Merge remote-tracking branch 'origin/main' into main-branch-sync

Author: Ash-exp

.github/workflows/auto-label.yml

@@ -4,7 +4,6 @@ on:
   issue_comment:
     types: [created]
 
-
 jobs:
   manage-labels:
     if: ${{ !github.event.issue.pull_request }}
@@ -16,40 +15,37 @@ jobs:
 
       - name: Parse and manage labels
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.ORG_MEMBERSHIP_SECRET }}
         run: |
           set -e
           set -x  # Enable debugging
 
-          # Extract comment on  body and issue number
+          # Extract comment body, issue number, and author
           COMMENT_BODY=$(jq -r '.comment.body' "$GITHUB_EVENT_PATH")
           ISSUE_NUMBER=$(jq -r '.issue.number // .pull_request.number' "$GITHUB_EVENT_PATH")
+          COMMENT_AUTHOR=$(jq -r '.comment.user.login' "$GITHUB_EVENT_PATH")
 
-          ORG_NAME="devtron-labs"
-
-          # checks if the person is authorized to add labels or not
-          ORG_MEMBERSHIP_STATUS=$(gh api "orgs/$ORG_NAME/members/$COMMENT_AUTHOR" --silent --exit-status)
+          ORG_NAME="satyam-tests"
 
+          # Check if the person is authorized to add labels
+          curl -s -H "Authorization: token $GH_TOKEN" "https://api.github.com/orgs/$ORG_NAME/members/$COMMENT_AUTHOR" > /dev/null
           if [[ $? -ne 0 ]]; then
             gh issue comment "$ISSUE_NUMBER" --body "Hi @$COMMENT_AUTHOR, you must be a member of the organization '$ORG_NAME' to add or remove labels."
-
             echo "User '$COMMENT_AUTHOR' is not a member of the organization '$ORG_NAME'. Exiting."
             exit 1
           fi
 
-          echo "User '$COMMENT_AUTHOR' is a verified member of the organization '$ORG_NAME'. Adding label"
-
+          echo "User '$COMMENT_AUTHOR' is a verified member of the organization '$ORG_NAME'. Proceeding with label management."
 
-          # Get the existing labels on the issue 
+          # Get the existing labels on the issue
           EXISTING_LABELS=$(gh issue view "$ISSUE_NUMBER" --json labels -q '.labels[].name')
 
-          # Add Label 
+          # Add Label Logic
           if [[ "$COMMENT_BODY" =~ ^/([^ ]+)$ ]]; then
             LABEL_NAME="${COMMENT_BODY:1}"
 
-            # check for already existing labels in reppo
+            # Check if the label exists in the repository
             if gh label list --json name -q '.[].name' | grep -q "^$LABEL_NAME$"; then
-              # Add the requested label, keeping existing ones intact
               gh issue edit "$ISSUE_NUMBER" --add-label "$LABEL_NAME"
               echo "Successfully added label '$LABEL_NAME' to issue #$ISSUE_NUMBER."
             else

api/bean/UserRequest.go

@@ -72,6 +72,19 @@ type RoleFilter struct {
 	Workflow  string `json:"workflow"`
 }
 
+func (rf RoleFilter) GetTeam() string        { return rf.Team }
+func (rf RoleFilter) GetEntity() string      { return rf.Entity }
+func (rf RoleFilter) GetAction() string      { return rf.Action }
+func (rf RoleFilter) GetAccessType() string  { return rf.AccessType }
+func (rf RoleFilter) GetEnvironment() string { return rf.Environment }
+func (rf RoleFilter) GetCluster() string     { return rf.Cluster }
+func (rf RoleFilter) GetGroup() string       { return rf.Group }
+func (rf RoleFilter) GetKind() string        { return rf.Kind }
+func (rf RoleFilter) GetEntityName() string  { return rf.EntityName }
+func (rf RoleFilter) GetResource() string    { return rf.Resource }
+func (rf RoleFilter) GetWorkflow() string    { return rf.Workflow }
+func (rf RoleFilter) GetNamespace() string   { return rf.Namespace }
+
 type Role struct {
 	Id   int    `json:"id" validate:"number"`
 	Role string `json:"role" validate:"required"`

pkg/auth/user/RoleGroupService.go

@@ -569,46 +569,11 @@ func (impl RoleGroupServiceImpl) getRoleGroupMetadata(roleGroup *repository.Role
 		impl.logger.Errorw("No Roles Found for user", "roleGroupId", roleGroup.Id)
 	}
 	var roleFilters []bean.RoleFilter
-	isSuperAdmin := false
-	roleFilterMap := make(map[string]*bean.RoleFilter)
-	for _, role := range roles {
-		key := impl.userCommonService.GetUniqueKeyForAllEntity(*role)
-		if _, ok := roleFilterMap[key]; ok {
-			impl.userCommonService.BuildRoleFilterForAllTypes(roleFilterMap, *role, key)
-		} else {
-			roleFilterMap[key] = &bean.RoleFilter{
-				Entity:      role.Entity,
-				Team:        role.Team,
-				Environment: role.Environment,
-				EntityName:  role.EntityName,
-				Action:      role.Action,
-				AccessType:  role.AccessType,
-				Cluster:     role.Cluster,
-				Namespace:   role.Namespace,
-				Group:       role.Group,
-				Kind:        role.Kind,
-				Resource:    role.Resource,
-				Workflow:    role.Workflow,
-			}
-		}
-		if role.Role == bean.SUPERADMIN {
-			isSuperAdmin = true
-		}
-	}
-	for _, v := range roleFilterMap {
-		if v.Action == bean2.SUPER_ADMIN {
-			continue
-		}
-		roleFilters = append(roleFilters, *v)
-	}
-	for index, roleFilter := range roleFilters {
-		if roleFilter.Entity == "" {
-			roleFilters[index].Entity = bean2.ENTITY_APPS
-		}
-		if roleFilter.Entity == bean2.ENTITY_APPS && roleFilter.AccessType == "" {
-			roleFilters[index].AccessType = bean2.DEVTRON_APP
-		}
-	}
+	isSuperAdmin := helper2.CheckIfSuperAdminFromRoles(roles)
+	// merging considering base as env  first
+	roleFilters = impl.userCommonService.BuildRoleFiltersAfterMerging(ConvertRolesToEntityProcessors(roles), bean2.EnvironmentBasedKey)
+	// merging role filters based on application now, first took env as base merged, now application as base , merged
+	roleFilters = impl.userCommonService.BuildRoleFiltersAfterMerging(ConvertRoleFiltersToEntityProcessors(roleFilters), bean2.ApplicationBasedKey)
 	if len(roleFilters) == 0 {
 		roleFilters = make([]bean.RoleFilter, 0)
 	}