NotificationsYou must be signed in to change notification settings
Fork1k
Star11k

Commit475f6e2

committed

Limit the number of org permission checks

We show the org on the sidebar if they can edit anything, and we showeach sub-link if they can view it, which means we were making both editand view permission checks.Instead, show each link if they can edit it (not just view), whichnegates the need for separate view permissions.Incidentally, this also reduces the number of checks we need to make forindividual pages, since some of them were only used on the sidebar.

1 parent9f39257 commit475f6e2Copy full SHA for 475f6e2

File tree

4 files changed

+83

-80

lines changed

site/src
- api/queries
  - organizations.ts
- pages/ManagementSettingsPage

4 files changed

+83

-80

lines changed

`‎site/src/api/queries/organizations.ts‎`

Lines changed: 63 additions & 59 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`	`importtype{QueryClient}from"react-query";`
`2`	`2`	`import{API}from"api/api";`
`3`	`3`	`importtype{`
`4`		`-AuthorizationCheck,`
`5`	`4`	`AuthorizationResponse,`
`6`	`5`	`CreateOrganizationRequest,`
`7`	`6`	`Organization,`
`@@ -124,60 +123,6 @@ export const provisionerDaemons = (organization: string) => {`
`124`	`123`	`};`
`125`	`124`	`};`
`126`	`125`
`127`		`-constorgChecks=(`
`128`		`-organizationId:string,`
`129`		`-):Record<string,AuthorizationCheck>=>({`
`130`		`-viewMembers:{`
`131`		`-object:{`
`132`		`-resource_type:"organization_member",`
`133`		`-organization_id:organizationId,`
`134`		`-},`
`135`		`-action:"read",`
`136`		`-},`
`137`		`-editMembers:{`
`138`		`-object:{`
`139`		`-resource_type:"organization_member",`
`140`		`-organization_id:organizationId,`
`141`		`-},`
`142`		`-action:"update",`
`143`		`-},`
`144`		`-createGroup:{`
`145`		`-object:{`
`146`		`-resource_type:"group",`
`147`		`-organization_id:organizationId,`
`148`		`-},`
`149`		`-action:"create",`
`150`		`-},`
`151`		`-viewGroups:{`
`152`		`-object:{`
`153`		`-resource_type:"group",`
`154`		`-organization_id:organizationId,`
`155`		`-},`
`156`		`-action:"read",`
`157`		`-},`
`158`		`-editGroups:{`
`159`		`-object:{`
`160`		`-resource_type:"group",`
`161`		`-organization_id:organizationId,`
`162`		`-},`
`163`		`-action:"update",`
`164`		`-},`
`165`		`-editOrganization:{`
`166`		`-object:{`
`167`		`-resource_type:"organization",`
`168`		`-organization_id:organizationId,`
`169`		`-},`
`170`		`-action:"update",`
`171`		`-},`
`172`		`-auditOrganization:{`
`173`		`-object:{`
`174`		`-resource_type:"audit_log",`
`175`		`-organization_id:organizationId,`
`176`		`-},`
`177`		`-action:"read",`
`178`		`-},`
`179`		`-});`
`180`		`-`
`181`	`126`	`/**`
`182`	`127`	`* Fetch permissions for a single organization.`
`183`	`128`	`*`
`@@ -190,7 +135,31 @@ export const organizationPermissions = (organizationId: string \| undefined) => {`
`190`	`135`	`return{`
`191`	`136`	`queryKey:["organization",organizationId,"permissions"],`
`192`	`137`	`queryFn:()=>`
`193`		`-API.checkAuthorization({checks:orgChecks(organizationId)}),`
	`138`	`+// Only request what we use on individual org settings, members, and group`
	`139`	`+// pages, which at the moment is whether you can edit the members on the`
	`140`	`+// members page and whether you can see the create group button on the`
	`141`	`+// groups page. The edit organization check for the settings page is`
	`142`	`+// covered by the multi-org query at the moment, and the edit group check`
	`143`	`+// on the group page is done on the group itself, not the org, so neither`
	`144`	`+// show up here.`
	`145`	`+API.checkAuthorization({`
	`146`	`+checks:{`
	`147`	`+editMembers:{`
	`148`	`+object:{`
	`149`	`+resource_type:"organization_member",`
	`150`	`+organization_id:organizationId,`
	`151`	`+},`
	`152`	`+action:"update",`
	`153`	`+},`
	`154`	`+createGroup:{`
	`155`	`+object:{`
	`156`	`+resource_type:"group",`
	`157`	`+organization_id:organizationId,`
	`158`	`+},`
	`159`	`+action:"create",`
	`160`	`+},`
	`161`	`+},`
	`162`	`+}),`
`194`	`163`	`};`
`195`	`164`	`};`
`196`	`165`
`@@ -209,19 +178,54 @@ export const organizationsPermissions = (`
`209`	`178`	`return{`
`210`	`179`	`queryKey:["organizations","permissions"],`
`211`	`180`	`queryFn:async()=>{`
	`181`	`+// Only request what we need for the sidebar, which is one edit permission`
	`182`	`+// per sub-link (audit page, settings page, groups page, and members page)`
	`183`	`+// that tells us whether to show that page, since we only show them if you`
	`184`	`+// can edit (and not, at the moment if you can only view).`
	`185`	`+constchecks=(organizationId:string)=>({`
	`186`	`+editMembers:{`
	`187`	`+object:{`
	`188`	`+resource_type:"organization_member",`
	`189`	`+organization_id:organizationId,`
	`190`	`+},`
	`191`	`+action:"update",`
	`192`	`+},`
	`193`	`+editGroups:{`
	`194`	`+object:{`
	`195`	`+resource_type:"group",`
	`196`	`+organization_id:organizationId,`
	`197`	`+},`
	`198`	`+action:"update",`
	`199`	`+},`
	`200`	`+editOrganization:{`
	`201`	`+object:{`
	`202`	`+resource_type:"organization",`
	`203`	`+organization_id:organizationId,`
	`204`	`+},`
	`205`	`+action:"update",`
	`206`	`+},`
	`207`	`+auditOrganization:{`
	`208`	`+object:{`
	`209`	`+resource_type:"audit_log",`
	`210`	`+organization_id:organizationId,`
	`211`	`+},`
	`212`	`+action:"read",`
	`213`	`+},`
	`214`	`+});`
	`215`	`+`
`212`	`216`	`// The endpoint takes a flat array, so to avoid collisions prepend each`
`213`	`217`	`// check with the org ID (the key can be anything we want).`
`214`		`-constchecks=organizations`
	`218`	`+constprefixedChecks=organizations`
`215`	`219`	`.map((org)=>`
`216`		`-Object.entries(orgChecks(org.id)).map(([key,val])=>[`
	`220`	`+Object.entries(checks(org.id)).map(([key,val])=>[`
`217`	`221`	`${org.id}.${key}`,
`218`	`222`	`val,`
`219`	`223`	`]),`
`220`	`224`	`)`
`221`	`225`	`.flat();`
`222`	`226`
`223`	`227`	`constresponse=awaitAPI.checkAuthorization({`
`224`		`-checks:Object.fromEntries(checks),`
	`228`	`+checks:Object.fromEntries(prefixedChecks),`
`225`	`229`	`});`
`226`	`230`
`227`	`231`	`// Now we can unflatten by parsing out the org ID from each check.`

`‎site/src/pages/ManagementSettingsPage/OrganizationMembersPage.test.tsx‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,6 @@ beforeEach(() => {`
`28`	`28`	`http.post("/api/v2/authcheck",async()=>{`
`29`	`29`	`returnHttpResponse.json({`
`30`	`30`	`editMembers:true,`
`31`		`-viewMembers:true,`
`32`	`31`	`viewDeploymentValues:true,`
`33`	`32`	`});`
`34`	`33`	`}),`

`‎site/src/pages/ManagementSettingsPage/SidebarView.stories.tsx‎`

Lines changed: 18 additions & 18 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,17 +17,17 @@ const meta: Meta<typeof SidebarView> = {`
`17`	`17`	`MockOrganization,`
`18`	`18`	`{`
`19`	`19`	`editOrganization:true,`
`20`		`-viewMembers:true,`
`21`		`-viewGroups:true,`
	`20`	`+editMembers:true,`
	`21`	`+editGroups:true,`
`22`	`22`	`auditOrganization:true,`
`23`	`23`	`},`
`24`	`24`	`],`
`25`	`25`	`[`
`26`	`26`	`MockOrganization2,`
`27`	`27`	`{`
`28`	`28`	`editOrganization:true,`
`29`		`-viewMembers:true,`
`30`		`-viewGroups:true,`
	`29`	`+editMembers:true,`
	`30`	`+editGroups:true,`
`31`	`31`	`auditOrganization:true,`
`32`	`32`	`},`
`33`	`33`	`],`
`@@ -118,8 +118,8 @@ export const SelectedOrgAdmin: Story = {`
`118`	`118`	`MockOrganization,`
`119`	`119`	`{`
`120`	`120`	`editOrganization:true,`
`121`		`-viewMembers:true,`
`122`		`-viewGroups:true,`
	`121`	`+editMembers:true,`
	`122`	`+editGroups:true,`
`123`	`123`	`auditOrganization:true,`
`124`	`124`	`},`
`125`	`125`	`],`
`@@ -139,8 +139,8 @@ export const SelectedOrgAuditor: Story = {`
`139`	`139`	`MockOrganization,`
`140`	`140`	`{`
`141`	`141`	`editOrganization:false,`
`142`		`-viewMembers:false,`
`143`		`-viewGroups:false,`
	`142`	`+editMembers:false,`
	`143`	`+editGroups:false,`
`144`	`144`	`auditOrganization:true,`
`145`	`145`	`},`
`146`	`146`	`],`
`@@ -160,8 +160,8 @@ export const SelectedOrgUserAdmin: Story = {`
`160`	`160`	`MockOrganization,`
`161`	`161`	`{`
`162`	`162`	`editOrganization:false,`
`163`		`-viewMembers:true,`
`164`		`-viewGroups:true,`
	`163`	`+editMembers:true,`
	`164`	`+editGroups:true,`
`165`	`165`	`auditOrganization:false,`
`166`	`166`	`},`
`167`	`167`	`],`
`@@ -176,17 +176,17 @@ export const MultiOrgAdminAndUserAdmin: Story = {`
`176`	`176`	`MockOrganization,`
`177`	`177`	`{`
`178`	`178`	`editOrganization:false,`
`179`		`-viewMembers:false,`
`180`		`-viewGroups:false,`
	`179`	`+editMembers:false,`
	`180`	`+editGroups:false,`
`181`	`181`	`auditOrganization:true,`
`182`	`182`	`},`
`183`	`183`	`],`
`184`	`184`	`[`
`185`	`185`	`MockOrganization2,`
`186`	`186`	`{`
`187`	`187`	`editOrganization:false,`
`188`		`-viewMembers:true,`
`189`		`-viewGroups:true,`
	`188`	`+editMembers:true,`
	`189`	`+editGroups:true,`
`190`	`190`	`auditOrganization:false,`
`191`	`191`	`},`
`192`	`192`	`],`
`@@ -202,17 +202,17 @@ export const SelectedMultiOrgAdminAndUserAdmin: Story = {`
`202`	`202`	`MockOrganization,`
`203`	`203`	`{`
`204`	`204`	`editOrganization:false,`
`205`		`-viewMembers:false,`
`206`		`-viewGroups:false,`
	`205`	`+editMembers:false,`
	`206`	`+editGroups:false,`
`207`	`207`	`auditOrganization:true,`
`208`	`208`	`},`
`209`	`209`	`],`
`210`	`210`	`[`
`211`	`211`	`MockOrganization2,`
`212`	`212`	`{`
`213`	`213`	`editOrganization:false,`
`214`		`-viewMembers:true,`
`215`		`-viewGroups:true,`
	`214`	`+editMembers:true,`
	`215`	`+editGroups:true,`
`216`	`216`	`auditOrganization:false,`
`217`	`217`	`},`
`218`	`218`	`],`

`‎site/src/pages/ManagementSettingsPage/SidebarView.tsx‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -234,14 +234,14 @@ const OrganizationSettingsNavigation: FC<`
`234`	`234`	`Organization settings`
`235`	`235`	`</SidebarNavSubItem>`
`236`	`236`	`)}`
`237`		`-{props.permissions.viewMembers&&(`
	`237`	`+{props.permissions.editMembers&&(`
`238`	`238`	`<SidebarNavSubItem`
`239`	`239`	`href={urlForSubpage(props.organization.name,"members")}`
`240`	`240`	`>`
`241`	`241`	`Members`
`242`	`242`	`</SidebarNavSubItem>`
`243`	`243`	`)}`
`244`		`-{props.permissions.viewGroups&&(`
	`244`	`+{props.permissions.editGroups&&(`
`245`	`245`	`<SidebarNavSubItem`
`246`	`246`	`href={urlForSubpage(props.organization.name,"groups")}`
`247`	`247`	`>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit475f6e2

File tree

4 files changed

4 files changed

`‎site/src/api/queries/organizations.ts‎`

`‎site/src/pages/ManagementSettingsPage/OrganizationMembersPage.test.tsx‎`

`‎site/src/pages/ManagementSettingsPage/SidebarView.stories.tsx‎`

`‎site/src/pages/ManagementSettingsPage/SidebarView.tsx‎`

0 commit comments