
ID: orgID,
298283
EntityType: params.ForgeEntityTypeOrganization,
@@ -348,10 +333,6 @@ func (r *Runner) UpdateOrgPool(ctx context.Context, orgID, poolID string, param
348333
}
349334

350335
func (r *Runner) ListOrgInstances(ctx context.Context, orgID string) ([]params.Instance, error) {
351-
if !auth.IsAdmin(ctx) {
352-
return nil, runnerErrors.ErrUnauthorized
353-
}
354-
355336
entity := params.ForgeEntity{
356337
ID: orgID,
357338
EntityType: params.ForgeEntityTypeOrganization,
@@ -424,10 +405,6 @@ func (r *Runner) UninstallOrgWebhook(ctx context.Context, orgID string) error {
424405
}
425406

426407
func (r *Runner) GetOrgWebhookInfo(ctx context.Context, orgID string) (params.HookInfo, error) {
427-
if !auth.IsAdmin(ctx) {
428-
return params.HookInfo{}, runnerErrors.ErrUnauthorized
429-
}
430-
431408
org, err := r.store.GetOrganizationByID(ctx, orgID)
432409
if err != nil {
433410
return params.HookInfo{}, fmt.Errorf("error fetching org: %w", err)

runner/pools.go

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -25,10 +25,6 @@ import (
2525
)
2626

2727
func (r *Runner) ListAllPools(ctx context.Context) ([]params.Pool, error) {
28-
if !auth.IsAdmin(ctx) {
29-
return []params.Pool{}, runnerErrors.ErrUnauthorized
30-
}
31-
3228
pools, err := r.store.ListAllPools(ctx)
3329
if err != nil {
3430
return nil, fmt.Errorf("error fetching pools: %w", err)
@@ -37,10 +33,6 @@ func (r *Runner) ListAllPools(ctx context.Context) ([]params.Pool, error) {
3733
}
3834

3935
func (r *Runner) GetPoolByID(ctx context.Context, poolID string) (params.Pool, error) {
40-
if !auth.IsAdmin(ctx) {
41-
return params.Pool{}, runnerErrors.ErrUnauthorized
42-
}
43-
4436
pool, err := r.store.GetPoolByID(ctx, poolID)
4537
if err != nil {
4638
return params.Pool{}, fmt.Errorf("error fetching pool: %w", err)
@@ -112,10 +104,6 @@ func (r *Runner) UpdatePoolByID(ctx context.Context, poolID string, param params
112104
}
113105

114106
func (r *Runner) ListAllJobs(ctx context.Context) ([]params.Job, error) {
115-
if !auth.IsAdmin(ctx) {
116-
return []params.Job{}, runnerErrors.ErrUnauthorized
117-
}
118-
119107
jobs, err := r.store.ListAllJobs(ctx)
120108
if err != nil {
121109
return nil, fmt.Errorf("error fetching jobs: %w", err)

runner/repositories.go

Lines changed: 0 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -94,10 +94,6 @@ func (r *Runner) CreateRepository(ctx context.Context, param params.CreateRepoPa
9494
}
9595

9696
func (r *Runner) ListRepositories(ctx context.Context, filter params.RepositoryFilter) ([]params.Repository, error) {
97-
if !auth.IsAdmin(ctx) {
98-
return nil, runnerErrors.ErrUnauthorized
99-
}
100-
10197
repos, err := r.store.ListRepositories(ctx, filter)
10298
if err != nil {
10399
return nil, fmt.Errorf("error listing repositories: %w", err)
@@ -107,10 +103,6 @@ func (r *Runner) ListRepositories(ctx context.Context, filter params.RepositoryF
107103
}
108104

109105
func (r *Runner) GetRepositoryByID(ctx context.Context, repoID string) (params.Repository, error) {
110-
if !auth.IsAdmin(ctx) {
111-
return params.Repository{}, runnerErrors.ErrUnauthorized
112-
}
113-
114106
repo, err := r.store.GetRepositoryByID(ctx, repoID)
115107
if err != nil {
116108
return params.Repository{}, fmt.Errorf("error fetching repository: %w", err)
@@ -277,10 +269,6 @@ func (r *Runner) CreateRepoPool(ctx context.Context, repoID string, param params
277269
}
278270

279271
func (r *Runner) GetRepoPoolByID(ctx context.Context, repoID, poolID string) (params.Pool, error) {
280-
if !auth.IsAdmin(ctx) {
281-
return params.Pool{}, runnerErrors.ErrUnauthorized
282-
}
283-
284272
entity := params.ForgeEntity{
285273
ID: repoID,
286274
EntityType: params.ForgeEntityTypeRepository,
@@ -325,9 +313,6 @@ func (r *Runner) DeleteRepoPool(ctx context.Context, repoID, poolID string) erro
325313
}
326314

327315
func (r *Runner) ListRepoPools(ctx context.Context, repoID string) ([]params.Pool, error) {
328-
if !auth.IsAdmin(ctx) {
329-
return []params.Pool{}, runnerErrors.ErrUnauthorized
330-
}
331316
entity := params.ForgeEntity{
332317
ID: repoID,
333318
EntityType: params.ForgeEntityTypeRepository,
@@ -340,10 +325,6 @@ func (r *Runner) ListRepoPools(ctx context.Context, repoID string) ([]params.Poo
340325
}
341326

342327
func (r *Runner) ListPoolInstances(ctx context.Context, poolID string, outdatedOnly bool) ([]params.Instance, error) {
343-
if !auth.IsAdmin(ctx) {
344-
return nil, runnerErrors.ErrUnauthorized
345-
}
346-
347328
instances, err := r.store.ListPoolInstances(ctx, poolID, outdatedOnly)
348329
if err != nil {
349330
return []params.Instance{}, fmt.Errorf("error fetching instances: %w", err)
@@ -399,9 +380,6 @@ func (r *Runner) UpdateRepoPool(ctx context.Context, repoID, poolID string, para
399380
}
400381

401382
func (r *Runner) ListRepoInstances(ctx context.Context, repoID string) ([]params.Instance, error) {
402-
if !auth.IsAdmin(ctx) {
403-
return nil, runnerErrors.ErrUnauthorized
404-
}
405383
entity := params.ForgeEntity{
406384
ID: repoID,
407385
EntityType: params.ForgeEntityTypeRepository,
@@ -473,10 +451,6 @@ func (r *Runner) UninstallRepoWebhook(ctx context.Context, repoID string) error
473451
}
474452

475453
func (r *Runner) GetRepoWebhookInfo(ctx context.Context, repoID string) (params.HookInfo, error) {
476-
if !auth.IsAdmin(ctx) {
477-
return params.HookInfo{}, runnerErrors.ErrUnauthorized
478-
}
479-
480454
repo, err := r.store.GetRepositoryByID(ctx, repoID)
481455
if err != nil {
482456
return params.HookInfo{}, fmt.Errorf("error fetching repo: %w", err)

0 commit comments

Comments
 (0)