Skip to content

IAM | Remove Unneeded system_store Calls - Part 2 #9335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shirady merged 1 commit into from
Dec 9, 2025
+8 −34
Merged

IAM | Remove Unneeded system_store Calls - Part 2 #9335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 6 additions & 32 deletions src/server/system_services/account_server.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1227,13 +1227,12 @@ async function get_user(req) {
async function update_user(req) {

const action = IAM_ACTIONS.UPDATE_USER;
const requesting_account = system_store.get_account_by_email(req.account.email);
const requesting_account = req.account;
const old_account_email_wrapped = account_util.get_account_email_from_username(
req.rpc_params.username, requesting_account._id.toString());
account_util._check_if_requesting_account_is_root_account(action, requesting_account,
{ username: req.rpc_params.username, iam_path: req.rpc_params.new_iam_path });
account_util._check_if_account_exists(action, old_account_email_wrapped, req.rpc_params.username);
const requested_account = system_store.get_account_by_email(old_account_email_wrapped);
const requested_account = account_util._check_if_account_exists(action, old_account_email_wrapped, req.rpc_params.username);
let iam_path = requested_account.iam_path;
let user_name = req.rpc_params.username;
// Change to complete user name
Expand Down Expand Up @@ -1279,8 +1278,7 @@ async function delete_user(req) {
const requesting_account = req.account;
const account_email_wrapped = account_util.get_account_email_from_username(req.rpc_params.username, requesting_account._id.toString());
account_util._check_if_requesting_account_is_root_account(action, requesting_account, { username: req.rpc_params.username });
account_util._check_if_account_exists(action, account_email_wrapped, req.rpc_params.username);
const requested_account = system_store.get_account_by_email(account_email_wrapped);
const requested_account = account_util._check_if_account_exists(action, account_email_wrapped, req.rpc_params.username);
account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
account_util._check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account);
account_util._check_if_user_does_not_have_resources_before_deletion(action, requested_account);
Expand Down Expand Up @@ -1433,15 +1431,7 @@ async function delete_access_key(req) {
async function tag_user(req) {
const action = IAM_ACTIONS.TAG_USER;
const requesting_account = req.account;
const account_email_wrapped = account_util.get_account_email_from_username(req.rpc_params.username, requesting_account._id.toString());

account_util._check_if_requesting_account_is_root_account(action, requesting_account, { username: req.rpc_params.username });
account_util._check_if_account_exists(action, account_email_wrapped, req.rpc_params.username);

const requested_account = system_store.get_account_by_email(account_email_wrapped);
account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
account_util._check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account);

const requested_account = account_util.validate_and_return_requested_account(req.rpc_params, action, requesting_account);
const existing_tags = requested_account.tagging || [];

const tags_map = new Map();
Expand Down Expand Up @@ -1475,15 +1465,7 @@ async function tag_user(req) {
async function untag_user(req) {
const action = IAM_ACTIONS.UNTAG_USER;
const requesting_account = req.account;
const account_email_wrapped = account_util.get_account_email_from_username(req.rpc_params.username, requesting_account._id.toString());

account_util._check_if_requesting_account_is_root_account(action, requesting_account, { username: req.rpc_params.username });
account_util._check_if_account_exists(action, account_email_wrapped, req.rpc_params.username);

const requested_account = system_store.get_account_by_email(account_email_wrapped);
account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
account_util._check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account);

const requested_account = account_util.validate_and_return_requested_account(req.rpc_params, action, requesting_account);
const existing_tags = requested_account.tagging || [];

const tag_keys_set = new Set(req.rpc_params.tag_keys);
Expand All @@ -1504,15 +1486,7 @@ async function untag_user(req) {
async function list_user_tags(req) {
const action = IAM_ACTIONS.LIST_USER_TAGS;
const requesting_account = req.account;
const account_email_wrapped = account_util.get_account_email_from_username(req.rpc_params.username, requesting_account._id.toString());

account_util._check_if_requesting_account_is_root_account(action, requesting_account, { username: req.rpc_params.username });
account_util._check_if_account_exists(action, account_email_wrapped, req.rpc_params.username);

const requested_account = system_store.get_account_by_email(account_email_wrapped);
account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
account_util._check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account);

const requested_account = account_util.validate_and_return_requested_account(req.rpc_params, action, requesting_account);
// TODO: Pagination not supported - currently returns all tags, ignoring marker and max_items params
const tags = account_util.get_sorted_list_tags_for_user(requested_account.tagging);
dbg.log1('AccountSpaceNB.list_user_tags: returning', tags, 'tags for user', req.rpc_params.username);
Expand Down
4 changes: 2 additions & 2 deletions src/util/account_util.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,7 @@ function _check_if_account_exists(action, email_wrapped, username) {
const message_with_details = `The user with name ${username} cannot be found.`;
throw new RpcError('NO_SUCH_ENTITY', message_with_details);
}
return account;
}

function _check_root_account_owns_user(root_account, user_account) {
Expand Down Expand Up @@ -738,8 +739,7 @@ function validate_and_return_requested_account(params, action, requesting_accoun
} else {
_check_if_requesting_account_is_root_account(action, requesting_account, { username: params.username });
const account_email = get_account_email_from_username(params.username, requesting_account._id.toString());
_check_if_account_exists(action, account_email, params.username);
requested_account = system_store.get_account_by_email(account_email);
requested_account = _check_if_account_exists(action, account_email, params.username);
_check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
_check_if_requested_is_owned_by_root_account(action, requesting_account, requested_account);
}
Expand Down