Return all relevant perms on login

If the requesting user was in a group specified in the eauth config, then the return would only have the permissions allowed by their group memberships, even if there were specific permissions for that user or permissions for '*'. A user without any group permissions, but with user-specific permissions would also not get permissions for '*'. Now, the return should contain all relevant permissions for the requesting user.
2025-04-17 10:10:20 +00:00 · 2015-08-06 00:23:09 -07:00 · 2015-08-06 00:23:09 -07:00 · 0d2c6a67a5
commit 0d2c6a67a5
parent 19c42b8b3a
1 changed files with 5 additions and 6 deletions
--- a/salt/netapi/rest_cherrypy/app.py
+++ b/salt/netapi/rest_cherrypy/app.py
@ -1432,19 +1432,18 @@ class Login(LowDataAdapter):
        try:
            eauth = self.opts.get('external_auth', {}).get(token['eauth'], {})

+            # Get sum of '*' perms, user-specific perms, and group-specific perms
+            perms = eauth.get(token['name'], [])
+            perms.extend(eauth.get('*', []))
+
            if 'groups' in token:
                user_groups = set(token['groups'])
                eauth_groups = set([i.rstrip('%') for i in eauth.keys() if i.endswith('%')])

-                perms = []
                for group in user_groups & eauth_groups:
                    perms.extend(eauth['{0}%'.format(group)])

-                perms = perms or None
-            else:
-                perms = eauth.get(token['name'], eauth.get('*'))
-
-            if perms is None:
+            if not perms:
                raise ValueError("Eauth permission list not found.")
        except (AttributeError, IndexError, KeyError, ValueError):
            logger.debug("Configuration for external_auth malformed for "