fix: add rbac error check to rest of cmx api calls#700
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
mikhailswift
force-pushed
the
mikhail/add-missing-rbac-checks
branch
from
cb34d34 to
380a948
Compare
mikhailswift
force-pushed
the
mikhail/add-missing-rbac-checks
branch
from
380a948 to
aeb8d56
Compare
mikhailswift
force-pushed
the
mikhail/add-missing-rbac-checks
branch
from
f26a71f to
932fbb1
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 932fbb1. Configure here.
| func isRBACDeniedError(err error) bool { | ||
| message := strings.TrimSpace(strings.ToLower(err.Error())) | ||
| return strings.Contains(message, "access to ") && strings.HasSuffix(message, " is denied") | ||
| } |
There was a problem hiding this comment.
Duplicated RBAC error handling across 21 call sites
Medium Severity
The identical 3-line block — if isRBACDeniedError(err) { return …, errors.New(err.Error()) } followed by return …, ErrCompatibilityMatrixTermsNotAccepted — is copy-pasted across 21 call sites. A single helper (e.g. func forbiddenToError(err error) error) that encapsulates the RBAC-vs-terms check would eliminate the duplication. This matters because the network files (network_create.go, network_ls.go, network_rm.go, network_update.go, network_report.go) were already missed in this PR, demonstrating the maintenance risk of the repeated pattern.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 932fbb1. Configure here.
2 participants
No description provided.