NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commitc1b3080

authored

fix: restrict edit schedule access (#2698)

1 parentea5c2cd commitc1b3080Copy full SHA for c1b3080

File tree

7 files changed

+164

-29

lines changed

site/src
- components
  - Workspace
    - Workspace.tsx
  - WorkspaceSchedule
    - WorkspaceSchedule.stories.tsx
    - WorkspaceSchedule.tsx
  - WorkspaceScheduleButton
    - WorkspaceScheduleButton.stories.tsx
    - WorkspaceScheduleButton.tsx
- pages/WorkspaceSchedulePage
  - WorkspaceSchedulePage.tsx
- xServices/workspaceSchedule
  - workspaceScheduleXService.ts

7 files changed

+164

-29

lines changed

`‎site/src/components/Workspace/Workspace.tsx`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,7 @@ export const Workspace: FC<WorkspaceProps> = ({`
`64`	`64`	`workspace={workspace}`
`65`	`65`	`onDeadlineMinus={scheduleProps.onDeadlineMinus}`
`66`	`66`	`onDeadlinePlus={scheduleProps.onDeadlinePlus}`
	`67`	`+canUpdateWorkspace={canUpdateWorkspace}`
`67`	`68`	`/>`
`68`	`69`	`<WorkspaceActions`
`69`	`70`	`workspace={workspace}`

`‎site/src/components/WorkspaceSchedule/WorkspaceSchedule.stories.tsx`

Lines changed: 20 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,11 @@ const THIRTY = 30`
`16`	`16`	`exportdefault{`
`17`	`17`	`title:"components/WorkspaceSchedule",`
`18`	`18`	`component:WorkspaceSchedule,`
	`19`	`+argTypes:{`
	`20`	`+canUpdateWorkspace:{`
	`21`	`+defaultValue:true,`
	`22`	`+},`
	`23`	`+},`
`19`	`24`	`}`
`20`	`25`
`21`	`26`	`constTemplate:Story<WorkspaceScheduleProps>=(args)=><WorkspaceSchedule{...args}/>`
`@@ -40,7 +45,7 @@ NoTTL.args = {`
`40`	`45`	`...Mocks.MockWorkspace,`
`41`	`46`	`latest_build:{`
`42`	`47`	`...Mocks.MockWorkspaceBuild,`
`43`		`-// amannual shutdown has a deadline of '"0001-01-01T00:00:00Z"'`
	`48`	`+// amanual shutdown has a deadline of '"0001-01-01T00:00:00Z"'`
`44`	`49`	`// SEE: #1834`
`45`	`50`	`deadline:"0001-01-01T00:00:00Z",`
`46`	`51`	`},`
`@@ -113,3 +118,17 @@ WorkspaceOffLong.args = {`
`113`	`118`	`ttl_ms:2365246060*1000,// 2 years`
`114`	`119`	`},`
`115`	`120`	`}`
	`121`	`+`
	`122`	`+exportconstCannotEdit=Template.bind({})`
	`123`	`+CannotEdit.args={`
	`124`	`+workspace:{`
	`125`	`+ ...Mocks.MockWorkspace,`
	`126`	`+`
	`127`	`+latest_build:{`
	`128`	`+ ...Mocks.MockWorkspaceBuild,`
	`129`	`+transition:"stop",`
	`130`	`+},`
	`131`	`+ttl_ms:26060*1000,// 2 hours`
	`132`	`+},`
	`133`	`+canUpdateWorkspace:false,`
	`134`	`+}`

`‎site/src/components/WorkspaceSchedule/WorkspaceSchedule.tsx`

Lines changed: 16 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,9 +33,13 @@ export const Language = {`
`33`	`33`
`34`	`34`	`exportinterfaceWorkspaceScheduleProps{`
`35`	`35`	`workspace:Workspace`
	`36`	`+canUpdateWorkspace:boolean`
`36`	`37`	`}`
`37`	`38`
`38`		`-exportconstWorkspaceSchedule:FC<WorkspaceScheduleProps>=({ workspace})=>{`
	`39`	`+exportconstWorkspaceSchedule:FC<WorkspaceScheduleProps>=({`
	`40`	`+ workspace,`
	`41`	`+ canUpdateWorkspace,`
	`42`	`+})=>{`
`39`	`43`	`conststyles=useStyles()`
`40`	`44`	`consttimezone=workspace.autostart_schedule`
`41`	`45`	`?extractTimezone(workspace.autostart_schedule)`
`@@ -62,15 +66,17 @@ export const WorkspaceSchedule: FC<WorkspaceScheduleProps> = ({ workspace }) =>`
`62`	`66`	`</span>`
`63`	`67`	`</Stack>`
`64`	`68`	`</div>`
`65`		`-<div>`
`66`		`-<Link`
`67`		`-className={styles.scheduleAction}`
`68`		`-component={RouterLink}`
`69`		-to={`/@${workspace.owner_name}/${workspace.name}/schedule`}
`70`		`->`
`71`		`-{Language.editScheduleLink}`
`72`		`-</Link>`
`73`		`-</div>`
	`69`	`+{canUpdateWorkspace&&(`
	`70`	`+<div>`
	`71`	`+<Link`
	`72`	`+className={styles.scheduleAction}`
	`73`	`+component={RouterLink}`
	`74`	+to={`/@${workspace.owner_name}/${workspace.name}/schedule`}
	`75`	`+>`
	`76`	`+{Language.editScheduleLink}`
	`77`	`+</Link>`
	`78`	`+</div>`
	`79`	`+)}`
`74`	`80`	`</Stack>`
`75`	`81`	`</div>`
`76`	`82`	`)`

`‎site/src/components/WorkspaceScheduleButton/WorkspaceScheduleButton.stories.tsx`

Lines changed: 19 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,11 @@ const THIRTY = 30`
`16`	`16`	`exportdefault{`
`17`	`17`	`title:"components/WorkspaceScheduleButton",`
`18`	`18`	`component:WorkspaceScheduleButton,`
	`19`	`+argTypes:{`
	`20`	`+canUpdateWorkspace:{`
	`21`	`+defaultValue:true,`
	`22`	`+},`
	`23`	`+},`
`19`	`24`	`}`
`20`	`25`
`21`	`26`	`constTemplate:Story<WorkspaceScheduleButtonProps>=(args)=>(`
`@@ -115,3 +120,17 @@ WorkspaceOffLong.args = {`
`115`	`120`	`ttl_ms:2365246060*1000,// 2 years`
`116`	`121`	`},`
`117`	`122`	`}`
	`123`	`+`
	`124`	`+exportconstCannotEdit=Template.bind({})`
	`125`	`+CannotEdit.args={`
	`126`	`+workspace:{`
	`127`	`+ ...Mocks.MockWorkspace,`
	`128`	`+`
	`129`	`+latest_build:{`
	`130`	`+ ...Mocks.MockWorkspaceBuild,`
	`131`	`+transition:"stop",`
	`132`	`+},`
	`133`	`+ttl_ms:26060*1000,// 2 hours`
	`134`	`+},`
	`135`	`+canUpdateWorkspace:false,`
	`136`	`+}`

`‎site/src/components/WorkspaceScheduleButton/WorkspaceScheduleButton.tsx`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -54,12 +54,14 @@ export interface WorkspaceScheduleButtonProps {`
`54`	`54`	`workspace:Workspace`
`55`	`55`	`onDeadlinePlus:()=>void`
`56`	`56`	`onDeadlineMinus:()=>void`
	`57`	`+canUpdateWorkspace:boolean`
`57`	`58`	`}`
`58`	`59`
`59`	`60`	`exportconstWorkspaceScheduleButton:React.FC<WorkspaceScheduleButtonProps>=({`
`60`	`61`	`workspace,`
`61`	`62`	`onDeadlinePlus,`
`62`	`63`	`onDeadlineMinus,`
	`64`	`+ canUpdateWorkspace,`
`63`	`65`	`})=>{`
`64`	`66`	`constanchorRef=useRef<HTMLButtonElement>(null)`
`65`	`67`	`const[isOpen,setIsOpen]=useState(false)`
`@@ -74,7 +76,7 @@ export const WorkspaceScheduleButton: React.FC<WorkspaceScheduleButtonProps> = (`
`74`	`76`	`<divclassName={styles.wrapper}>`
`75`	`77`	`<divclassName={styles.label}>`
`76`	`78`	`<WorkspaceScheduleLabelworkspace={workspace}/>`
`77`		`-{shouldDisplayPlusMinus(workspace)&&(`
	`79`	`+{canUpdateWorkspace&&shouldDisplayPlusMinus(workspace)&&(`
`78`	`80`	`<Stackdirection="row"spacing={0}>`
`79`	`81`	`<IconButton`
`80`	`82`	`className={styles.iconButton}`
`@@ -124,7 +126,7 @@ export const WorkspaceScheduleButton: React.FC<WorkspaceScheduleButtonProps> = (`
`124`	`126`	`horizontal:"right",`
`125`	`127`	`}}`
`126`	`128`	`>`
`127`		`-<WorkspaceScheduleworkspace={workspace}/>`
	`129`	`+<WorkspaceScheduleworkspace={workspace}canUpdateWorkspace={canUpdateWorkspace}/>`
`128`	`130`	`</Popover>`
`129`	`131`	`</div>`
`130`	`132`	`</div>`

`‎site/src/pages/WorkspaceSchedulePage/WorkspaceSchedulePage.tsx`

Lines changed: 42 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`		`-import{useMachine}from"@xstate/react"`
	`1`	`+import{useMachine,useSelector}from"@xstate/react"`
`2`	`2`	`import*ascronParserfrom"cron-parser"`
`3`	`3`	`importdayjsfrom"dayjs"`
`4`	`4`	`importtimezonefrom"dayjs/plugin/timezone"`
`5`	`5`	`importutcfrom"dayjs/plugin/utc"`
`6`		`-importReact,{useEffect}from"react"`
	`6`	`+importReact,{useContext,useEffect}from"react"`
`7`	`7`	`import{useNavigate,useParams}from"react-router-dom"`
`8`	`8`	`import*asTypesGenfrom"../../api/typesGenerated"`
`9`	`9`	`import{ErrorSummary}from"../../components/ErrorSummary/ErrorSummary"`
`@@ -16,6 +16,8 @@ import {`
`16`	`16`	`}from"../../components/WorkspaceScheduleForm/WorkspaceScheduleForm"`
`17`	`17`	`import{firstOrItem}from"../../util/array"`
`18`	`18`	`import{extractTimezone,stripTimezone}from"../../util/schedule"`
	`19`	`+import{selectUser}from"../../xServices/auth/authSelectors"`
	`20`	`+import{XServiceContext}from"../../xServices/StateContext"`
`19`	`21`	`import{workspaceSchedule}from"../../xServices/workspaceSchedule/workspaceScheduleXService"`
`20`	`22`
`21`	`23`	`// REMARK: timezone plugin depends on UTC`
`@@ -24,6 +26,10 @@ import { workspaceSchedule } from "../../xServices/workspaceSchedule/workspaceSc`
`24`	`26`	`dayjs.extend(utc)`
`25`	`27`	`dayjs.extend(timezone)`
`26`	`28`
	`29`	`+constLanguage={`
	`30`	`+forbiddenError:"You don't have permissions to update the schedule for this workspace.",`
	`31`	`+}`
	`32`	`+`
`27`	`33`	`exportconstformValuesToAutoStartRequest=(`
`28`	`34`	`values:WorkspaceScheduleFormValues,`
`29`	`35`	`):TypesGen.UpdateWorkspaceAutostartRequest=>{`
`@@ -141,8 +147,17 @@ export const WorkspaceSchedulePage: React.FC = () => {`
`141`	`147`	`constnavigate=useNavigate()`
`142`	`148`	`constusername=firstOrItem(usernameQueryParam,null)`
`143`	`149`	`constworkspaceName=firstOrItem(workspaceQueryParam,null)`
`144`		`-const[scheduleState,scheduleSend]=useMachine(workspaceSchedule)`
`145`		`-const{ formErrors, getWorkspaceError, workspace}=scheduleState.context`
	`150`	`+`
	`151`	`+constxServices=useContext(XServiceContext)`
	`152`	`+constme=useSelector(xServices.authXService,selectUser)`
	`153`	`+`
	`154`	`+const[scheduleState,scheduleSend]=useMachine(workspaceSchedule,{`
	`155`	`+context:{`
	`156`	`+userId:me?.id,`
	`157`	`+},`
	`158`	`+})`
	`159`	`+const{ checkPermissionsError, formErrors, getWorkspaceError, permissions, workspace}=`
	`160`	`+scheduleState.context`
`146`	`161`
`147`	`162`	`// Get workspace on mount and whenever the args for getting a workspace change.`
`148`	`163`	`// scheduleSend should not change.`
`@@ -153,20 +168,31 @@ export const WorkspaceSchedulePage: React.FC = () => {`
`153`	`168`	`if(!username\|\|!workspaceName){`
`154`	`169`	`navigate("/workspaces")`
`155`	`170`	`returnnull`
`156`		`-}elseif(`
	`171`	`+}`
	`172`	`+`
	`173`	`+if(`
`157`	`174`	`scheduleState.matches("idle")\|\|`
`158`	`175`	`scheduleState.matches("gettingWorkspace")\|\|`
	`176`	`+scheduleState.matches("gettingPermissions")\|\|`
`159`	`177`	`!workspace`
`160`	`178`	`){`
`161`	`179`	`return<FullScreenLoader/>`
`162`		`-}elseif(scheduleState.matches("error")){`
	`180`	`+}`
	`181`	`+`
	`182`	`+if(scheduleState.matches("error")){`
`163`	`183`	`return(`
`164`	`184`	`<ErrorSummary`
`165`		`-error={getWorkspaceError}`
	`185`	`+error={getWorkspaceError\|\|checkPermissionsError}`
`166`	`186`	`retry={()=>scheduleSend({type:"GET_WORKSPACE", username, workspaceName})}`
`167`	`187`	`/>`
`168`	`188`	`)`
`169`		`-}elseif(scheduleState.matches("presentForm")\|\|scheduleState.matches("submittingSchedule")){`
	`189`	`+}`
	`190`	`+`
	`191`	`+if(!permissions?.updateWorkspace){`
	`192`	`+return<ErrorSummaryerror={Error(Language.forbiddenError)}/>`
	`193`	`+}`
	`194`	`+`
	`195`	`+if(scheduleState.matches("presentForm")\|\|scheduleState.matches("submittingSchedule")){`
`170`	`196`	`return(`
`171`	`197`	`<WorkspaceScheduleForm`
`172`	`198`	`fieldErrors={formErrors}`
`@@ -184,13 +210,15 @@ export const WorkspaceSchedulePage: React.FC = () => {`
`184`	`210`	`}}`
`185`	`211`	`/>`
`186`	`212`	`)`
`187`		`-}elseif(scheduleState.matches("submitSuccess")){`
	`213`	`+}`
	`214`	`+`
	`215`	`+if(scheduleState.matches("submitSuccess")){`
`188`	`216`	navigate(`/@${username}/${workspaceName}`)
`189`	`217`	`return<FullScreenLoader/>`
`190`		`-}else{`
`191`		`-// Theoretically impossible - log and bail`
`192`		`-console.error("WorkspaceSchedulePage: unknown state :: ",scheduleState)`
`193`		`-navigate("/")`
`194`		`-returnnull`
`195`	`218`	`}`
	`219`	`+`
	`220`	`+// Theoretically impossible - log and bail`
	`221`	`+console.error("WorkspaceSchedulePage: unknown state :: ",scheduleState)`
	`222`	`+navigate("/")`
	`223`	`+returnnull`
`196`	`224`	`}`

`‎site/src/xServices/workspaceSchedule/workspaceScheduleXService.ts`

Lines changed: 62 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ export const Language = {`
`14`	`14`	`successMessage:"Successfully updated workspace schedule.",`
`15`	`15`	`}`
`16`	`16`
	`17`	`+typePermissions=Record<keyofReturnType<typeofpermissionsToCheck>,boolean>`
	`18`	`+`
`17`	`19`	`exportinterfaceWorkspaceScheduleContext{`
`18`	`20`	`formErrors?:FieldErrors`
`19`	`21`	`getWorkspaceError?:Error\|unknown`
`@@ -23,8 +25,27 @@ export interface WorkspaceScheduleContext {`
`23`	`25`	`* machine is partially influenced by workspaceXService.`
`24`	`26`	`*/`
`25`	`27`	`workspace?:TypesGen.Workspace`
	`28`	`+// permissions`
	`29`	`+userId?:string`
	`30`	`+permissions?:Permissions`
	`31`	`+checkPermissionsError?:Error\|unknown`
`26`	`32`	`}`
`27`	`33`
	`34`	`+exportconstchecks={`
	`35`	`+updateWorkspace:"updateWorkspace",`
	`36`	`+}asconst`
	`37`	`+`
	`38`	`+constpermissionsToCheck=(workspace:TypesGen.Workspace)=>({`
	`39`	`+[checks.updateWorkspace]:{`
	`40`	`+object:{`
	`41`	`+resource_type:"workspace",`
	`42`	`+resource_id:workspace.id,`
	`43`	`+owner_id:workspace.owner_id,`
	`44`	`+},`
	`45`	`+action:"update",`
	`46`	`+},`
	`47`	`+})`
	`48`	`+`
`28`	`49`	`exporttypeWorkspaceScheduleEvent=`
`29`	`50`	`\|{type:"GET_WORKSPACE";username:string;workspaceName:string}`
`30`	`51`	`\|{`
`@@ -60,7 +81,7 @@ export const workspaceSchedule = createMachine(`
`60`	`81`	`src:"getWorkspace",`
`61`	`82`	`id:"getWorkspace",`
`62`	`83`	`onDone:{`
`63`		`-target:"presentForm",`
	`84`	`+target:"gettingPermissions",`
`64`	`85`	`actions:["assignWorkspace"],`
`65`	`86`	`},`
`66`	`87`	`onError:{`
`@@ -70,6 +91,25 @@ export const workspaceSchedule = createMachine(`
`70`	`91`	`},`
`71`	`92`	`tags:"loading",`
`72`	`93`	`},`
	`94`	`+gettingPermissions:{`
	`95`	`+entry:"clearGetPermissionsError",`
	`96`	`+invoke:{`
	`97`	`+src:"checkPermissions",`
	`98`	`+id:"checkPermissions",`
	`99`	`+onDone:[`
	`100`	`+{`
	`101`	`+actions:["assignPermissions"],`
	`102`	`+target:"presentForm",`
	`103`	`+},`
	`104`	`+],`
	`105`	`+onError:[`
	`106`	`+{`
	`107`	`+actions:"assignGetPermissionsError",`
	`108`	`+target:"error",`
	`109`	`+},`
	`110`	`+],`
	`111`	`+},`
	`112`	`+},`
`73`	`113`	`presentForm:{`
`74`	`114`	`on:{`
`75`	`115`	`SUBMIT_SCHEDULE:"submittingSchedule",`
`@@ -113,8 +153,19 @@ export const workspaceSchedule = createMachine(`
`113`	`153`	`assignGetWorkspaceError:assign({`
`114`	`154`	`getWorkspaceError:(_,event)=>event.data,`
`115`	`155`	`}),`
	`156`	`+assignPermissions:assign({`
	`157`	`+// Setting event.data as Permissions to be more stricted. So we know`
	`158`	`+// what permissions we asked for.`
	`159`	`+permissions:(_,event)=>event.dataasPermissions,`
	`160`	`+}),`
	`161`	`+assignGetPermissionsError:assign({`
	`162`	`+checkPermissionsError:(_,event)=>event.data,`
	`163`	`+}),`
	`164`	`+clearGetPermissionsError:assign({`
	`165`	`+checkPermissionsError:(_)=>undefined,`
	`166`	`+}),`
`116`	`167`	`clearContext:()=>{`
`117`		`-assign({workspace:undefined})`
	`168`	`+assign({workspace:undefined,permissions:undefined})`
`118`	`169`	`},`
`119`	`170`	`clearGetWorkspaceError:(context)=>{`
`120`	`171`	`assign({ ...context,getWorkspaceError:undefined})`
`@@ -134,6 +185,15 @@ export const workspaceSchedule = createMachine(`
`134`	`185`	`getWorkspace:async(_,event)=>{`
`135`	`186`	`returnawaitAPI.getWorkspaceByOwnerAndName(event.username,event.workspaceName)`
`136`	`187`	`},`
	`188`	`+checkPermissions:async(context)=>{`
	`189`	`+if(context.workspace&&context.userId){`
	`190`	`+returnawaitAPI.checkUserPermissions(context.userId,{`
	`191`	`+checks:permissionsToCheck(context.workspace),`
	`192`	`+})`
	`193`	`+}else{`
	`194`	`+throwError("Cannot check permissions without both workspace and user id")`
	`195`	`+}`
	`196`	`+},`
`137`	`197`	`submitSchedule:async(context,event)=>{`
`138`	`198`	`if(!context.workspace?.id){`
`139`	`199`	`// This state is theoretically impossible, but helps TS`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc1b3080

File tree

7 files changed

7 files changed

`‎site/src/components/Workspace/Workspace.tsx`

`‎site/src/components/WorkspaceSchedule/WorkspaceSchedule.stories.tsx`

`‎site/src/components/WorkspaceSchedule/WorkspaceSchedule.tsx`

`‎site/src/components/WorkspaceScheduleButton/WorkspaceScheduleButton.stories.tsx`

`‎site/src/components/WorkspaceScheduleButton/WorkspaceScheduleButton.tsx`

`‎site/src/pages/WorkspaceSchedulePage/WorkspaceSchedulePage.tsx`

`‎site/src/xServices/workspaceSchedule/workspaceScheduleXService.ts`

0 commit comments