fix: UpdateProject operation to authz (#1281)

adilansari · web-flow · commit f1cea7f189b0 · 2023-06-22T12:51:11.000-07:00
* fix: UpdateProject operation to authz

* tests: authz update project roles
diff --git a/api/server/v1/tx.go b/api/server/v1/tx.go
@@ -58,6 +58,7 @@ const (
 	ListProjectsMethodName    = apiMethodPrefix + "ListProjects"
 	ListCollectionsMethodName = apiMethodPrefix + "ListCollections"
 	CreateProjectMethodName   = apiMethodPrefix + "CreateProject"
+	UpdateProjectMethodName   = apiMethodPrefix + "UpdateProject"
 
 	DeleteProjectMethodName      = apiMethodPrefix + "DeleteProject"
 	DescribeDatabaseMethodName   = apiMethodPrefix + "DescribeDatabase"
diff --git a/server/middleware/authz.go b/server/middleware/authz.go
@@ -102,6 +102,7 @@ var (
 		api.ListProjectsMethodName,
 		api.ListCollectionsMethodName,
 		api.CreateProjectMethodName,
+		api.UpdateProjectMethodName,
 		api.DeleteProjectMethodName,
 		api.DescribeDatabaseMethodName,
 		api.DescribeCollectionMethodName,
@@ -194,6 +195,7 @@ var (
 		api.ListProjectsMethodName,
 		api.ListCollectionsMethodName,
 		api.CreateProjectMethodName,
+		api.UpdateProjectMethodName,
 		api.DeleteProjectMethodName,
 		api.DescribeDatabaseMethodName,
 		api.DescribeCollectionMethodName,
@@ -293,6 +295,7 @@ var (
 		api.ListProjectsMethodName,
 		api.ListCollectionsMethodName,
 		api.CreateProjectMethodName,
+		api.UpdateProjectMethodName,
 		api.DeleteProjectMethodName,
 		api.DescribeDatabaseMethodName,
 		api.DescribeCollectionMethodName,
diff --git a/server/middleware/authz_test.go b/server/middleware/authz_test.go
@@ -40,6 +40,7 @@ func TestAuthzOwnerRole(t *testing.T) {
 	require.True(t, isAuthorizedOperation(api.CreateOrUpdateCollectionsMethodName, auth.OwnerRoleName))
 	require.True(t, isAuthorizedOperation(api.DropCollectionMethodName, auth.OwnerRoleName))
 	require.True(t, isAuthorizedOperation(api.ListProjectsMethodName, auth.OwnerRoleName))
+	require.True(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.OwnerRoleName))
 	require.True(t, isAuthorizedOperation(api.ListCollectionsMethodName, auth.OwnerRoleName))
 	require.True(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.OwnerRoleName))
 	require.True(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.OwnerRoleName))
@@ -149,6 +150,7 @@ func TestAuthzEditorRole(t *testing.T) {
 	require.True(t, isAuthorizedOperation(api.ListProjectsMethodName, auth.EditorRoleName))
 	require.True(t, isAuthorizedOperation(api.ListCollectionsMethodName, auth.EditorRoleName))
 	require.True(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.EditorRoleName))
+	require.True(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.EditorRoleName))
 	require.True(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.EditorRoleName))
 	require.True(t, isAuthorizedOperation(api.DescribeDatabaseMethodName, auth.EditorRoleName))
 	require.True(t, isAuthorizedOperation(api.DescribeCollectionMethodName, auth.EditorRoleName))
@@ -285,6 +287,7 @@ func TestAuthzReadOnlyRole(t *testing.T) {
 	require.False(t, isAuthorizedOperation(api.UpdateMethodName, auth.ReadOnlyRoleName))
 	require.False(t, isAuthorizedOperation(api.DeleteMethodName, auth.ReadOnlyRoleName))
 	require.False(t, isAuthorizedOperation(api.CreateProjectMethodName, auth.ReadOnlyRoleName))
+	require.False(t, isAuthorizedOperation(api.UpdateProjectMethodName, auth.ReadOnlyRoleName))
 	require.False(t, isAuthorizedOperation(api.CreateOrUpdateCollectionMethodName, auth.ReadOnlyRoleName))
 	require.False(t, isAuthorizedOperation(api.CreateOrUpdateCollectionsMethodName, auth.ReadOnlyRoleName))
 	require.False(t, isAuthorizedOperation(api.DeleteProjectMethodName, auth.ReadOnlyRoleName))
