NotificationsYou must be signed in to change notification settings
Fork905
Star10k

Commitccfe1bd

authored

fix: fix permissions for workspace creation (#17241)

This fixes the permissions check when creating a workspace by settingthe owner_id to the current user's id. This was originally settingowner_id to *```createWorkspace: {object: {resource_type: "workspace",organization_id: organizationId,owner_id: userId,},action: "create",},```

1 parentb61f0ab commitccfe1bdCopy full SHA for ccfe1bd

File tree

12 files changed

+54

-36

lines changed

site/src
- api/queries
  - organizations.ts
- modules/permissions
  - workspaces.ts
- pages
  - CreateWorkspacePage
  - TemplatePage
  - TemplatesPage
  - WorkspacesPage
    - WorkspacesPage.tsx

12 files changed

+54

-36

lines changed

`‎site/src/api/queries/organizations.ts`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -306,6 +306,7 @@ export const organizationsPermissions = (`
`306`	`306`
`307`	`307`	`exportconstworkspacePermissionsByOrganization=(`
`308`	`308`	`organizationIds:string[]\|undefined,`
	`309`	`+userId:string,`
`309`	`310`	`)=>{`
`310`	`311`	`if(!organizationIds){`
`311`	`312`	`return{enabled:false};`
`@@ -315,10 +316,9 @@ export const workspacePermissionsByOrganization = (`
`315`	`316`	`queryKey:["workspaces",organizationIds.sort(),"permissions"],`
`316`	`317`	`queryFn:async()=>{`
`317`	`318`	`constprefixedChecks=organizationIds.flatMap((orgId)=>`
`318`		`-Object.entries(workspacePermissionChecks(orgId)).map(([key,val])=>[`
`319`		-`${orgId}.${key}`,
`320`		`-val,`
`321`		`-]),`
	`319`	`+Object.entries(workspacePermissionChecks(orgId,userId)).map(`
	`320`	+([key,val])=>[`${orgId}.${key}`,val],
	`321`	`+),`
`322`	`322`	`);`
`323`	`323`
`324`	`324`	`constresponse=awaitAPI.checkAuthorization({`

`‎site/src/modules/permissions/workspaces.ts`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,13 @@`
`1`		`-exportconstworkspacePermissionChecks=(organizationId:string)=>`
	`1`	`+exportconstworkspacePermissionChecks=(`
	`2`	`+organizationId:string,`
	`3`	`+userId:string,`
	`4`	`+)=>`
`2`	`5`	`({`
`3`		`-createWorkspaceForUser:{`
	`6`	`+createWorkspace:{`
`4`	`7`	`object:{`
`5`	`8`	`resource_type:"workspace",`
`6`	`9`	`organization_id:organizationId,`
`7`		`-owner_id:"*",`
	`10`	`+owner_id:userId,`
`8`	`11`	`},`
`9`	`12`	`action:"create",`
`10`	`13`	`},`

`‎site/src/pages/CreateWorkspacePage/CreateWorkspacePage.tsx`

Lines changed: 3 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,6 @@ import { Loader } from "components/Loader/Loader";`
`17`	`17`	`import{useAuthenticated}from"contexts/auth/RequireAuth";`
`18`	`18`	`import{useEffectEvent}from"hooks/hookPolyfills";`
`19`	`19`	`import{useDashboard}from"modules/dashboard/useDashboard";`
`20`		`-import{`
`21`		`-typeWorkspacePermissions,`
`22`		`-workspacePermissionChecks,`
`23`		`-}from"modules/permissions/workspaces";`
`24`	`20`	`import{generateWorkspaceName}from"modules/workspaces/generateWorkspaceName";`
`25`	`21`	`import{typeFC,useCallback,useEffect,useRef,useState}from"react";`
`26`	`22`	`import{Helmet}from"react-helmet-async";`
`@@ -30,6 +26,7 @@ import { pageTitle } from "utils/page";`
`30`	`26`	`importtype{AutofillBuildParameter}from"utils/richParameters";`
`31`	`27`	`import{paramsUsedToCreateWorkspace}from"utils/workspace";`
`32`	`28`	`import{CreateWorkspacePageView}from"./CreateWorkspacePageView";`
	`29`	`+import{typeCreateWSPermissions,createWorkspaceChecks}from"./permissions";`
`33`	`30`
`34`	`31`	`exportconstcreateWorkspaceModes=["form","auto","duplicate"]asconst;`
`35`	`32`	`exporttypeCreateWorkspaceMode=(typeofcreateWorkspaceModes)[number];`
`@@ -67,7 +64,7 @@ const CreateWorkspacePage: FC = () => {`
`67`	`64`	`constpermissionsQuery=useQuery(`
`68`	`65`	`templateQuery.data`
`69`	`66`	`?checkAuthorization({`
`70`		`-checks:workspacePermissionChecks(templateQuery.data.organization_id),`
	`67`	`+checks:createWorkspaceChecks(templateQuery.data.organization_id),`
`71`	`68`	`})`
`72`	`69`	`:{enabled:false},`
`73`	`70`	`);`
`@@ -209,7 +206,7 @@ const CreateWorkspacePage: FC = () => {`
`209`	`206`	`externalAuthPollingState={externalAuthPollingState}`
`210`	`207`	`startPollingExternalAuth={startPollingExternalAuth}`
`211`	`208`	`hasAllRequiredExternalAuth={hasAllRequiredExternalAuth}`
`212`		`-permissions={permissionsQuery.dataasWorkspacePermissions}`
	`209`	`+permissions={permissionsQuery.dataasCreateWSPermissions}`
`213`	`210`	`parameters={realizedParametersasTemplateVersionParameter[]}`
`214`	`211`	`presets={templateVersionPresetsQuery.data??[]}`
`215`	`212`	`creatingWorkspace={createWorkspaceMutation.isLoading}`

`‎site/src/pages/CreateWorkspacePage/CreateWorkspacePageView.tsx`

Lines changed: 2 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,6 @@ import { Stack } from "components/Stack/Stack";`
`28`	`28`	`import{Switch}from"components/Switch/Switch";`
`29`	`29`	`import{UserAutocomplete}from"components/UserAutocomplete/UserAutocomplete";`
`30`	`30`	`import{typeFormikContextType,useFormik}from"formik";`
`31`		`-importtype{WorkspacePermissions}from"modules/permissions/workspaces";`
`32`	`31`	`import{generateWorkspaceName}from"modules/workspaces/generateWorkspaceName";`
`33`	`32`	`import{typeFC,useCallback,useEffect,useMemo,useState}from"react";`
`34`	`33`	`import{`
`@@ -47,7 +46,7 @@ import type {`
`47`	`46`	`ExternalAuthPollingState,`
`48`	`47`	`}from"./CreateWorkspacePage";`
`49`	`48`	`import{ExternalAuthButton}from"./ExternalAuthButton";`
`50`		`-`
	`49`	`+importtype{CreateWSPermissions}from"./permissions";`
`51`	`50`	`exportconstLanguage={`
`52`	`51`	`duplicationWarning:`
`53`	`52`	`"Duplicating a workspace only copies its parameters. No state from the old workspace is copied over.",`
`@@ -69,7 +68,7 @@ export interface CreateWorkspacePageViewProps {`
`69`	`68`	`parameters:TypesGen.TemplateVersionParameter[];`
`70`	`69`	`autofillParameters:AutofillBuildParameter[];`
`71`	`70`	`presets:TypesGen.Preset[];`
`72`		`-permissions:WorkspacePermissions;`
	`71`	`+permissions:CreateWSPermissions;`
`73`	`72`	`creatingWorkspace:boolean;`
`74`	`73`	`onCancel:()=>void;`
`75`	`74`	`onSubmit:(`

`‎site/src/pages/CreateWorkspacePage/permissions.ts`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,16 @@`
	`1`	`+exportconstcreateWorkspaceChecks=(organizationId:string)=>`
	`2`	`+({`
	`3`	`+createWorkspaceForUser:{`
	`4`	`+object:{`
	`5`	`+resource_type:"workspace",`
	`6`	`+organization_id:organizationId,`
	`7`	`+owner_id:"*",`
	`8`	`+},`
	`9`	`+action:"create",`
	`10`	`+},`
	`11`	`+})asconst;`
	`12`	`+`
	`13`	`+exporttypeCreateWSPermissions=Record<`
	`14`	`+keyofReturnType<typeofcreateWorkspaceChecks>,`
	`15`	`+boolean`
	`16`	`+>;`

`‎site/src/pages/TemplatePage/TemplateLayout.tsx`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ import { ErrorAlert } from "components/Alert/ErrorAlert";`
`5`	`5`	`import{Loader}from"components/Loader/Loader";`
`6`	`6`	`import{Margins}from"components/Margins/Margins";`
`7`	`7`	`import{TabLink,Tabs,TabsList}from"components/Tabs/Tabs";`
	`8`	`+import{useAuthenticated}from"contexts/auth/RequireAuth";`
`8`	`9`	`import{workspacePermissionChecks}from"modules/permissions/workspaces";`
`9`	`10`	`import{`
`10`	`11`	`typeFC,`
`@@ -73,6 +74,7 @@ export const TemplateLayout: FC<PropsWithChildren> = ({`
`73`	`74`	`children=<Outlet/>,`
`74`	`75`	`})=>{`
`75`	`76`	`constnavigate=useNavigate();`
	`77`	`+const{user:me}=useAuthenticated();`
`76`	`78`	`const{organization:organizationName="default",template:templateName}=`
`77`	`79`	`useParams()as{organization?:string;template:string};`
`78`	`80`	`const{ data, error, isLoading}=useQuery({`
`@@ -81,7 +83,7 @@ export const TemplateLayout: FC<PropsWithChildren> = ({`
`81`	`83`	`});`
`82`	`84`	`constworkspacePermissionsQuery=useQuery(`
`83`	`85`	`checkAuthorization({`
`84`		`-checks:workspacePermissionChecks(organizationName),`
	`86`	`+checks:workspacePermissionChecks(organizationName,me.id),`
`85`	`87`	`}),`
`86`	`88`	`);`
`87`	`89`

`‎site/src/pages/TemplatePage/TemplatePageHeader.stories.tsx`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ const meta: Meta<typeof TemplatePageHeader> = {`
`14`	`14`	`canUpdateTemplate:true,`
`15`	`15`	`},`
`16`	`16`	`workspacePermissions:{`
`17`		`-createWorkspaceForUser:true,`
	`17`	`+createWorkspace:true,`
`18`	`18`	`},`
`19`	`19`	`},`
`20`	`20`	`};`
`@@ -35,7 +35,7 @@ export const CanNotUpdate: Story = {`
`35`	`35`	`exportconstCannotCreateWorkspace:Story={`
`36`	`36`	`args:{`
`37`	`37`	`workspacePermissions:{`
`38`		`-createWorkspaceForUser:false,`
	`38`	`+createWorkspace:false,`
`39`	`39`	`},`
`40`	`40`	`},`
`41`	`41`	`};`

`‎site/src/pages/TemplatePage/TemplatePageHeader.tsx`

Lines changed: 10 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -179,17 +179,16 @@ export const TemplatePageHeader: FC<TemplatePageHeaderProps> = ({`
`179`	`179`	`<PageHeader`
`180`	`180`	`actions={`
`181`	`181`	`<>`
`182`		`-{!template.deprecated&&`
`183`		`-workspacePermissions.createWorkspaceForUser&&(`
`184`		`-<Button`
`185`		`-variant="contained"`
`186`		`-startIcon={<AddIcon/>}`
`187`		`-component={RouterLink}`
`188`		-to={`${templateLink}/workspace`}
`189`		`->`
`190`		`-Create Workspace`
`191`		`-</Button>`
`192`		`-)}`
	`182`	`+{!template.deprecated&&workspacePermissions.createWorkspace&&(`
	`183`	`+<Button`
	`184`	`+variant="contained"`
	`185`	`+startIcon={<AddIcon/>}`
	`186`	`+component={RouterLink}`
	`187`	+to={`${templateLink}/workspace`}
	`188`	`+>`
	`189`	`+Create Workspace`
	`190`	`+</Button>`
	`191`	`+)}`
`193`	`192`
`194`	`193`	`{permissions.canUpdateTemplate&&(`
`195`	`194`	`<TemplateMenu`

`‎site/src/pages/TemplatesPage/TemplatesPage.tsx`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import { pageTitle } from "utils/page";`
`11`	`11`	`import{TemplatesPageView}from"./TemplatesPageView";`
`12`	`12`
`13`	`13`	`exportconstTemplatesPage:FC=()=>{`
`14`		`-const{ permissions}=useAuthenticated();`
	`14`	`+const{ permissions,user:me}=useAuthenticated();`
`15`	`15`	`const{ showOrganizations}=useDashboard();`
`16`	`16`
`17`	`17`	`constsearchParamsResult=useSearchParams();`
`@@ -30,6 +30,7 @@ export const TemplatesPage: FC = () => {`
`30`	`30`	`constworkspacePermissionsQuery=useQuery(`
`31`	`31`	`workspacePermissionsByOrganization(`
`32`	`32`	`templatesQuery.data?.map((template)=>template.organization_id),`
	`33`	`+me.id,`
`33`	`34`	`),`
`34`	`35`	`);`
`35`	`36`

`‎site/src/pages/TemplatesPage/TemplatesPageView.stories.tsx`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ export const WithTemplates: Story = {`
`76`	`76`	`examples:[],`
`77`	`77`	`workspacePermissions:{`
`78`	`78`	`[MockTemplate.organization_id]:{`
`79`		`-createWorkspaceForUser:true,`
	`79`	`+createWorkspace:true,`
`80`	`80`	`},`
`81`	`81`	`},`
`82`	`82`	`},`
`@@ -94,7 +94,7 @@ export const CannotCreateWorkspaces: Story = {`
`94`	`94`	`...WithTemplates.args,`
`95`	`95`	`workspacePermissions:{`
`96`	`96`	`[MockTemplate.organization_id]:{`
`97`		`-createWorkspaceForUser:false,`
	`97`	`+createWorkspace:false,`
`98`	`98`	`},`
`99`	`99`	`},`
`100`	`100`	`},`

`‎site/src/pages/TemplatesPage/TemplatesPageView.tsx`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,7 @@ const TemplateRow: FC<TemplateRowProps> = ({`
`160`	`160`	`{template.deprecated ?(`
`161`	`161`	`<DeprecatedBadge/>`
`162`	`162`	`) :workspacePermissions?.[template.organization_id]`
`163`		`-?.createWorkspaceForUser ?(`
	`163`	`+?.createWorkspace ?(`
`164`	`164`	`<MuiButton`
`165`	`165`	`size="small"`
`166`	`166`	`css={styles.actionButton}`

`‎site/src/pages/WorkspacesPage/WorkspacesPage.tsx`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -40,14 +40,15 @@ const WorkspacesPage: FC = () => {`
`40`	`40`	`// each hook.`
`41`	`41`	`constsearchParamsResult=useSafeSearchParams();`
`42`	`42`	`constpagination=usePagination({ searchParamsResult});`
`43`		`-const{ permissions}=useAuthenticated();`
	`43`	`+const{ permissions,user:me}=useAuthenticated();`
`44`	`44`	`const{ entitlements}=useDashboard();`
`45`	`45`
`46`	`46`	`consttemplatesQuery=useQuery(templates());`
`47`	`47`
`48`	`48`	`constorgPermissionsQuery=useQuery(`
`49`	`49`	`workspacePermissionsByOrganization(`
`50`	`50`	`templatesQuery.data?.map((template)=>template.organization_id),`
	`51`	`+me.id,`
`51`	`52`	`),`
`52`	`53`	`);`
`53`	`54`
`@@ -59,7 +60,7 @@ const WorkspacesPage: FC = () => {`
`59`	`60`
`60`	`61`	`returntemplatesQuery.data.filter((template)=>{`
`61`	`62`	`constorgPermission=orgPermissionsQuery.data[template.organization_id];`
`62`		`-returnorgPermission?.createWorkspaceForUser;`
	`63`	`+returnorgPermission?.createWorkspace;`
`63`	`64`	`});`
`64`	`65`	`},[templatesQuery.data,orgPermissionsQuery.data]);`
`65`	`66`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitccfe1bd

File tree

12 files changed

12 files changed

`‎site/src/api/queries/organizations.ts`

`‎site/src/modules/permissions/workspaces.ts`

`‎site/src/pages/CreateWorkspacePage/CreateWorkspacePage.tsx`

`‎site/src/pages/CreateWorkspacePage/CreateWorkspacePageView.tsx`

`‎site/src/pages/CreateWorkspacePage/permissions.ts`

`‎site/src/pages/TemplatePage/TemplateLayout.tsx`

`‎site/src/pages/TemplatePage/TemplatePageHeader.stories.tsx`

`‎site/src/pages/TemplatePage/TemplatePageHeader.tsx`

`‎site/src/pages/TemplatesPage/TemplatesPage.tsx`

`‎site/src/pages/TemplatesPage/TemplatesPageView.stories.tsx`

`‎site/src/pages/TemplatesPage/TemplatesPageView.tsx`

`‎site/src/pages/WorkspacesPage/WorkspacesPage.tsx`

0 commit comments