fix: dashboard endpoint (#876)

* fix: set ready-any for teammember settings

* fix: dashboard

* fix: remove teamAdmin and teamMember from reading platform settings

* fix: add correct tests for settings endpoint

Author: CasLubbers

src/api.authz.test.ts

@@ -1139,4 +1139,10 @@ describe('API authz tests', () => {
       await agent.post('/alpha/teams/team1/agents').send(agentData).expect(401)
     })
   })
+  test('team member cannot access settings', async () => {
+    await agent.get('/v1/settings').set('Authorization', `Bearer ${teamMemberToken}`).expect(403)
+  })
+  test('team admin cannot access settings', async () => {
+    await agent.get('/v1/settings').set('Authorization', `Bearer ${teamAdminToken}`).expect(403)
+  })
 })

src/api/v1/dashboard.ts

@@ -9,8 +9,8 @@ const debug = Debug('otomi:api:v1:dashboard')
  * Get dashboard information
  */
 export const getDashboard = (req: OpenApiRequestExt, res: Response): void => {
-  const { teamName } = req.query
-  debug(`getDashboard(${teamName})`)
-  const v = req.otomi.getDashboard(teamName as string)
+  const { teamId } = req.query
+  debug(`getDashboard(${teamId})`)
+  const v = req.otomi.getDashboard(teamId as string)
   res.json(v)
 }

src/openapi/settings.yaml

@@ -1,8 +1,6 @@
 Settings:
   x-acl:
     platformAdmin: [read-any, update-any]
-    teamAdmin: [read]
-    teamMember: [read]
   additionalProperties: false
   properties:
     alerts:

src/otomi-stack.ts

@@ -1278,13 +1278,13 @@ export default class OtomiStack {
     return internalRepoUrls
   }
 
-  getDashboard(teamName: string): Array<any> {
-    const codeRepos = teamName ? this.getTeamAplCodeRepos(teamName) : this.getAllCodeRepos()
-    const builds = teamName ? this.getTeamAplBuilds(teamName) : this.getAllBuilds()
-    const workloads = teamName ? this.getTeamAplWorkloads(teamName) : this.getAllWorkloads()
-    const services = teamName ? this.getTeamAplServices(teamName) : this.getAllServices()
-    const secrets = teamName ? this.getAplSealedSecrets(teamName) : this.getAllAplSealedSecrets()
-    const netpols = teamName ? this.getTeamAplNetpols(teamName) : this.getAllNetpols()
+  getDashboard(teamId: string): Array<any> {
+    const codeRepos = teamId ? this.getTeamAplCodeRepos(teamId) : this.getAllCodeRepos()
+    const builds = teamId ? this.getTeamAplBuilds(teamId) : this.getAllBuilds()
+    const workloads = teamId ? this.getTeamAplWorkloads(teamId) : this.getAllWorkloads()
+    const services = teamId ? this.getTeamAplServices(teamId) : this.getAllServices()
+    const secrets = teamId ? this.getAplSealedSecrets(teamId) : this.getAllAplSealedSecrets()
+    const netpols = teamId ? this.getTeamAplNetpols(teamId) : this.getAllNetpols()
 
     return [
       { name: 'code-repositories', count: codeRepos?.length },