From 9ceb5d8d4c14d977dc2141222a31d8fcc31751c3 Mon Sep 17 00:00:00 2001 From: simon987 Date: Sat, 23 Feb 2019 22:05:22 -0500 Subject: [PATCH] Fix worker permissions bug --- schema.sql | 2 +- storage/task.go | 6 +-- test/api_project_test.go | 19 --------- test/api_task_test.go | 68 +++++++++++++++++++++++++++++- test/schema.sql | 2 +- web/angular/src/app/api.service.ts | 2 +- 6 files changed, 72 insertions(+), 27 deletions(-) diff --git a/schema.sql b/schema.sql index 807ecc9..7fb2665 100755 --- a/schema.sql +++ b/schema.sql @@ -22,7 +22,7 @@ CREATE TABLE project paused boolean NOT NULL, name TEXT UNIQUE NOT NULL, clone_url TEXT NOT NULL, - git_repo TEXT UNIQUE NOT NULL, + git_repo TEXT NOT NULL, version TEXT NOT NULL, motd TEXT NOT NULL, secret TEXT NOT NULL DEFAULT '{}' diff --git a/storage/task.go b/storage/task.go index 1466f77..7aab7d6 100644 --- a/storage/task.go +++ b/storage/task.go @@ -44,7 +44,7 @@ func (database *Database) SaveTask(task *Task, project int64, hash64 int64, wid res, err := db.Exec(fmt.Sprintf(` INSERT INTO task (project, max_retries, recipe, priority, max_assign_time, hash64,verification_count) SELECT $1,$2,$3,$4,$5,NULLIF(%d, 0),$6 FROM worker_access - WHERE role_submit AND worker=$7 AND project=$1`, hash64), + WHERE role_submit AND NOT request AND worker=$7 AND project=$1`, hash64), project, task.MaxRetries, task.Recipe, task.Priority, task.MaxAssignTime, task.VerificationCount, wid) if err != nil { @@ -84,7 +84,7 @@ func (database *Database) GetTask(worker *Worker) *Task { LEFT JOIN worker_verifies_task wvt on task.id = wvt.task AND wvt.worker=$1 WHERE NOT project.paused AND assignee IS NULL AND task.status=1 AND (project.public OR ( - SELECT a.role_assign FROM worker_access a WHERE a.worker=$1 AND a.project=project.id + SELECT a.role_assign AND not a.request FROM worker_access a WHERE a.worker=$1 AND a.project=project.id )) AND wvt.task IS NULL ORDER BY project.priority DESC, task.priority DESC @@ -188,7 +188,7 @@ func (database *Database) GetTaskFromProject(worker *Worker, projectId int64) *T LEFT JOIN worker_verifies_task wvt on task.id = wvt.task AND wvt.worker=$1 WHERE NOT project.paused AND assignee IS NULL AND project.id=$2 AND status=1 AND (project.public OR ( - SELECT a.role_assign FROM worker_access a WHERE a.worker=$1 AND a.project=$2 + SELECT a.role_assign and not a.request FROM worker_access a WHERE a.worker=$1 AND a.project=$2 )) AND wvt.task IS NULL ORDER BY task.priority DESC diff --git a/test/api_project_test.go b/test/api_project_test.go index e37456d..c28c258 100644 --- a/test/api_project_test.go +++ b/test/api_project_test.go @@ -90,25 +90,6 @@ func TestCreateDuplicateProjectName(t *testing.T) { } } -func TestCreateDuplicateProjectRepo(t *testing.T) { - createProjectAsAdmin(api.CreateProjectRequest{ - Name: "different name", - GitRepo: "user/same", - }) - resp := createProjectAsAdmin(api.CreateProjectRequest{ - Name: "but same repo", - GitRepo: "user/same", - }) - - if resp.Ok != false { - t.Error() - } - - if len(resp.Message) <= 0 { - t.Error() - } -} - func TestGetProjectNotFound(t *testing.T) { getResp := getProjectAsAdmin(12345) diff --git a/test/api_task_test.go b/test/api_task_test.go index 6357f62..582e059 100644 --- a/test/api_task_test.go +++ b/test/api_task_test.go @@ -328,7 +328,7 @@ func TestTaskNoAccess(t *testing.T) { Assign: true, Submit: true, }, worker) - acceptAccessRequest(worker.Id, pid, testAdminCtx) + acceptAccessRequest(pid, worker.Id, testAdminCtx) createResp := createTask(api.SubmitTaskRequest{ Project: pid, @@ -376,7 +376,7 @@ func TestTaskHasAccess(t *testing.T) { Assign: true, Project: pid, }, worker) - acceptAccessRequest(worker.Id, pid, testAdminCtx) + acceptAccessRequest(pid, worker.Id, testAdminCtx) createResp := createTask(api.SubmitTaskRequest{ Project: pid, @@ -817,6 +817,70 @@ func TestTaskReleaseBigInt(t *testing.T) { } } +func TestTaskSubmitUnauthorized(t *testing.T) { + + pid := createProjectAsAdmin(api.CreateProjectRequest{ + Name: "testtasksubmitunauthorized", + GitRepo: "testtasksubmitunauthorized", + CloneUrl: "testtasksubmitunauthorized", + }).Content.Id + + w := genWid() + + requestAccess(api.CreateWorkerAccessRequest{ + Project: pid, + Submit: true, + Assign: true, + }, w) + + resp := createTask(api.SubmitTaskRequest{ + Project: pid, + Recipe: "ssss", + }, w) + + if resp.Ok != false { + t.Error() + } +} + +func TestTaskGetUnauthorized(t *testing.T) { + + pid := createProjectAsAdmin(api.CreateProjectRequest{ + Name: "testtaskgetunauthorized", + GitRepo: "testtaskgetunauthorized", + CloneUrl: "testtaskgettunauthorized", + Hidden: true, + }).Content.Id + + w := genWid() + wWithAccess := genWid() + + requestAccess(api.CreateWorkerAccessRequest{ + Project: pid, + Submit: true, + Assign: true, + }, wWithAccess) + acceptAccessRequest(pid, wWithAccess.Id, testAdminCtx) + + createTask(api.SubmitTaskRequest{ + Project: pid, + Recipe: "ssss", + }, wWithAccess) + + requestAccess(api.CreateWorkerAccessRequest{ + Project: pid, + Submit: true, + Assign: true, + }, w) + + resp := getTaskFromProject(pid, w) + + fmt.Println(resp.Message) + if resp.Ok != false { + t.Error() + } +} + func createTask(request api.SubmitTaskRequest, worker *storage.Worker) (ar api.JsonResponse) { r := Post("/task/submit", request, worker, nil) UnmarshalResponse(r, &ar) diff --git a/test/schema.sql b/test/schema.sql index 807ecc9..7fb2665 100755 --- a/test/schema.sql +++ b/test/schema.sql @@ -22,7 +22,7 @@ CREATE TABLE project paused boolean NOT NULL, name TEXT UNIQUE NOT NULL, clone_url TEXT NOT NULL, - git_repo TEXT UNIQUE NOT NULL, + git_repo TEXT NOT NULL, version TEXT NOT NULL, motd TEXT NOT NULL, secret TEXT NOT NULL DEFAULT '{}' diff --git a/web/angular/src/app/api.service.ts b/web/angular/src/app/api.service.ts index ae1657c..80c4f1a 100755 --- a/web/angular/src/app/api.service.ts +++ b/web/angular/src/app/api.service.ts @@ -6,7 +6,7 @@ import {Credentials} from "./models/credentials"; @Injectable() export class ApiService { - public url: string = "https://tt.simon987.net/api"; + public url: string = "http://localhost/api"; private options: { withCredentials: true, responseType: "json"