From 3efd62314c928bf961b934d1b2ce7d2cfe8c07c9 Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Fri, 18 Jul 2025 12:06:43 +0200 Subject: [PATCH] apply api token permissions in middleware Signed-off-by: Jose I. Paris --- app/controlplane/pkg/authz/authz.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/app/controlplane/pkg/authz/authz.go b/app/controlplane/pkg/authz/authz.go index a62ad3cb3..1774ada17 100644 --- a/app/controlplane/pkg/authz/authz.go +++ b/app/controlplane/pkg/authz/authz.go @@ -410,10 +410,6 @@ var ServerOperationsMap = map[string][]*Policy{ // Projects: Check happen at service level - // Project API Token - "/controlplane.v1.ProjectService/APITokenCreate": {}, - "/controlplane.v1.ProjectService/APITokenList": {}, - "/controlplane.v1.ProjectService/APITokenRevoke": {}, // Project Memberships "/controlplane.v1.ProjectService/ListMembers": {}, "/controlplane.v1.ProjectService/AddMember": {}, @@ -422,9 +418,9 @@ var ServerOperationsMap = map[string][]*Policy{ "/controlplane.v1.ProjectService/ListPendingInvitations": {}, // API tokens RBAC are handled at the service level - "/controlplane.v1.APITokenService/List": {}, - "/controlplane.v1.APITokenService/Create": {}, - "/controlplane.v1.APITokenService/Revoke": {}, + "/controlplane.v1.APITokenService/List": {PolicyAPITokenList}, + "/controlplane.v1.APITokenService/Create": {PolicyAPITokenCreate}, + "/controlplane.v1.APITokenService/Revoke": {PolicyAPITokenRevoke}, } // Implements https://pkg.go.dev/entgo.io/ent/schema/field#EnumValues