feat: org belonging enforcment - RK-19484 #110
Conversation
Signed-off-by: Gosha <[email protected]>
Signed-off-by: Gosha <[email protected]>
pkg/git_provider/github.go
Outdated
| } | ||
| } | ||
|
|
||
| if c.cfg.EnforceOrgBelonging && webhookPayload.OwnerID != c.cfg.OrgID { |
There was a problem hiding this comment.
What's the default here for the int64? Nil? 0? Check that they aren't the default
There was a problem hiding this comment.
in go var int64 is set to zero automatically ..
also user.GetID return 0 if not found
There was a problem hiding this comment.
and if the first one is false, the second not evaluated
There was a problem hiding this comment.
So if ownerid is 0 we don't want the enforcement to pass
There was a problem hiding this comment.
ohhh you mean webhookPayload.OwnerID...
we are getting it from the webhook payload.. and if it missing, then it could be passed..
what are your suggestions ?
There was a problem hiding this comment.
we can check something like
c.cfg.EnforceOrgBelonging && webhookPayload.OwnerID != 0 && webhookPayload.OwnerID != c.cfg.OrgID
There was a problem hiding this comment.
should be
c.cfg.EnforceOrgBelonging && (webhookPayload.OwnerID == 0 || webhookPayload.OwnerID != c.cfg.OrgID)
Cause if it's 0 and you need enforcement then you can't check enforcement validity and thus fail it.
Signed-off-by: Gosha <[email protected]>
Signed-off-by: GoshaDozoretz <[email protected]>
Signed-off-by: Gosha [email protected]
Pull Request
Description
This will give Piper the ability to enforce the organizational belonging of Git event sender/creator.
Checklist
Before submitting this pull request, please ensure that you have completed the following tasks: