Fix sessions authorized actions output (#1527)

5 years ago · 70cb75d030
parent 92809b733a
commit 70cb75d030
4 changed files with 9 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
  `managed-group` would not be accepted as specific `type` values in grant
  strings. Also, fix authorized actions not showing `credential-store` values in
  project scope output. ([PR](https://github.com/hashicorp/boundary/pull/1524))
+* actions: Fix `sessions` collection actions not being visible when reading a
+  scope ([PR](https://github.com/hashicorp/boundary/pull/1527))

 ## 0.6.0 (2021/09/03)

--- a/internal/servers/controller/handlers/scopes/scope_service.go
+++ b/internal/servers/controller/handlers/scopes/scope_service.go
@ -62,7 +62,6 @@ var (
 			resource.Group:      groups.CollectionActions,
 			resource.Role:       roles.CollectionActions,
 			resource.Scope:      CollectionActions,
-			resource.Session:    sessions.CollectionActions,
 			resource.User:       users.CollectionActions,
 		},

@ -72,7 +71,6 @@ var (
 			resource.Group:      groups.CollectionActions,
 			resource.Role:       roles.CollectionActions,
 			resource.Scope:      CollectionActions,
-			resource.Session:    sessions.CollectionActions,
 			resource.User:       users.CollectionActions,
 		},

@ -81,6 +79,7 @@ var (
 			resource.Group:           groups.CollectionActions,
 			resource.HostCatalog:     host_catalogs.CollectionActions,
 			resource.Role:            roles.CollectionActions,
+			resource.Session:         sessions.CollectionActions,
 			resource.Target:          targets.CollectionActions,
 		},
 	}
--- a/internal/servers/controller/handlers/scopes/scope_service_test.go
+++ b/internal/servers/controller/handlers/scopes/scope_service_test.go
@ -89,11 +89,6 @@ var globalAuthorizedCollectionActions = map[string]*structpb.ListValue{
 			structpb.NewStringValue("list"),
 		},
 	},
-	"sessions": {
-		Values: []*structpb.Value{
-			structpb.NewStringValue("list"),
-		},
-	},
 	"users": {
 		Values: []*structpb.Value{
 			structpb.NewStringValue("create"),
@ -132,11 +127,6 @@ var orgAuthorizedCollectionActions = map[string]*structpb.ListValue{
 			structpb.NewStringValue("list"),
 		},
 	},
-	"sessions": {
-		Values: []*structpb.Value{
-			structpb.NewStringValue("list"),
-		},
-	},
 	"users": {
 		Values: []*structpb.Value{
 			structpb.NewStringValue("create"),
@ -170,6 +160,11 @@ var projectAuthorizedCollectionActions = map[string]*structpb.ListValue{
 			structpb.NewStringValue("list"),
 		},
 	},
+	"sessions": {
+		Values: []*structpb.Value{
+			structpb.NewStringValue("list"),
+		},
+	},
 	"targets": {
 		Values: []*structpb.Value{
 			structpb.NewStringValue("create"),
--- a/internal/servers/controller/handlers/sessions/session_service.go
+++ b/internal/servers/controller/handlers/sessions/session_service.go
@ -220,7 +220,7 @@ func (s Service) CancelSession(ctx context.Context, req *pbs.CancelSessionReques
 	var outputFields perms.OutputFieldsMap
 	authorizedActions := authResults.FetchActionSetForId(ctx, ses.GetPublicId(), IdActions)

-	// Check to see if we need to verify Read vs. just ReadSelf
+	// Check to see if we need to verify Cancel vs. just CancelSelf
 	if ses.UserId != authResults.UserId {
 		if !authorizedActions.HasAction(action.Cancel) {
 			return nil, handlers.ForbiddenError()