From 99f02f3745d7e9a88c144b3f2cba000e153bfd07 Mon Sep 17 00:00:00 2001
From: Sean Kao <seankao@amazon.com>
Date: Fri, 26 Apr 2024 09:05:11 -0700
Subject: [PATCH] tenancy access control (#992)

* Check user name for private tenant access control

Signed-off-by: Sean Kao <seankao@amazon.com>

* fix broken link

Signed-off-by: Sean Kao <seankao@amazon.com>

---------

Signed-off-by: Sean Kao <seankao@amazon.com>
---
 README.md                                                      | 2 +-
 .../opensearch/reportsscheduler/security/UserAccessManager.kt  | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 684716a7..9913eaa9 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ OpenSearch Dashboards Reports allows ‘Report Owner’ (engineers, including bu
 [reports-scheduler-it-badge]: https://img.shields.io/badge/Reports%20Scheduler%20IT%20tests-in%20progress-yellow
 [reports-scheduler-it-link]: https://github.com/opensearch-project/opensearch-build/issues/1124
 [reports-scheduler-it-code-badge]: https://img.shields.io/badge/Reports%20Scheduler%20code-blue
-[reports-scheduler-it-code-link]: https://github.com/opensearch-project/dashboards-reports/blob/main/reports-scheduler/src/test/kotlin/org/opensearch/reportsscheduler/ReportsSchedulerPluginIT.kt
+[reports-scheduler-it-code-link]: https://github.com/opensearch-project/reporting/blob/main/src/test/kotlin/org/opensearch/integTest/ReportsSchedulerPluginIT.kt
 [bwc-tests-badge]: https://img.shields.io/badge/BWC%20tests-in%20progress-yellow
 [bwc-tests-link]: https://github.com/opensearch-project/dashboards-reports/pull/244/files
 [good-first-badge]: https://img.shields.io/github/issues/opensearch-project/dashboards-reports/good%20first%20issue.svg
diff --git a/src/main/kotlin/org/opensearch/reportsscheduler/security/UserAccessManager.kt b/src/main/kotlin/org/opensearch/reportsscheduler/security/UserAccessManager.kt
index 9f25831f..c2f24534 100644
--- a/src/main/kotlin/org/opensearch/reportsscheduler/security/UserAccessManager.kt
+++ b/src/main/kotlin/org/opensearch/reportsscheduler/security/UserAccessManager.kt
@@ -118,6 +118,9 @@ internal object UserAccessManager {
         if (getUserTenant(user) != tenant) {
             return false
         }
+        if (isUserPrivateTenant(user)) {
+            return access.contains("$USER_TAG${user.name}")
+        }
         return if (PluginSettings.isRbacEnabled()) {
             user.backendRoles.map { "$BACKEND_ROLE_TAG$it" }.any { it in access }
         } else {