From c3101cfefcb5d72970836fc6e6e10932f2f3f038 Mon Sep 17 00:00:00 2001
From: komalreddy3 <koukuntlakomalreddy3@gmail.com>
Date: Wed, 12 Jun 2024 16:00:42 +0530
Subject: [PATCH 1/3] fix: multiple namespaces permission group

---
 pkg/auth/user/UserCommonService.go | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/pkg/auth/user/UserCommonService.go b/pkg/auth/user/UserCommonService.go
index d466b5a082..641a5e7e12 100644
--- a/pkg/auth/user/UserCommonService.go
+++ b/pkg/auth/user/UserCommonService.go
@@ -572,13 +572,16 @@ func (impl UserCommonServiceImpl) CheckRbacForClusterEntity(cluster, namespace,
 		resourceObj = "*"
 	}
 
-	rbacResource := fmt.Sprintf("%s/%s/%s", strings.ToLower(cluster), strings.ToLower(namespaceObj), casbin.ResourceUser)
 	resourcesArray := strings.Split(resourceObj, ",")
-	for _, resourceVal := range resourcesArray {
-		rbacObject := fmt.Sprintf("%s/%s/%s", groupObj, kindObj, resourceVal)
-		allowed := managerAuth(rbacResource, token, rbacObject)
-		if !allowed {
-			return false
+	namespacesArray := strings.Split(namespaceObj, ",")
+	for _, namespaceObject := range namespacesArray {
+		rbacResource := fmt.Sprintf("%s/%s/%s", strings.ToLower(cluster), strings.ToLower(namespaceObject), casbin.ResourceUser)
+		for _, resourceVal := range resourcesArray {
+			rbacObject := fmt.Sprintf("%s/%s/%s", groupObj, kindObj, resourceVal)
+			allowed := managerAuth(rbacResource, token, rbacObject)
+			if !allowed {
+				return false
+			}
 		}
 	}
 	return true
@@ -690,8 +693,8 @@ func (impl UserCommonServiceImpl) GetUniqueKeyForAllEntity(role repository.RoleM
 		key = fmt.Sprintf("%s_%s_%s_%s", role.Team, role.Action, role.AccessType, role.Entity)
 	} else if len(role.Entity) > 0 {
 		if role.Entity == bean.CLUSTER_ENTITIY {
-			key = fmt.Sprintf("%s_%s_%s_%s_%s_%s", role.Entity, role.Action, role.Cluster,
-				role.Namespace, role.Group, role.Kind)
+			key = fmt.Sprintf("%s_%s_%s_%s_%s", role.Entity, role.Action, role.Cluster,
+				role.Group, role.Kind)
 		} else {
 			key = fmt.Sprintf("%s_%s", role.Entity, role.Action)
 		}

From 9c0a032ec858edf0ea11f83cffc3f99fabf48c97 Mon Sep 17 00:00:00 2001
From: komalreddy3 <koukuntlakomalreddy3@gmail.com>
Date: Wed, 12 Jun 2024 16:57:14 +0530
Subject: [PATCH 2/3] chore: rename namespaceObject to namespaceInArray to
 avoid misunderstanding two diff variables

---
 pkg/auth/user/UserCommonService.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/auth/user/UserCommonService.go b/pkg/auth/user/UserCommonService.go
index 641a5e7e12..c0ed2c3371 100644
--- a/pkg/auth/user/UserCommonService.go
+++ b/pkg/auth/user/UserCommonService.go
@@ -574,8 +574,8 @@ func (impl UserCommonServiceImpl) CheckRbacForClusterEntity(cluster, namespace,
 
 	resourcesArray := strings.Split(resourceObj, ",")
 	namespacesArray := strings.Split(namespaceObj, ",")
-	for _, namespaceObject := range namespacesArray {
-		rbacResource := fmt.Sprintf("%s/%s/%s", strings.ToLower(cluster), strings.ToLower(namespaceObject), casbin.ResourceUser)
+	for _, namespaceInArray := range namespacesArray {
+		rbacResource := fmt.Sprintf("%s/%s/%s", strings.ToLower(cluster), strings.ToLower(namespaceInArray), casbin.ResourceUser)
 		for _, resourceVal := range resourcesArray {
 			rbacObject := fmt.Sprintf("%s/%s/%s", groupObj, kindObj, resourceVal)
 			allowed := managerAuth(rbacResource, token, rbacObject)

From dc8a3591b52d239e6eeec01d14de6fc548fae0da Mon Sep 17 00:00:00 2001
From: komalreddy3 <koukuntlakomalreddy3@gmail.com>
Date: Fri, 14 Jun 2024 20:00:22 +0530
Subject: [PATCH 3/3] chore: main merge

---
 cmd/external-app/wire_gen.go | 2 +-
 go.mod                       | 2 +-
 wire_gen.go                  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/external-app/wire_gen.go b/cmd/external-app/wire_gen.go
index 3e303d78ad..fd4ea27c4d 100644
--- a/cmd/external-app/wire_gen.go
+++ b/cmd/external-app/wire_gen.go
@@ -1,6 +1,6 @@
 // Code generated by Wire. DO NOT EDIT.
 
-//go:generate go run github.com/google/wire/cmd/wire
+//go:generate go run -mod=mod github.com/google/wire/cmd/wire
 //go:build !wireinject
 // +build !wireinject
 
diff --git a/go.mod b/go.mod
index 422c39a10c..b512191f70 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/devtron-labs/devtron
 
 go 1.21
 
-//toolchain go1.21.8
+toolchain go1.21.8
 
 require (
 	github.com/Masterminds/semver v1.5.0
diff --git a/wire_gen.go b/wire_gen.go
index e3fab195a9..035f7d9a30 100644
--- a/wire_gen.go
+++ b/wire_gen.go
@@ -1,6 +1,6 @@
 // Code generated by Wire. DO NOT EDIT.
 
-//go:generate go run github.com/google/wire/cmd/wire
+//go:generate go run -mod=mod github.com/google/wire/cmd/wire
 //go:build !wireinject
 // +build !wireinject