Default environment can be selected per user

jmpsec · Jan 10, 2021 · a6e1281 · a6e1281
1 parent 1563020
commit a6e1281
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 20 deletions.
diff --git a/admin/handlers/post.go b/admin/handlers/post.go
@@ -40,7 +40,9 @@ func (h *HandlersAdmin) LoginPOSTHandler(w http.ResponseWriter, r *http.Request)
 	}
 	permissions, err := h.Users.ConvertPermissions(user.Permissions.RawMessage)
 	if err != nil {
-
+		adminErrorResponse(w, "error processing login", http.StatusInternalServerError, err)
+		h.Inc(metricAdminErr)
+		return
 	}
 	_, err = h.Sessions.Save(r, w, user, permissions)
 	if err != nil {
@@ -52,7 +54,7 @@ func (h *HandlersAdmin) LoginPOSTHandler(w http.ResponseWriter, r *http.Request)
 	if h.Settings.DebugService(settings.ServiceAdmin) {
 		log.Println("DebugService: Login response sent")
 	}
-	adminOKResponse(w, "OK")
+	adminOKResponse(w, "/environment/"+user.DefaultEnv+"/active")
 	h.Inc(metricAdminOK)
 }
 
@@ -1172,19 +1174,22 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 			h.Inc(metricAdminErr)
 			return
 		}
+		namesEnvs := []string{u.DefaultEnv}
+		access := users.EnvLevel
 		if u.Admin {
-			namesEnvs, err := h.Envs.Names()
+			access = users.AdminLevel
+			namesEnvs, err = h.Envs.Names()
 			if err != nil {
 				adminErrorResponse(w, "error getting environments user", http.StatusInternalServerError, err)
 				h.Inc(metricAdminErr)
 				return
 			}
-			perms := h.Users.GenPermissions(namesEnvs, u.Admin)
-			if err := h.Users.ChangePermissions(u.Username, perms); err != nil {
-				adminErrorResponse(w, "error changing permissions", http.StatusInternalServerError, err)
-				h.Inc(metricAdminErr)
-				return
-			}
+		}
+		perms := h.Users.GenPermissions(namesEnvs, access)
+		if err := h.Users.ChangePermissions(u.Username, perms); err != nil {
+			adminErrorResponse(w, "error changing permissions", http.StatusInternalServerError, err)
+			h.Inc(metricAdminErr)
+			return
 		}
 		if u.Token {
 			token, exp, err := h.Users.CreateToken(newUser.Username)
@@ -1256,7 +1261,7 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 					h.Inc(metricAdminErr)
 					return
 				}
-				perms := h.Users.GenPermissions(namesEnvs, u.Admin)
+				perms := h.Users.GenPermissions(namesEnvs, users.AdminLevel)
 				if err := h.Users.ChangePermissions(u.Username, perms); err != nil {
 					adminErrorResponse(w, "error changing permissions", http.StatusInternalServerError, err)
 					h.Inc(metricAdminErr)

diff --git a/admin/static/js/login.js b/admin/static/js/login.js
@@ -7,7 +7,9 @@ function sendLogin() {
       username: _user,
       password: _password
   };
-  sendPostRequest(data, _url, '/dashboard', false);
+  sendPostRequest(data, _url, '', false, function(_data){
+    window.location.replace(_data.message);
+  });
 }
 
 function sendLogout() {

diff --git a/admin/static/js/users.js b/admin/static/js/users.js
@@ -17,6 +17,7 @@ function confirmAddUser() {
   var _password = $("#user_password").val();
   var _admin = $("#user_admin").is(':checked');
   var _token = $("#user_token").is(':checked');
+  var _env = $("#default_env").val();
 
   var data = {
     csrftoken: _csrftoken,
@@ -26,7 +27,8 @@ function confirmAddUser() {
     fullname: _fullname,
     password: _password,
     admin: _admin,
-    token: _token
+    token: _token,
+    environment: _env
   };
   sendPostRequest(data, _url, _url, false);
 }

diff --git a/admin/templates/users.html b/admin/templates/users.html
@@ -151,10 +151,18 @@ <h4 class="modal-title">Add new user</h4>
                           <span class="switch-slider" data-checked="On" data-unchecked="Off"></span>
                         </label>
                       </div>
-                      <label class="col-md-2 col-form-label" for="default_env">Default Environment: </label>
-                      <div class="col-md-4">
-                        <input class="form-control" name="default_env" id="default_env" type="text" autocomplete="off">
+
+                      <label class="col-md-3 col-form-label" for="default_env">Default Environment: </label>
+                      <div class="col-md-3">
+                        <select class="form-control" style="width: 100%;" name="default_env" id="default_env">
+                          <option value=""></option>
+                        {{ range  $i, $e := $.Environments }}
+                          <option value="{{ $e.Name }}">{{ $e.Name }}</option>
+                        {{ end }}
+                        </select>
+                        <small class="text-muted">read access will be granted</small>
                       </div>
+
                     </div>
                   </div>
                   <div class="modal-footer">
@@ -338,6 +346,11 @@ <h4 class="modal-title">User Permissions</h4>
         // Enable all tooltips
         $('[data-tooltip="true"]').tooltip({trigger : 'hover'});
 
+        // Select2 initialization
+        $('#default_env').select2({
+          theme: "classic"
+        });
+
         // Clipboard.js initialization
         var clipboard_sh = new ClipboardJS('#button-clipboard-sh');
         clipboard_sh.on('success', function(e) {

diff --git a/cli/user.go b/cli/user.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/jmpsec/osctrl/users"
 	"github.com/olekukonko/tablewriter"
 	"github.com/urfave/cli"
 )
@@ -33,9 +34,24 @@ func addUser(c *cli.Context) error {
 	if err != nil {
 		return err
 	}
+	// Create user
 	if err := adminUsers.Create(user); err != nil {
 		return err
 	}
+	// Assign permissions to user
+	permEnv := []string{defaultEnv}
+	access := users.EnvLevel
+	if admin {
+		access = users.AdminLevel
+		permEnv, err = envs.Names()
+		if err != nil {
+			return err
+		}
+	}
+	perms := adminUsers.GenPermissions(permEnv, access)
+	if err := adminUsers.ChangePermissions(username, perms); err != nil {
+		return err
+	}
 	fmt.Printf("Created user %s successfully", username)
 	return nil
 }

diff --git a/users/permissions.go b/users/permissions.go
@@ -33,15 +33,15 @@ const (
 )
 
 // GenPermissions to generate the struct with empty permissions
-func (m *UserManager) GenPermissions(environments []string, level bool) UserPermissions {
+func (m *UserManager) GenPermissions(environments []string, level AccessLevel) UserPermissions {
 	envs := make(EnvPermissions)
 	for _, e := range environments {
-		envs[e] = level
+		envs[e] = true
 	}
 	perms := UserPermissions{
 		Environments: envs,
-		Query:        level,
-		Carve:        level,
+		Query:        (level == QueryLevel || level == AdminLevel),
+		Carve:        (level == CarveLevel || level == AdminLevel),
 	}
 	return perms
 }

diff --git a/users/users.go b/users/users.go
@@ -155,7 +155,8 @@ func (m *UserManager) New(username, password, email, fullname, defaultEnv string
 		if err != nil {
 			return AdminUser{}, err
 		}
-		permsRaw, err := json.Marshal(m.GenPermissions([]string{}, admin))
+		// Permissions are empty for an empty user
+		permsRaw, err := json.Marshal(m.GenPermissions([]string{}, EnvLevel))
 		if err != nil {
 			permsRaw = []byte("{}")
 		}