Merge branch 'develop' into further-refact-oss

Author: prakash100198

.github/workflows/auto-label.yml

@@ -4,7 +4,6 @@ on:
   issue_comment:
     types: [created]
 
-
 jobs:
   manage-labels:
     if: ${{ !github.event.issue.pull_request }}
@@ -16,40 +15,37 @@ jobs:
 
       - name: Parse and manage labels
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.ORG_MEMBERSHIP_SECRET }}
         run: |
           set -e
           set -x  # Enable debugging
 
-          # Extract comment on  body and issue number
+          # Extract comment body, issue number, and author
           COMMENT_BODY=$(jq -r '.comment.body' "$GITHUB_EVENT_PATH")
           ISSUE_NUMBER=$(jq -r '.issue.number // .pull_request.number' "$GITHUB_EVENT_PATH")
+          COMMENT_AUTHOR=$(jq -r '.comment.user.login' "$GITHUB_EVENT_PATH")
 
-          ORG_NAME="devtron-labs"
-
-          # checks if the person is authorized to add labels or not
-          ORG_MEMBERSHIP_STATUS=$(gh api "orgs/$ORG_NAME/members/$COMMENT_AUTHOR" --silent --exit-status)
+          ORG_NAME="satyam-tests"
 
+          # Check if the person is authorized to add labels
+          curl -s -H "Authorization: token $GH_TOKEN" "https://api.github.com/orgs/$ORG_NAME/members/$COMMENT_AUTHOR" > /dev/null
           if [[ $? -ne 0 ]]; then
             gh issue comment "$ISSUE_NUMBER" --body "Hi @$COMMENT_AUTHOR, you must be a member of the organization '$ORG_NAME' to add or remove labels."
-
             echo "User '$COMMENT_AUTHOR' is not a member of the organization '$ORG_NAME'. Exiting."
             exit 1
           fi
 
-          echo "User '$COMMENT_AUTHOR' is a verified member of the organization '$ORG_NAME'. Adding label"
-
+          echo "User '$COMMENT_AUTHOR' is a verified member of the organization '$ORG_NAME'. Proceeding with label management."
 
-          # Get the existing labels on the issue 
+          # Get the existing labels on the issue
           EXISTING_LABELS=$(gh issue view "$ISSUE_NUMBER" --json labels -q '.labels[].name')
 
-          # Add Label 
+          # Add Label Logic
           if [[ "$COMMENT_BODY" =~ ^/([^ ]+)$ ]]; then
             LABEL_NAME="${COMMENT_BODY:1}"
 
-            # check for already existing labels in reppo
+            # Check if the label exists in the repository
             if gh label list --json name -q '.[].name' | grep -q "^$LABEL_NAME$"; then
-              # Add the requested label, keeping existing ones intact
               gh issue edit "$ISSUE_NUMBER" --add-label "$LABEL_NAME"
               echo "Successfully added label '$LABEL_NAME' to issue #$ISSUE_NUMBER."
             else

api/bean/UserRequest.go

@@ -72,6 +72,19 @@ type RoleFilter struct {
 	Workflow  string `json:"workflow"`
 }
 
+func (rf RoleFilter) GetTeam() string        { return rf.Team }
+func (rf RoleFilter) GetEntity() string      { return rf.Entity }
+func (rf RoleFilter) GetAction() string      { return rf.Action }
+func (rf RoleFilter) GetAccessType() string  { return rf.AccessType }
+func (rf RoleFilter) GetEnvironment() string { return rf.Environment }
+func (rf RoleFilter) GetCluster() string     { return rf.Cluster }
+func (rf RoleFilter) GetGroup() string       { return rf.Group }
+func (rf RoleFilter) GetKind() string        { return rf.Kind }
+func (rf RoleFilter) GetEntityName() string  { return rf.EntityName }
+func (rf RoleFilter) GetResource() string    { return rf.Resource }
+func (rf RoleFilter) GetWorkflow() string    { return rf.Workflow }
+func (rf RoleFilter) GetNamespace() string   { return rf.Namespace }
+
 type Role struct {
 	Id   int    `json:"id" validate:"number"`
 	Role string `json:"role" validate:"required"`

go.mod

@@ -288,8 +288,8 @@ require gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.10 => github.com/devtron-labs/argo-workflows/v3 v3.5.10
-	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241204111351-2cfdc19725b5
-	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241204111351-2cfdc19725b5
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241213055820-d24bfa4efd0d
+	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241213055820-d24bfa4efd0d
 	github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127
 	github.com/googleapis/gnostic => github.com/googleapis/gnostic v0.5.5
 	k8s.io/api => k8s.io/api v0.29.7

go.sum

@@ -792,10 +792,10 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.10 h1:6rxQOesOzDz6SgQCMDQNHaehsKFW3C7U8CZeEek5kgQ=
 github.com/devtron-labs/argo-workflows/v3 v3.5.10/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241204111351-2cfdc19725b5 h1:MQd6j54syvrqgJzX6hI3Eu1VIdVw1LoSlznaFeFGTEU=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241204111351-2cfdc19725b5/go.mod h1:vFJ3M7akwAWCtugDXRW+5Q9P+cp0RiH+K/D5FBbb/JA=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241204111351-2cfdc19725b5 h1:lryYTbjOobld0xEwd8K/dpiw1TE4/r2XQYPyvWx2O4s=
-github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241204111351-2cfdc19725b5/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241213055820-d24bfa4efd0d h1:C5ajcYJiD4zuGDpIYRSfn7IbYdU0lLFJtlDIS4DBLKk=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20241213055820-d24bfa4efd0d/go.mod h1:vFJ3M7akwAWCtugDXRW+5Q9P+cp0RiH+K/D5FBbb/JA=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241213055820-d24bfa4efd0d h1:lrpJrtCPBfHlZC6E+seCqcGGokq7PtoQuYs7O9+umeA=
+github.com/devtron-labs/devtron-services/common-lib v0.0.0-20241213055820-d24bfa4efd0d/go.mod h1:NJSMdv+zTUK3p7rML12RZSeAUKHeLaoY3sR/oK0xhwo=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta/go.mod h1:GnuiCesvh8xyHeMCb+twm8lBR/kQzJYSKL28ZfObp1Y=
 github.com/devtron-labs/protos v0.0.3-0.20240802105333-92ee9bb85d80 h1:xwbTeijNTf4/j1v+tSfwVqwLVnReas/NqEKeQHvSTys=

pkg/auth/user/RoleGroupService.go

@@ -569,46 +569,11 @@ func (impl RoleGroupServiceImpl) getRoleGroupMetadata(roleGroup *repository.Role
 		impl.logger.Errorw("No Roles Found for user", "roleGroupId", roleGroup.Id)
 	}
 	var roleFilters []bean.RoleFilter
-	isSuperAdmin := false
-	roleFilterMap := make(map[string]*bean.RoleFilter)
-	for _, role := range roles {
-		key := impl.userCommonService.GetUniqueKeyForAllEntity(*role)
-		if _, ok := roleFilterMap[key]; ok {
-			impl.userCommonService.BuildRoleFilterForAllTypes(roleFilterMap, *role, key)
-		} else {
-			roleFilterMap[key] = &bean.RoleFilter{
-				Entity:      role.Entity,
-				Team:        role.Team,
-				Environment: role.Environment,
-				EntityName:  role.EntityName,
-				Action:      role.Action,
-				AccessType:  role.AccessType,
-				Cluster:     role.Cluster,
-				Namespace:   role.Namespace,
-				Group:       role.Group,
-				Kind:        role.Kind,
-				Resource:    role.Resource,
-				Workflow:    role.Workflow,
-			}
-		}
-		if role.Role == bean.SUPERADMIN {
-			isSuperAdmin = true
-		}
-	}
-	for _, v := range roleFilterMap {
-		if v.Action == bean2.SUPER_ADMIN {
-			continue
-		}
-		roleFilters = append(roleFilters, *v)
-	}
-	for index, roleFilter := range roleFilters {
-		if roleFilter.Entity == "" {
-			roleFilters[index].Entity = bean2.ENTITY_APPS
-		}
-		if roleFilter.Entity == bean2.ENTITY_APPS && roleFilter.AccessType == "" {
-			roleFilters[index].AccessType = bean2.DEVTRON_APP
-		}
-	}
+	isSuperAdmin := helper2.CheckIfSuperAdminFromRoles(roles)
+	// merging considering base as env  first
+	roleFilters = impl.userCommonService.BuildRoleFiltersAfterMerging(ConvertRolesToEntityProcessors(roles), bean2.EnvironmentBasedKey)
+	// merging role filters based on application now, first took env as base merged, now application as base , merged
+	roleFilters = impl.userCommonService.BuildRoleFiltersAfterMerging(ConvertRoleFiltersToEntityProcessors(roleFilters), bean2.ApplicationBasedKey)
 	if len(roleFilters) == 0 {
 		roleFilters = make([]bean.RoleFilter, 0)
 	}