update secret import create notif

update service token create notif
update imports/service token crud
2025-03-29 22:02:57 +00:00 · 2024-01-04 01:55:34 -05:00 · 2024-01-04 01:52:03 -05:00 · 2024-01-04 00:55:03 -05:00 · 2024-01-03 20:17:34 -05:00
5 changed files with 57 additions and 18 deletions
--- a/backend/src/controllers/v1/secretImpsController.ts
+++ b/backend/src/controllers/v1/secretImpsController.ts
@ -111,11 +111,17 @@ export const createSecretImp = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: new Types.ObjectId(workspaceId)
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Create,
      subject(ProjectPermissionSub.Secrets, { environment, secretPath: directory })
    );
+
+    ForbiddenError.from(permission).throwUnlessCan(
+      ProjectPermissionActions.Create,
+      subject(ProjectPermissionSub.Secrets, { environment: secretImport.environment, secretPath: secretImport.secretPath })
+    );
+
  }

  const folders = await Folder.findOne({
@ -323,7 +329,7 @@ export const updateSecretImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: importSecDoc.workspace
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Edit,
      subject(ProjectPermissionSub.Secrets, {
@ -331,6 +337,13 @@ export const updateSecretImport = async (req: Request, res: Response) => {
        secretPath
      })
    );
+
+    secretImports.forEach(({ environment, secretPath }) => {
+      ForbiddenError.from(permission).throwUnlessCan(
+        ProjectPermissionActions.Create,
+        subject(ProjectPermissionSub.Secrets, { environment, secretPath })
+      );
+    })
  }

  const orderBefore = importSecDoc.imports;
@ -453,7 +466,7 @@ export const deleteSecretImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: importSecDoc.workspace
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Delete,
      subject(ProjectPermissionSub.Secrets, {
@ -620,7 +633,7 @@ export const getAllSecretsFromImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: new Types.ObjectId(workspaceId)
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Read,
      subject(ProjectPermissionSub.Secrets, {
@ -677,7 +690,7 @@ export const getAllSecretsFromImport = async (req: Request, res: Response) => {
      authData: req.authData,
      workspaceId: importSecDoc.workspace
    });
-    
+
    ForbiddenError.from(permission).throwUnlessCan(
      ProjectPermissionActions.Read,
      subject(ProjectPermissionSub.Secrets, {
--- a/backend/src/controllers/v2/serviceTokenDataController.ts
+++ b/backend/src/controllers/v2/serviceTokenDataController.ts
@ -13,7 +13,7 @@ import {
  ProjectPermissionSub,
  getAuthDataProjectPermissions
 } from "../../ee/services/ProjectRoleService";
-import { ForbiddenError } from "@casl/ability";
+import { ForbiddenError, subject } from "@casl/ability";
 import { Types } from "mongoose";

 /**
@ -86,6 +86,14 @@ export const createServiceTokenData = async (req: Request, res: Response) => {
    ProjectPermissionSub.ServiceTokens
  );

+  scopes.forEach(({ environment, secretPath }) => {
+    ForbiddenError.from(permission).throwUnlessCan(
+      ProjectPermissionActions.Create,
+      subject(ProjectPermissionSub.Secrets, { environment, secretPath: secretPath })
+    );
+  })
+
+
  const secret = crypto.randomBytes(16).toString("hex");
  const secretHash = await bcrypt.hash(secret, await getSaltRounds());

--- a/cli/docker/alpine
+++ b/cli/docker/alpine
@ -5,5 +5,5 @@ RUN apk add --no-cache tini
 RUN apk update && apk upgrade --no-cache libcrypto3 libssl3


-COPY infisical /infisical
-ENTRYPOINT ["/sbin/tini", "--", "/infisical"]
+COPY infisical /bin/infisical
+ENTRYPOINT ["/sbin/tini", "--", "/bin/infisical"]
--- a/frontend/src/views/Project/MembersPage/components/ServiceTokenTab/components/ServiceTokenSection/AddServiceTokenModal.tsx
+++ b/frontend/src/views/Project/MembersPage/components/ServiceTokenTab/components/ServiceTokenSection/AddServiceTokenModal.tsx
@ -6,6 +6,7 @@ import { useTranslation } from "react-i18next";
 import { faCheck, faCopy, faPlus, faTrashCan } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { yupResolver } from "@hookform/resolvers/yup";
+import { AxiosError } from "axios";
 import * as yup from "yup";

 import { useNotificationContext } from "@app/components/context/Notifications/NotificationProvider";
@ -160,10 +161,18 @@ export const AddServiceTokenModal = ({ popUp, handlePopUpToggle }: Props) => {
      });
    } catch (err) {
      console.error(err);
-      createNotification({
-        text: "Failed to create a service token",
-        type: "error"
-      });
+      const axiosError = err as AxiosError
+      if (axiosError?.response?.status === 401) {
+        createNotification({
+          text: "You do not have access to the selected environment/path",
+          type: "error"
+        });
+      } else {
+        createNotification({
+          text: "Failed to create a service token",
+          type: "error"
+        });
+      }
    }
  };

--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateSecretImportForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateSecretImportForm.tsx
@ -1,5 +1,6 @@
 import { Controller, useForm } from "react-hook-form";
 import { zodResolver } from "@hookform/resolvers/zod";
+import { AxiosError } from "axios";
 import { z } from "zod";

 import { useNotificationContext } from "@app/components/context/Notifications/NotificationProvider";
@ -78,12 +79,20 @@ export const CreateSecretImportForm = ({
        type: "success",
        text: "Successfully linked"
      });
-    } catch (error) {
-      console.log(error);
-      createNotification({
-        type: "error",
-        text: "Failed to link secrets"
-      });
+    } catch (err) {
+      console.error(err);
+      const axiosError = err as AxiosError
+      if (axiosError?.response?.status === 401) {
+        createNotification({
+          text: "You do not have access to the selected environment/path",
+          type: "error"
+        });
+      } else {
+        createNotification({
+          type: "error",
+          text: "Failed to link secrets"
+        });
+      }
    }
  };
Author	SHA1	Message	Date
Maidul Islam	ba2a03897f	update secret import create notif	2024-01-04 01:55:34 -05:00
Maidul Islam	304f14c0ed	update service token create notif	2024-01-04 01:52:03 -05:00
Maidul Islam	51e5c25e16	update imports/service token crud	2024-01-04 00:55:03 -05:00
Maidul Islam	0f6490b1e7	move cli to bin folder	2024-01-03 20:17:34 -05:00