Filter out space and organization names based on permissions #3962
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When a user has access to a shared service instance (i.e. read
permissions on any of the shared spaces), the guids of all shared spaces
are visible, but only those space and organization names the user is
allowed to read based on the given roles.
Example:
DEVELOPER who is space developer in SPACE_1, SPACE_2 and SPACE_3
shared SERVICE_INSTANCE from SPACE_1 to SPACE_2 and SPACE_3. For each
space there is a dedicated space auditor (AUDITOR_1, AUDITOR_2 and
AUDITOR_3).
SPACE_1
-------
DEVELOPER (space developer)
AUDITOR_1 (space auditor)
SERVICE_INSTANCE
SPACE_2
-------
DEVELOPER (space developer)
AUDITOR_2 (space auditor)
shared SERVICE_INSTANCE
SPACE_3
-------
DEVELOPER (space developer)
AUDITOR_3 (space auditor)
shared SERVICE_INSTANCE
Original behavior (before PR cloudfoundry#3931):
- AUDITOR_1 can see SPACE_2.guid + name and SPACE_3.guid + name
=> SPACE_2.name and SPACE_3.name should not be readable
- AUDITOR_2 cannot see shared spaces
=> shared spaces should be readable
- AUDITOR_3 cannot see shared spaces
=> shared spaces should be readable
Changed behavior (with PR cloudfoundry#3931):
- AUDITOR_1 can see SPACE_2.guid + name and SPACE_3.guid + name
=> SPACE_2.name and SPACE_3.name should not be readable
- AUDITOR_2 can see SPACE_2.guid + name and SPACE_3.guid + name
=> SPACE_3.name should not be readable
- AUDITOR_3 can see SPACE_2.guid + name and SPACE_3.guid + name
=> SPACE_2.name should not be readable
New behavior (this change):
- AUDITOR_1 can see SPACE_2.guid and SPACE_3.guid
- AUDITOR_2 can see SPACE_2.guid + name and SPACE_3.guid
- AUDITOR_3 can see SPACE_2.guid and SPACE_3.guid + name
philippthun
force-pushed
the
shared-spaces-decorator-permissions
branch
from
ddc3801 to
6be5087
Compare
sethboyles
approved these changes
Sep 13, 2024
ari-wg-gitbot
added a commit
to cloudfoundry/capi-release
that referenced
this pull request
Sep 16, 2024
Changes in cloud_controller_ng:
- Filter out space and organization names based on permissions
PR: cloudfoundry/cloud_controller_ng#3962
Author: Philipp Thun <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When a user has access to a shared service instance (i.e. read permissions on any of the shared spaces), the guids of all shared spaces are visible, but only those space and organization names the user is allowed to read based on the given roles.
Example
DEVELOPER who is space developer in SPACE_1, SPACE_2 and SPACE_3 shared SERVICE_INSTANCE from SPACE_1 to SPACE_2 and SPACE_3. For each space there is a dedicated space auditor (AUDITOR_1, AUDITOR_2 and AUDITOR_3).
Original behavior (before PR #3931):
SPACE_2.guid+nameandSPACE_3.guid+nameSPACE_2.nameandSPACE_3.nameshould not be readableChanged behavior (with PR #3931):
SPACE_2.guid+nameandSPACE_3.guid+nameSPACE_2.nameandSPACE_3.nameshould not be readableSPACE_2.guid+nameandSPACE_3.guid+nameSPACE_3.nameshould not be readableSPACE_2.guid+nameandSPACE_3.guid+nameSPACE_2.nameshould not be readableNew behavior (this change):
SPACE_2.guidandSPACE_3.guidSPACE_2.guid+nameandSPACE_3.guidSPACE_2.guidandSPACE_3.guid+nameI have reviewed the contributing guide
I have viewed, signed, and submitted the Contributor License Agreement
I have made this pull request to the
mainbranchI have run all the unit tests using
bundle exec rakeI have run CF Acceptance Tests