Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions app/controlplane/pkg/authz/authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,11 @@ const (

// RoleGroupMaintainer is a role that can manage groups in an organization.
RoleGroupMaintainer Role = "role:group:maintainer"

// Product roles

RoleProductViewer Role = "role:product:viewer"
RoleProductAdmin Role = "role:product:admin"
)

// ManagedResources are the resources that are managed by Chainloop, considered during permissions sync
Expand Down Expand Up @@ -443,6 +448,8 @@ func (Role) Values() (roles []string) {
RoleProjectAdmin,
RoleProjectViewer,
RoleGroupMaintainer,
RoleProductAdmin,
RoleProductViewer,
} {
roles = append(roles, string(s))
}
Expand Down
2 changes: 2 additions & 0 deletions app/controlplane/pkg/authz/membership.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ const (

ResourceTypeOrganization ResourceType = "organization"
ResourceTypeProject ResourceType = "project"
ResourceTypeProduct ResourceType = "product"
ResourceTypeGroup ResourceType = "group"
)

Expand All @@ -46,6 +47,7 @@ func (ResourceType) Values() (values []string) {
string(ResourceTypeOrganization),
string(ResourceTypeProject),
string(ResourceTypeGroup),
string(ResourceTypeProduct),
)

return
Expand Down
5 changes: 3 additions & 2 deletions app/controlplane/pkg/biz/membership.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ type Membership struct {
MemberID uuid.UUID
ResourceType authz.ResourceType
ResourceID uuid.UUID
ParentID *uuid.UUID
}

// ListByOrgOpts are the options to filter memberships of an organization
Expand Down Expand Up @@ -74,7 +75,7 @@ type MembershipRepo interface {
// ListGroupMembershipsByUser returns all memberships of the users inherited from groups
ListGroupMembershipsByUser(ctx context.Context, userID uuid.UUID) ([]*Membership, error)
ListAllByResource(ctx context.Context, rt authz.ResourceType, id uuid.UUID) ([]*Membership, error)
AddResourceRole(ctx context.Context, orgID uuid.UUID, resourceType authz.ResourceType, resID uuid.UUID, mType authz.MembershipType, memberID uuid.UUID, role authz.Role) error
AddResourceRole(ctx context.Context, orgID uuid.UUID, resourceType authz.ResourceType, resID uuid.UUID, mType authz.MembershipType, memberID uuid.UUID, role authz.Role, parentID *uuid.UUID) error
}

type MembershipsRBAC interface {
Expand Down Expand Up @@ -409,7 +410,7 @@ func (uc *MembershipUseCase) SetProjectOwner(ctx context.Context, orgID, project
}
}

if err = uc.repo.AddResourceRole(ctx, orgID, authz.ResourceTypeProject, projectID, authz.MembershipTypeUser, userID, authz.RoleProjectAdmin); err != nil {
if err = uc.repo.AddResourceRole(ctx, orgID, authz.ResourceTypeProject, projectID, authz.MembershipTypeUser, userID, authz.RoleProjectAdmin, nil); err != nil {
return fmt.Errorf("failed to set project owner: %w", err)
}

Expand Down
32 changes: 32 additions & 0 deletions app/controlplane/pkg/data/ent/client.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

52 changes: 51 additions & 1 deletion app/controlplane/pkg/data/ent/membership.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

59 changes: 57 additions & 2 deletions app/controlplane/pkg/data/ent/membership/membership.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading