Skip to content

Commit fcaf046

Browse files
norrisng-bcnorrisng-bc
committed
Add child bucket: inherit all parent permissions
1 parent e182aa0 commit fcaf046

File tree

1 file changed

+21
-9
lines changed

1 file changed

+21
-9
lines changed

app/src/controllers/bucket.js

Lines changed: 21 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -171,7 +171,8 @@ const controller = {
171171
key: childKey,
172172
secretAccessKey: parentBucket.secretAccessKey,
173173
region: parentBucket.region ?? undefined,
174-
active: parentBucket.active
174+
active: parentBucket.active,
175+
permCodes: []
175176
};
176177

177178
let response = undefined;
@@ -181,19 +182,30 @@ const controller = {
181182
await controller._validateCredentials(childBucket);
182183
childBucket.userId = await userService.getCurrentUserId(getCurrentIdentity(req.currentUser, SYSTEM_USER));
183184

184-
// get all permissions that user has on parent bucket
185-
childBucket.permCodes = childBucket.userId !== SYSTEM_USER ?
186-
(await bucketPermissionService.searchPermissions({
187-
bucketId: parentBucket.bucketId,
188-
userId: childBucket.userId
189-
})).map(p => p.permCode) : [];
185+
const parentPermissions = await bucketPermissionService.searchPermissions({ bucketId: parentBucket.bucketId });
190186

191-
// Create child bucket
192-
response = await bucketService.create(childBucket);
187+
response = await utils.trxWrapper(async (trx) => {
188+
// Create child bucket
189+
const childBucketResp = await bucketService.create(childBucket, trx);
190+
191+
// Add parent permissions to child bucket
192+
if (parentPermissions.length > 0)
193+
await bucketPermissionService.addPermissions(
194+
childBucketResp.bucketId, parentPermissions, childBucket.userId, trx);
195+
196+
return childBucketResp;
197+
});
193198
}
194199
catch (e) {
195200
// If child bucket exists..
196201
if (e instanceof UniqueViolationError) {
202+
// get all permissions that user has on parent bucket
203+
childBucket.permCodes = childBucket.userId !== SYSTEM_USER ?
204+
(await bucketPermissionService.searchPermissions({
205+
bucketId: parentBucket.bucketId,
206+
userId: childBucket.userId
207+
})).map(p => p.permCode) : [];
208+
197209
// Grant permissions if credentials precisely match
198210
response = await bucketService.checkGrantPermissions(childBucket).catch(permErr => {
199211
next(new Problem(403, { detail: permErr.message, instance: req.originalUrl }));

0 commit comments

Comments
 (0)