update imports/service token crud

move cli to bin folder
2025-03-29 22:02:57 +00:00 · 2024-01-04 00:55:03 -05:00 · 2024-01-03 20:17:34 -05:00
3 changed files with 29 additions and 8 deletions
--- a/backend/src/controllers/v1/secretImpsController.ts
+++ b/backend/src/controllers/v1/secretImpsController.ts
@ -111,11 +111,17 @@ export const createSecretImp = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: new Types.ObjectId(workspaceId)
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Create,
      subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
    );
+
+    ForbiddenError.from(permission).throwUnlessCan(
+      ProjectPermissionActions.Create,
+      subject(ProjectPermissionSub.Secrets, { environment: secretImport.environment, secretPath: secretImport.secretPath })
+    );
+
  }

  const folders = await Folder.findOne({
@ -323,7 +329,7 @@ export const updateSecretImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: importSecDoc.workspace
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Edit,
      subject(ProjectPermissionSub.Secrets, {
@ -331,6 +337,13 @@ export const updateSecretImport = async (req: Request, res: Response) => {
        secretPath
      })
    );
+
+    secretImports.forEach(({ environment, secretPath }) => {
+      ForbiddenError.from(permission).throwUnlessCan(
+        ProjectPermissionActions.Create,
+        subject(ProjectPermissionSub.Secrets, { environment, secretPath })
+      );
+    })
  }

  const orderBefore = importSecDoc.imports;
@ -453,7 +466,7 @@ export const deleteSecretImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: importSecDoc.workspace
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Delete,
      subject(ProjectPermissionSub.Secrets, {
@ -620,7 +633,7 @@ export const getAllSecretsFromImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: new Types.ObjectId(workspaceId)
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Read,
      subject(ProjectPermissionSub.Secrets, {
@ -677,7 +690,7 @@ export const getAllSecretsFromImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: importSecDoc.workspace
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Read,
      subject(ProjectPermissionSub.Secrets, {
--- a/backend/src/controllers/v2/serviceTokenDataController.ts
+++ b/backend/src/controllers/v2/serviceTokenDataController.ts
@ -13,7 +13,7 @@ import {
  ProjectPermissionSub,
  getAuthDataProjectPermissions
 } from "../../ee/services/ProjectRoleService";
-import { ForbiddenError } from "@casl/ability";
+import { ForbiddenError, subject } from "@casl/ability";
 import { Types } from "mongoose";

 /**
@ -86,6 +86,14 @@ export const createServiceTokenData = async (req: Request, res: Response) => {
    ProjectPermissionSub.ServiceTokens
  );

+  scopes.forEach(({ environment, secretPath }) => {
+    ForbiddenError.from(permission).throwUnlessCan(
+      ProjectPermissionActions.Create,
+      subject(ProjectPermissionSub.Secrets, { environment, secretPath: secretPath })
+    );
+  })
+
+
  const secret = crypto.randomBytes(16).toString("hex");
  const secretHash = await bcrypt.hash(secret, await getSaltRounds());

--- a/cli/docker/alpine
+++ b/cli/docker/alpine
@ -5,5 +5,5 @@ RUN apk add --no-cache tini
 RUN apk update && apk upgrade --no-cache libcrypto3 libssl3


-COPY infisical /infisical
-ENTRYPOINT ["/sbin/tini", "--", "/infisical"]
+COPY infisical /bin/infisical
+ENTRYPOINT ["/sbin/tini", "--", "/bin/infisical"]
Author	SHA1	Message	Date
Maidul Islam	51e5c25e16	update imports/service token crud	2024-01-04 00:55:03 -05:00
Maidul Islam	0f6490b1e7	move cli to bin folder	2024-01-03 20:17:34 -05:00