From 17f1ebafa6740b2907b860dfc5f795ad02bbdbf3 Mon Sep 17 00:00:00 2001
From: Alena Petraki <alena.petraki@gmail.com>
Date: Fri, 14 Apr 2023 10:53:03 +0300
Subject: [PATCH] =?UTF-8?q?Revert=20=D0=BB=D0=B8=D1=88=D0=BD=D0=B8=D1=85?=
 =?UTF-8?q?=20=D0=B8=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5=D0=BD=D0=B8=D0=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pkg/auth/client.go    |  4 +--
 pkg/auth/principal.go | 78 +++++++++++++++++++++----------------------
 pkg/auth/user.go      |  5 ++-
 3 files changed, 43 insertions(+), 44 deletions(-)

diff --git a/pkg/auth/client.go b/pkg/auth/client.go
index a758c7ab..cf63410f 100644
--- a/pkg/auth/client.go
+++ b/pkg/auth/client.go
@@ -143,7 +143,7 @@ func (c *ClientPrincipal) Client(ctx context.Context) (*clients.Client, error) {
 }
 
 func (c *ClientPrincipal) HasEnvironmentAccess(ctx context.Context, spaceID, envID string) bool {
-	return c.Role(ctx, spaceID).CanAccessEnvironment(WithSystem(ctx), c.environments, spaceID, envID)
+	return hasEnvironmentAccess(ctx, c.environments, c.Role(ctx, spaceID), envID)
 }
 
 func (c *ClientPrincipal) getRoleID(ctx context.Context, spaceID string) (string, bool) {
@@ -203,7 +203,7 @@ func (c *ClientPrincipal) Rules(ctx context.Context, spaceID, envID string) perm
 		return permission.PrivilegedRuleset{}
 	}
 
-	if role.CanAccessEnvironment(WithSystem(ctx), c.environments, spaceID, envID) {
+	if hasEnvironmentAccess(ctx, c.environments, role, envID) {
 		return role.Rules
 	}
 	return nil
diff --git a/pkg/auth/principal.go b/pkg/auth/principal.go
index e3160833..f2a3948f 100644
--- a/pkg/auth/principal.go
+++ b/pkg/auth/principal.go
@@ -45,42 +45,42 @@ type OrganizationAccessor interface {
 	Member(ctx context.Context) members.Role
 }
 
-//func hasEnvironmentAccess(ctx context.Context, envsrv environments.Environments, role *roles.Role, envID string) bool {
-//	if role == nil || role.SpaceID == "" || envID == "" {
-//		return false
-//	}
-//
-//	if role.AllowManagement {
-//		return true
-//	}
-//
-//	envs := role.Environments
-//
-//	// Р•СЃР»Рё СЏРІРЅРѕ РЅРµ СѓРєР°Р·Р°РЅС‹ РґРѕСЃС‚СѓРїРЅС‹Рµ РѕРєСЂСѓР¶РµРЅРёСЏ - РґРѕСЃС‚СѓРї РїРѕ СѓРјРѕР»С‡Р°РЅРёСЋ Рє РѕРєСЂСѓР¶РµРЅРёСЋ master
-//	if len(envs) == 0 {
-//		envs = []string{environments.DefaultEnvironment}
-//	}
-//
-//	for _, ce := range envs {
-//		if envID == ce || util.GlobMatch(envID, ce) {
-//			return true
-//		}
-//	}
-//
-//	e, err := envsrv.Get(WithSystem(ctx), role.SpaceID, envID)
-//	if err != nil || e == nil {
-//		return false
-//	}
-//
-//	aliases := append(e.Aliases, e.ID)
-//
-//	for _, ce := range envs {
-//		for _, al := range aliases {
-//			if al == ce || util.GlobMatch(al, ce) {
-//				return true
-//			}
-//		}
-//	}
-//
-//	return false
-//}
+func hasEnvironmentAccess(ctx context.Context, envsrv environments.Environments, role *roles.Role, envID string) bool {
+	if role == nil || role.SpaceID == "" || envID == "" {
+		return false
+	}
+
+	if role.AllowManagement {
+		return true
+	}
+
+	envs := role.Environments
+
+	// Р•СЃР»Рё СЏРІРЅРѕ РЅРµ СѓРєР°Р·Р°РЅС‹ РґРѕСЃС‚СѓРїРЅС‹Рµ РѕРєСЂСѓР¶РµРЅРёСЏ - РґРѕСЃС‚СѓРї РїРѕ СѓРјРѕР»С‡Р°РЅРёСЋ Рє РѕРєСЂСѓР¶РµРЅРёСЋ master
+	if len(envs) == 0 {
+		envs = []string{environments.DefaultEnvironment}
+	}
+
+	for _, ce := range envs {
+		if envID == ce || util.GlobMatch(envID, ce) {
+			return true
+		}
+	}
+
+	e, err := envsrv.Get(WithSystem(ctx), role.SpaceID, envID)
+	if err != nil || e == nil {
+		return false
+	}
+
+	aliases := append(e.Aliases, e.ID)
+
+	for _, ce := range envs {
+		for _, al := range aliases {
+			if al == ce || util.GlobMatch(al, ce) {
+				return true
+			}
+		}
+	}
+
+	return false
+}
diff --git a/pkg/auth/user.go b/pkg/auth/user.go
index d1dc2929..f34693bf 100644
--- a/pkg/auth/user.go
+++ b/pkg/auth/user.go
@@ -12,7 +12,6 @@ import (
 	"git.perx.ru/perxis/perxis-go/pkg/roles"
 	"git.perx.ru/perxis/perxis-go/pkg/spaces"
 	"git.perx.ru/perxis/perxis-go/pkg/users"
-	"git.perx.ru/perxis/perxis/services"
 )
 
 type UserPrincipal struct {
@@ -306,7 +305,7 @@ func (u *UserPrincipal) Rules(ctx context.Context, spaceID, envID string) permis
 		return nil
 	}
 
-	if !role.CanAccessEnvironment(WithSystem(ctx), u.environments, spaceID, envID) {
+	if !hasEnvironmentAccess(ctx, u.environments, role, envID) {
 		return nil
 	}
 
@@ -331,5 +330,5 @@ func User(ctx context.Context, p Principal) *users.User {
 }
 
 func (u *UserPrincipal) HasEnvironmentAccess(ctx context.Context, spaceID, env string) bool {
-	return u.Role(ctx, spaceID).CanAccessEnvironment(WithSystem(ctx), u.environments, spaceID, env)
+	return hasEnvironmentAccess(ctx, u.environments, u.Role(ctx, spaceID), env)
 }
-- 
GitLab