NotificationsYou must be signed in to change notification settings
Fork907
Star10k

Commit86b61ef

authored

fix: use correct permissions for CRUD of custom roles (#16854)

resolvescoder/internal#428The goal of the PR is to start using updateOrgRoles and deleteOrgRolespermissions to gate custom roles functionality```updateOrgRoles: {object: {resource_type: "assign_org_role",organization_id: organizationId,},action: "update",},deleteOrgRoles: {object: {resource_type: "assign_org_role",organization_id: organizationId,},action: "delete",}```

1 parent101b62d commit86b61efCopy full SHA for 86b61ef

File tree

9 files changed

+93

-62

lines changed

site/src
- modules/permissions
  - index.ts
  - organizations.ts
- pages/OrganizationSettingsPage/CustomRolesPage
- testHelpers
  - entities.ts

9 files changed

+93

-62

lines changed

`‎site/src/modules/permissions/index.ts`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,9 @@ export type Permissions = {`
`6`	`6`
`7`	`7`	`exporttypePermissionName=keyoftypeofpermissionChecks;`
`8`	`8`
	`9`	`+/**`
	`10`	`+ * Site-wide permission checks`
	`11`	`+ */`
`9`	`12`	`exportconstpermissionChecks={`
`10`	`13`	`viewAllUsers:{`
`11`	`14`	`object:{`

`‎site/src/modules/permissions/organizations.ts`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,20 @@ export const organizationPermissionChecks = (organizationId: string) =>`
`73`	`73`	`},`
`74`	`74`	`action:"create",`
`75`	`75`	`},`
	`76`	`+updateOrgRoles:{`
	`77`	`+object:{`
	`78`	`+resource_type:"assign_org_role",`
	`79`	`+organization_id:organizationId,`
	`80`	`+},`
	`81`	`+action:"update",`
	`82`	`+},`
	`83`	`+deleteOrgRoles:{`
	`84`	`+object:{`
	`85`	`+resource_type:"assign_org_role",`
	`86`	`+organization_id:organizationId,`
	`87`	`+},`
	`88`	`+action:"delete",`
	`89`	`+},`
`76`	`90`	`viewProvisioners:{`
`77`	`91`	`object:{`
`78`	`92`	`resource_type:"provisioner_daemon",`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CreateEditRolePage.tsx`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -48,8 +48,9 @@ export const CreateEditRolePage: FC = () => {`
`48`	`48`	`return(`
`49`	`49`	`<RequirePermission`
`50`	`50`	`isFeatureVisible={`
`51`		`-organizationPermissions.assignOrgRoles\|\|`
`52`		`-organizationPermissions.createOrgRoles`
	`51`	`+role`
	`52`	`+?organizationPermissions.updateOrgRoles`
	`53`	`+:organizationPermissions.createOrgRoles`
`53`	`54`	`}`
`54`	`55`	`>`
`55`	`56`	`<Helmet>`
`@@ -87,7 +88,6 @@ export const CreateEditRolePage: FC = () => {`
`87`	`88`	`:createOrganizationRoleMutation.isLoading`
`88`	`89`	`}`
`89`	`90`	`organizationName={organizationName}`
`90`		`-canAssignOrgRole={organizationPermissions.assignOrgRoles}`
`91`	`91`	`/>`
`92`	`92`	`</RequirePermission>`
`93`	`93`	`);`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CreateEditRolePageView.stories.tsx`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,6 @@ export const Default: Story = {`
`23`	`23`	`error:undefined,`
`24`	`24`	`isLoading:false,`
`25`	`25`	`organizationName:"my-org",`
`26`		`-canAssignOrgRole:true,`
`27`	`26`	`},`
`28`	`27`	`};`
`29`	`28`
`@@ -81,7 +80,6 @@ export const InvalidCharsError: Story = {`
`81`	`80`	`exportconstCannotEditRoleName:Story={`
`82`	`81`	`args:{`
`83`	`82`	`...Default.args,`
`84`		`-canAssignOrgRole:false,`
`85`	`83`	`},`
`86`	`84`	`};`
`87`	`85`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CreateEditRolePageView.tsx`

Lines changed: 27 additions & 33 deletions

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,6 @@ export type CreateEditRolePageViewProps = {`
`43`	`43`	`error?:unknown;`
`44`	`44`	`isLoading:boolean;`
`45`	`45`	`organizationName:string;`
`46`		`-canAssignOrgRole:boolean;`
`47`	`46`	`allResources?:boolean;`
`48`	`47`	`};`
`49`	`48`
`@@ -53,7 +52,6 @@ export const CreateEditRolePageView: FC<CreateEditRolePageViewProps> = ({`
`53`	`52`	`error,`
`54`	`53`	`isLoading,`
`55`	`54`	`organizationName,`
`56`		`-canAssignOrgRole,`
`57`	`55`	`allResources=false,`
`58`	`56`	`})=>{`
`59`	`57`	`constnavigate=useNavigate();`
`@@ -84,26 +82,24 @@ export const CreateEditRolePageView: FC<CreateEditRolePageViewProps> = ({`
`84`	`82`	title={`${role ?"Edit" :"Create"} Custom Role`}
`85`	`83`	`description="Set a name and permissions for this role."`
`86`	`84`	`/>`
`87`		`-{canAssignOrgRole&&(`
`88`		`-<divclassName="flex space-x-2 items-center">`
`89`		`-<Button`
`90`		`-variant="outline"`
`91`		`-onClick={()=>{`
`92`		-navigate(`/organizations/${organizationName}/roles`);
`93`		`-}}`
`94`		`->`
`95`		`-Cancel`
`96`		`-</Button>`
`97`		`-<Button`
`98`		`-onClick={()=>{`
`99`		`-form.handleSubmit();`
`100`		`-}}`
`101`		`->`
`102`		`-<Spinnerloading={isLoading}/>`
`103`		`-{role!==undefined ?"Save" :"Create Role"}`
`104`		`-</Button>`
`105`		`-</div>`
`106`		`-)}`
	`85`	`+<divclassName="flex space-x-2 items-center">`
	`86`	`+<Button`
	`87`	`+variant="outline"`
	`88`	`+onClick={()=>{`
	`89`	+navigate(`/organizations/${organizationName}/roles`);
	`90`	`+}}`
	`91`	`+>`
	`92`	`+Cancel`
	`93`	`+</Button>`
	`94`	`+<Button`
	`95`	`+onClick={()=>{`
	`96`	`+form.handleSubmit();`
	`97`	`+}}`
	`98`	`+>`
	`99`	`+<Spinnerloading={isLoading}/>`
	`100`	`+{role!==undefined ?"Save" :"Create Role"}`
	`101`	`+</Button>`
	`102`	`+</div>`
`107`	`103`	`</Stack>`
`108`	`104`
`109`	`105`	`<VerticalFormonSubmit={form.handleSubmit}>`
`@@ -135,18 +131,16 @@ export const CreateEditRolePageView: FC<CreateEditRolePageViewProps> = ({`
`135`	`131`	`allResources={allResources}`
`136`	`132`	`/>`
`137`	`133`	`</FormFields>`
`138`		`-{canAssignOrgRole&&(`
`139`		`-<FormFooter>`
`140`		`-<ButtononClick={onCancel}variant="outline">`
`141`		`-Cancel`
`142`		`-</Button>`
	`134`	`+<FormFooter>`
	`135`	`+<ButtononClick={onCancel}variant="outline">`
	`136`	`+Cancel`
	`137`	`+</Button>`
`143`	`138`
`144`		`-<Buttontype="submit"disabled={isLoading}>`
`145`		`-<Spinnerloading={isLoading}/>`
`146`		`-{role ?"Save role" :"Create Role"}`
`147`		`-</Button>`
`148`		`-</FormFooter>`
`149`		`-)}`
	`139`	`+<Buttontype="submit"disabled={isLoading}>`
	`140`	`+<Spinnerloading={isLoading}/>`
	`141`	`+{role ?"Save role" :"Create Role"}`
	`142`	`+</Button>`
	`143`	`+</FormFooter>`
`150`	`144`	`</VerticalForm>`
`151`	`145`	`</>`
`152`	`146`	`);`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPage.tsx`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -81,8 +81,9 @@ export const CustomRolesPage: FC = () => {`
`81`	`81`	`builtInRoles={builtInRoles}`
`82`	`82`	`customRoles={customRoles}`
`83`	`83`	`onDeleteRole={setRoleToDelete}`
`84`		`-canAssignOrgRole={organizationPermissions?.assignOrgRoles??false}`
`85`	`84`	`canCreateOrgRole={organizationPermissions?.createOrgRoles??false}`
	`85`	`+canUpdateOrgRole={organizationPermissions?.updateOrgRoles??false}`
	`86`	`+canDeleteOrgRole={organizationPermissions?.deleteOrgRoles??false}`
`86`	`87`	`isCustomRolesEnabled={isCustomRolesEnabled}`
`87`	`88`	`/>`
`88`	`89`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPageView.stories.tsx`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,6 @@ const meta: Meta<typeof CustomRolesPageView> = {`
`11`	`11`	`args:{`
`12`	`12`	`builtInRoles:[MockRoleWithOrgPermissions],`
`13`	`13`	`customRoles:[MockRoleWithOrgPermissions],`
`14`		`-canAssignOrgRole:true,`
`15`	`14`	`canCreateOrgRole:true,`
`16`	`15`	`isCustomRolesEnabled:true,`
`17`	`16`	`},`
`@@ -31,7 +30,7 @@ export const NotEnabled: Story = {`
`31`	`30`	`exportconstNotEnabledEmptyTable:Story={`
`32`	`31`	`args:{`
`33`	`32`	`customRoles:[],`
`34`		`-canAssignOrgRole:true,`
	`33`	`+canCreateOrgRole:true,`
`35`	`34`	`isCustomRolesEnabled:false,`
`36`	`35`	`},`
`37`	`36`	`};`
`@@ -58,7 +57,6 @@ export const EmptyDisplayName: Story = {`
`58`	`57`	`exportconstEmptyTableUserWithoutPermission:Story={`
`59`	`58`	`args:{`
`60`	`59`	`customRoles:[],`
`61`		`-canAssignOrgRole:false,`
`62`	`60`	`canCreateOrgRole:false,`
`63`	`61`	`},`
`64`	`62`	`};`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPageView.tsx`

Lines changed: 39 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,17 +34,19 @@ interface CustomRolesPageViewProps {`
`34`	`34`	`builtInRoles:AssignableRoles[]\|undefined;`
`35`	`35`	`customRoles:AssignableRoles[]\|undefined;`
`36`	`36`	`onDeleteRole:(role:Role)=>void;`
`37`		`-canAssignOrgRole:boolean;`
`38`	`37`	`canCreateOrgRole:boolean;`
	`38`	`+canUpdateOrgRole:boolean;`
	`39`	`+canDeleteOrgRole:boolean;`
`39`	`40`	`isCustomRolesEnabled:boolean;`
`40`	`41`	`}`
`41`	`42`
`42`	`43`	`exportconstCustomRolesPageView:FC<CustomRolesPageViewProps>=({`
`43`	`44`	`builtInRoles,`
`44`	`45`	`customRoles,`
`45`	`46`	`onDeleteRole,`
`46`		`-canAssignOrgRole,`
`47`	`47`	`canCreateOrgRole,`
	`48`	`+canUpdateOrgRole,`
	`49`	`+canDeleteOrgRole,`
`48`	`50`	`isCustomRolesEnabled,`
`49`	`51`	`})=>{`
`50`	`52`	`return(`
`@@ -77,7 +79,9 @@ export const CustomRolesPageView: FC<CustomRolesPageViewProps> = ({`
`77`	`79`	`<RoleTable`
`78`	`80`	`roles={customRoles}`
`79`	`81`	`isCustomRolesEnabled={isCustomRolesEnabled}`
`80`		`-canAssignOrgRole={canAssignOrgRole}`
	`82`	`+canCreateOrgRole={canCreateOrgRole}`
	`83`	`+canUpdateOrgRole={canUpdateOrgRole}`
	`84`	`+canDeleteOrgRole={canDeleteOrgRole}`
`81`	`85`	`onDeleteRole={onDeleteRole}`
`82`	`86`	`/>`
`83`	`87`	`<span>`
`@@ -90,7 +94,9 @@ export const CustomRolesPageView: FC<CustomRolesPageViewProps> = ({`
`90`	`94`	`<RoleTable`
`91`	`95`	`roles={builtInRoles}`
`92`	`96`	`isCustomRolesEnabled={isCustomRolesEnabled}`
`93`		`-canAssignOrgRole={canAssignOrgRole}`
	`97`	`+canCreateOrgRole={canCreateOrgRole}`
	`98`	`+canUpdateOrgRole={canUpdateOrgRole}`
	`99`	`+canDeleteOrgRole={canDeleteOrgRole}`
`94`	`100`	`onDeleteRole={onDeleteRole}`
`95`	`101`	`/>`
`96`	`102`	`</Stack>`
`@@ -100,15 +106,19 @@ export const CustomRolesPageView: FC<CustomRolesPageViewProps> = ({`
`100`	`106`	`interfaceRoleTableProps{`
`101`	`107`	`roles:AssignableRoles[]\|undefined;`
`102`	`108`	`isCustomRolesEnabled:boolean;`
`103`		`-canAssignOrgRole:boolean;`
	`109`	`+canCreateOrgRole:boolean;`
	`110`	`+canUpdateOrgRole:boolean;`
	`111`	`+canDeleteOrgRole:boolean;`
`104`	`112`	`onDeleteRole:(role:Role)=>void;`
`105`	`113`	`}`
`106`	`114`
`107`	`115`	`constRoleTable:FC<RoleTableProps>=({`
`108`	`116`	`roles,`
`109`	`117`	`isCustomRolesEnabled,`
	`118`	`+canCreateOrgRole,`
	`119`	`+canUpdateOrgRole,`
	`120`	`+canDeleteOrgRole,`
`110`	`121`	`onDeleteRole,`
`111`		`-canAssignOrgRole,`
`112`	`122`	`})=>{`
`113`	`123`	`constisLoading=roles===undefined;`
`114`	`124`	`constisEmpty=Boolean(roles&&roles.length===0);`
`@@ -134,14 +144,14 @@ const RoleTable: FC<RoleTableProps> = ({`
`134`	`144`	`<EmptyState`
`135`	`145`	`message="No custom roles yet"`
`136`	`146`	`description={`
`137`		`-canAssignOrgRole&&isCustomRolesEnabled`
	`147`	`+canCreateOrgRole&&isCustomRolesEnabled`
`138`	`148`	`?"Create your first custom role"`
`139`	`149`	`:!isCustomRolesEnabled`
`140`	`150`	`?"Upgrade to a premium license to create a custom role"`
`141`	`151`	`:"You don't have permission to create a custom role"`
`142`	`152`	`}`
`143`	`153`	`cta={`
`144`		`-canAssignOrgRole&&`
	`154`	`+canCreateOrgRole&&`
`145`	`155`	`isCustomRolesEnabled&&(`
`146`	`156`	`<Button`
`147`	`157`	`component={RouterLink}`
`@@ -165,7 +175,8 @@ const RoleTable: FC<RoleTableProps> = ({`
`165`	`175`	`<RoleRow`
`166`	`176`	`key={role.name}`
`167`	`177`	`role={role}`
`168`		`-canAssignOrgRole={canAssignOrgRole}`
	`178`	`+canUpdateOrgRole={canUpdateOrgRole}`
	`179`	`+canDeleteOrgRole={canDeleteOrgRole}`
`169`	`180`	`onDelete={()=>onDeleteRole(role)}`
`170`	`181`	`/>`
`171`	`182`	`))}`
`@@ -179,11 +190,17 @@ const RoleTable: FC<RoleTableProps> = ({`
`179`	`190`
`180`	`191`	`interfaceRoleRowProps{`
`181`	`192`	`role:AssignableRoles;`
	`193`	`+canUpdateOrgRole:boolean;`
	`194`	`+canDeleteOrgRole:boolean;`
`182`	`195`	`onDelete:()=>void;`
`183`		`-canAssignOrgRole:boolean;`
`184`	`196`	`}`
`185`	`197`
`186`		`-constRoleRow:FC<RoleRowProps>=({ role, onDelete, canAssignOrgRole})=>{`
	`198`	`+constRoleRow:FC<RoleRowProps>=({`
	`199`	`+role,`
	`200`	`+onDelete,`
	`201`	`+canUpdateOrgRole,`
	`202`	`+canDeleteOrgRole,`
	`203`	`+})=>{`
`187`	`204`	`constnavigate=useNavigate();`
`188`	`205`
`189`	`206`	`return(`
`@@ -195,20 +212,22 @@ const RoleRow: FC<RoleRowProps> = ({ role, onDelete, canAssignOrgRole }) => {`
`195`	`212`	`</TableCell>`
`196`	`213`
`197`	`214`	`<TableCell>`
`198`		`-{!role.built_in&&(`
	`215`	`+{!role.built_in&&(canUpdateOrgRole\|\|canDeleteOrgRole)&&(`
`199`	`216`	`<MoreMenu>`
`200`	`217`	`<MoreMenuTrigger>`
`201`	`218`	`<ThreeDotsButton/>`
`202`	`219`	`</MoreMenuTrigger>`
`203`	`220`	`<MoreMenuContent>`
`204`		`-<MoreMenuItem`
`205`		`-onClick={()=>{`
`206`		`-navigate(role.name);`
`207`		`-}}`
`208`		`->`
`209`		`-Edit`
`210`		`-</MoreMenuItem>`
`211`		`-{canAssignOrgRole&&(`
	`221`	`+{canUpdateOrgRole&&(`
	`222`	`+<MoreMenuItem`
	`223`	`+onClick={()=>{`
	`224`	`+navigate(role.name);`
	`225`	`+}}`
	`226`	`+>`
	`227`	`+Edit`
	`228`	`+</MoreMenuItem>`
	`229`	`+)}`
	`230`	`+{canDeleteOrgRole&&(`
`212`	`231`	`<MoreMenuItemdangeronClick={onDelete}>`
`213`	`232`	`Delete…`
`214`	`233`	`</MoreMenuItem>`

`‎site/src/testHelpers/entities.ts`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2900,6 +2900,8 @@ export const MockOrganizationPermissions: OrganizationPermissions = {`
`2900`	`2900`	`viewOrgRoles:true,`
`2901`	`2901`	`createOrgRoles:true,`
`2902`	`2902`	`assignOrgRoles:true,`
	`2903`	`+updateOrgRoles:true,`
	`2904`	`+deleteOrgRoles:true,`
`2903`	`2905`	`viewProvisioners:true,`
`2904`	`2906`	`viewProvisionerJobs:true,`
`2905`	`2907`	`viewIdpSyncSettings:true,`
`@@ -2916,6 +2918,8 @@ export const MockNoOrganizationPermissions: OrganizationPermissions = {`
`2916`	`2918`	`viewOrgRoles:false,`
`2917`	`2919`	`createOrgRoles:false,`
`2918`	`2920`	`assignOrgRoles:false,`
	`2921`	`+updateOrgRoles:false,`
	`2922`	`+deleteOrgRoles:false,`
`2919`	`2923`	`viewProvisioners:false,`
`2920`	`2924`	`viewProvisionerJobs:false,`
`2921`	`2925`	`viewIdpSyncSettings:false,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit86b61ef

File tree

9 files changed

9 files changed

`‎site/src/modules/permissions/index.ts`

`‎site/src/modules/permissions/organizations.ts`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CreateEditRolePage.tsx`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CreateEditRolePageView.stories.tsx`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CreateEditRolePageView.tsx`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPage.tsx`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPageView.stories.tsx`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPageView.tsx`

`‎site/src/testHelpers/entities.ts`

0 commit comments