소스 검색

fix: ShowDiagnostics now behind policy checks

jamesread 4 달 전
부모
커밋
4af4d516be
1개의 변경된 파일7개의 추가작업 그리고 1개의 파일을 삭제
  1. 7 1
      service/internal/api/api.go

+ 7 - 1
service/internal/api/api.go

@@ -893,11 +893,17 @@ func (api *oliveTinAPI) OnExecutionFinished(ile *executor.InternalLogEntry) {
 }
 }
 
 
 func (api *oliveTinAPI) GetDiagnostics(ctx ctx.Context, req *connect.Request[apiv1.GetDiagnosticsRequest]) (*connect.Response[apiv1.GetDiagnosticsResponse], error) {
 func (api *oliveTinAPI) GetDiagnostics(ctx ctx.Context, req *connect.Request[apiv1.GetDiagnosticsRequest]) (*connect.Response[apiv1.GetDiagnosticsResponse], error) {
+	user := auth.UserFromApiCall(ctx, req, api.cfg)
+	if err := api.checkDashboardAccess(user); err != nil {
+		return nil, err
+	}
+	if !user.EffectivePolicy.ShowDiagnostics {
+		return nil, connect.NewError(connect.CodePermissionDenied, fmt.Errorf("diagnostics are not available for your account"))
+	}
 	res := &apiv1.GetDiagnosticsResponse{
 	res := &apiv1.GetDiagnosticsResponse{
 		SshFoundKey:    installationinfo.Runtime.SshFoundKey,
 		SshFoundKey:    installationinfo.Runtime.SshFoundKey,
 		SshFoundConfig: installationinfo.Runtime.SshFoundConfig,
 		SshFoundConfig: installationinfo.Runtime.SshFoundConfig,
 	}
 	}
-
 	return connect.NewResponse(res), nil
 	return connect.NewResponse(res), nil
 }
 }