Skip to content

Commit

Permalink
fix: allow org admins to bypass other checks in MLDES authentication (#…
Browse files Browse the repository at this point in the history 
…1072)
  • Loading branch information
@mackrorysd @azhou-determined
mackrorysd authored and azhou-determined committed Nov 29, 2023
1 parent 24c5efc commit 5b330f2
Showing 1 changed file with 13 additions and 9 deletions.
22 changes: 13 additions & 9 deletions master/internal/user/external_users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,17 +48,21 @@ func ByExternalToken(tokenText string,
if !ok || orgRoles.Role == model.NoRole {
return nil, nil, db.ErrNotFound
}
clusterAccess, ok := orgRoles.ClusterRoles[ext.ClusterID]
if ok {
if clusterAccess == model.NoRole {
return nil, nil, db.ErrNotFound
}
isAdmin = clusterAccess == model.AdminRole
if orgRoles.Role == model.AdminRole {
isAdmin = true
} else {
if orgRoles.DefaultClusterRole == model.NoRole {
return nil, nil, db.ErrNotFound
clusterAccess, ok := orgRoles.ClusterRoles[ext.ClusterID]
if ok {
if clusterAccess == model.NoRole {
return nil, nil, db.ErrNotFound
}
isAdmin = clusterAccess == model.AdminRole
} else {
if orgRoles.DefaultClusterRole == model.NoRole {
return nil, nil, db.ErrNotFound
}
isAdmin = orgRoles.DefaultClusterRole == model.AdminRole
}
isAdmin = orgRoles.DefaultClusterRole == model.AdminRole
}

scimLock.Lock()
Expand Down

0 comments on commit 5b330f2

Please sign in to comment.