You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by da...@apache.org on 2018/07/06 16:55:25 UTC
[trafficcontrol] branch master updated: properly cast tenantID from
json to bigint for tenancy check in deliveryservice_request
This is an automated email from the ASF dual-hosted git repository.
dangogh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new c05a699 properly cast tenantID from json to bigint for tenancy check in deliveryservice_request
c05a699 is described below
commit c05a6992266a2c9aaeb5d2512aba2f3b0b1ed2ae
Author: Dylan Volz <Dy...@comcast.com>
AuthorDate: Fri Jul 6 10:25:01 2018 -0600
properly cast tenantID from json to bigint for tenancy check in deliveryservice_request
---
traffic_ops/traffic_ops_golang/cdn/domains.go | 4 +++-
traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go | 3 +++
traffic_ops/traffic_ops_golang/deliveryservice/request/requests.go | 2 +-
3 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/traffic_ops/traffic_ops_golang/cdn/domains.go b/traffic_ops/traffic_ops_golang/cdn/domains.go
index c3b6f27..db87a09 100644
--- a/traffic_ops/traffic_ops_golang/cdn/domains.go
+++ b/traffic_ops/traffic_ops_golang/cdn/domains.go
@@ -22,8 +22,10 @@ package cdn
import (
"fmt"
"net/http"
+
"github.com/apache/trafficcontrol/lib/go-tc/v13"
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
+
"github.com/jmoiron/sqlx"
)
@@ -34,7 +36,7 @@ func getDomainsList(tx *sqlx.Tx) ([]v13.Domain, error) {
domains := []v13.Domain{}
q := `SELECT p.id, p.name, p.description, domain_name FROM profile AS p
- JOIN cdn ON p.cdn = cdn.id WHERE p.name LIKE '` + RouterProfilePrefix + `%'`;
+ JOIN cdn ON p.cdn = cdn.id WHERE p.name LIKE '` + RouterProfilePrefix + `%'`
rows, err := tx.Query(q)
if err != nil {
diff --git a/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go b/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
index d5acc41..a20f1dd 100644
--- a/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
+++ b/traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
@@ -145,6 +145,9 @@ func FinishTxX(tx *sqlx.Tx, commit *bool) {
tx.Commit()
}
+// AddTenancyCheck takes a WHERE clause (can be ""), the associated queryValues (can be empty),
+// a tenantColumnName that should provide a bigint corresponding to the tenantID of the object being checked (this may require a CAST),
+// and an array of the tenantIDs the user has access to; it returns a where clause and associated queryValues including filtering based on tenancy.
func AddTenancyCheck(where string, queryValues map[string]interface{}, tenantColumnName string, tenantIDs []int) (string, map[string]interface{}) {
if where == "" {
where = BaseWhere + " " + tenantColumnName + " = ANY(CAST(:accessibleTenants AS bigint[]))"
diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/request/requests.go b/traffic_ops/traffic_ops_golang/deliveryservice/request/requests.go
index 85a1389..317a79e 100644
--- a/traffic_ops/traffic_ops_golang/deliveryservice/request/requests.go
+++ b/traffic_ops/traffic_ops_golang/deliveryservice/request/requests.go
@@ -113,7 +113,7 @@ func (req *TODeliveryServiceRequest) Read(parameters map[string]string) ([]inter
log.Errorln("received error querying for user's tenants: " + err.Error())
return nil, []error{tc.DBError}, tc.SystemError
}
- where, queryValues = dbhelpers.AddTenancyCheck(where, queryValues, "r.deliveryservice->>'tenantId", tenantIDs)
+ where, queryValues = dbhelpers.AddTenancyCheck(where, queryValues, "CAST(r.deliveryservice->>'tenantId' AS bigint)", tenantIDs)
}
query := selectDeliveryServiceRequestsQuery() + where + orderBy