Add RBAC to action-alias help api.

Author: nzlosh

st2api/st2api/controllers/v1/actionalias.py

@@ -20,6 +20,7 @@
 from st2common import log as logging
 from st2common.exceptions.actionalias import ActionAliasAmbiguityException
 from st2common.exceptions.apivalidation import ValueValidationException
+from st2common.exceptions.rbac import ResourceTypeAccessDeniedError
 from st2common.models.api.action import ActionAliasAPI
 from st2common.persistence.actionalias import ActionAlias
 from st2common.rbac.types import PermissionType
@@ -106,9 +107,27 @@ def help(self, filter, pack, limit, offset, **kwargs):
         Handles requests:
             GET /actionalias/help
         """
+        requester_user = kwargs.get("requester_user")
+
+        permission_type = PermissionType.ACTION_ALIAS_HELP
+        rbac_utils = get_rbac_backend().get_utils_class()
+
         try:
             aliases_resp = super(ActionAliasController, self)._get_all(**kwargs)
-            aliases = [ActionAliasAPI(**alias) for alias in aliases_resp.json]
+            aliases = []
+            for alias in aliases_resp.json:
+                try:
+                    rbac_utils.assert_user_has_permission(
+                        user_db=requester_user,
+                        permission_type=permission_type,
+                    )
+                    aliases.append(ActionAliasAPI(**alias))
+                except ResourceTypeAccessDeniedError as exception:
+                    # Permission denied, don't include in output.
+                    pass
+                except Exception as exception:
+                    LOG.exception(f"Error processing action-alias.")
+
             return generate_helpstring_result(
                 aliases, filter, pack, int(limit), int(offset)
             )

st2common/st2common/openapi.yaml

@@ -806,6 +806,11 @@ paths:
           description: Object containing the format to be matched.
           schema:
             $ref: '#/definitions/ActionAliasMatchRequest'
+      x-parameters:
+        - name: user
+          in: context
+          x-as: requester_user
+          description: User performing the operation.
       responses:
         '200':
           description: Action alias match pattern
@@ -840,6 +845,11 @@ paths:
           description: Number of actions alias to offset
           type: integer
           default: 0
+      x-parameters:
+        - name: user
+          in: context
+          x-as: requester_user
+          description: User performing the operation.
       responses:
         '200':
           description: Action alias match pattern

st2common/st2common/openapi.yaml.j2

@@ -802,6 +802,11 @@ paths:
           description: Object containing the format to be matched.
           schema:
             $ref: '#/definitions/ActionAliasMatchRequest'
+      x-parameters:
+        - name: user
+          in: context
+          x-as: requester_user
+          description: User performing the operation.
       responses:
         '200':
           description: Action alias match pattern
@@ -836,6 +841,11 @@ paths:
           description: Number of actions alias to offset
           type: integer
           default: 0
+      x-parameters:
+        - name: user
+          in: context
+          x-as: requester_user
+          description: User performing the operation.
       responses:
         '200':
           description: Action alias match pattern