Check namespace perms in CreateCampaignSpec/MoveCampaign (!12362) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge campaigns/check-namespace-permissions into campaign-spec-api-v1 Jul 21, 2020

Created by: mrnugget

(This is part #11675 and the new workflow)

Before this, every user could create a campaign spec in any org or user namespace. And the same was true for moveCampaign: a user could move a campaign into namespace they wanted.

This changes both implementations in the service layer to check for the permissions of the current user (saved in the ctx):

If it's a site admin, they can create/move things in any namespace.
If not and the target namespace is an org, we check for org membership.
If not and the target namespace is a user, we check that it's the same as the current user.

Check namespace perms in CreateCampaignSpec/MoveCampaign

Merge request reports