Merge pull request #94 from iandyh/revert

Revert "Merge pull request #88 from iandyh/ownership"
rakutentech · Oct 16, 2023 · 91f0542 · 91f0542
2 parents 1b4b5ff + f1ff888
commit 91f0542
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 40 deletions.
diff --git a/shibuya/api/main.go b/shibuya/api/main.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io"
+	"io/ioutil"
 	"net/http"
 	"strconv"
 	"time"
@@ -492,7 +492,7 @@ func (s *ShibuyaAPI) collectionDeleteHandler(w http.ResponseWriter, r *http.Requ
 }
 
 func (s *ShibuyaAPI) collectionGetHandler(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-	collection, err := checkCollectionOwnership(r, params)
+	collection, err := getCollection(params.ByName("collection_id"))
 	if err != nil {
 		s.handleErrors(w, err)
 		return
@@ -538,7 +538,7 @@ func (s *ShibuyaAPI) collectionUploadHandler(w http.ResponseWriter, r *http.Requ
 		s.handleErrors(w, makeInvalidResourceError("file"))
 		return
 	}
-	raw, err := io.ReadAll(file)
+	raw, err := ioutil.ReadAll(file)
 	if err != nil {
 		s.handleErrors(w, makeInvalidRequestError("invalid file"))
 		return
@@ -657,7 +657,7 @@ func (s *ShibuyaAPI) collectionDeploymentHandler(w http.ResponseWriter, r *http.
 }
 
 func (s *ShibuyaAPI) collectionTriggerHandler(w http.ResponseWriter, r *http.Request, params httprouter.Params) {
-	collection, err := checkCollectionOwnership(r, params)
+	collection, err := getCollection(params.ByName("collection_id"))
 	if err != nil {
 		s.handleErrors(w, err)
 		return

diff --git a/shibuya/api/utils.go b/shibuya/api/utils.go
@@ -3,9 +3,6 @@ package api
 import (
 	"net/http"
 	"strings"
-
-	"github.com/julienschmidt/httprouter"
-	"github.com/rakutentech/shibuya/shibuya/model"
 )
 
 func retrieveClientIP(r *http.Request) string {
@@ -15,24 +12,3 @@ func retrieveClientIP(r *http.Request) string {
 	}
 	return strings.Split(t, ",")[0]
 }
-
-func checkCollectionOwnership(r *http.Request, params httprouter.Params) (*model.Collection, error) {
-	account := model.GetAccountBySession(r)
-	if account == nil {
-		return nil, makeLoginError()
-	}
-	collection, err := getCollection(params.ByName("collection_id"))
-	if err != nil {
-		return nil, err
-	}
-	project, err := model.GetProject(collection.ProjectID)
-	if err != nil {
-		return nil, err
-	}
-	if _, ok := account.MLMap[project.Owner]; !ok {
-		if !account.IsAdmin() {
-			return nil, makeNoPermissionErr("")
-		}
-	}
-	return collection, nil
-}
diff --git a/shibuya/model/user.go b/shibuya/model/user.go
@@ -39,14 +39,3 @@ func GetAccountBySession(r *http.Request) *Account {
 	}
 	return a
 }
-
-func (a *Account) IsAdmin() bool {
-	for _, ml := range a.ML {
-		for _, admin := range config.SC.AuthConfig.AdminUsers {
-			if ml == admin {
-				return true
-			}
-		}
-	}
-	return false
-}
diff --git a/shibuya/ui/handler.go b/shibuya/ui/handler.go
@@ -45,7 +45,16 @@ func (u *UI) homeHandler(w http.ResponseWriter, r *http.Request, params httprout
 		http.Redirect(w, r, "/login", http.StatusSeeOther)
 		return
 	}
-	IsAdmin := account.IsAdmin()
+	IsAdmin := false
+outer:
+	for _, ml := range account.ML {
+		for _, admin := range config.SC.AuthConfig.AdminUsers {
+			if ml == admin {
+				IsAdmin = true
+				break outer
+			}
+		}
+	}
 	enableSid := config.SC.EnableSid
 	resultDashboardURL := config.SC.DashboardConfig.Url + config.SC.DashboardConfig.RunDashboard
 	engineHealthDashboardURL := config.SC.DashboardConfig.Url + config.SC.DashboardConfig.EnginesDashboard