NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commitec11f11

authored

fix: improve permissions checks in organization settings (#16849)

1 parent092c129 commitec11f11Copy full SHA for ec11f11

File tree

12 files changed

+193

-132

lines changed

site
- e2e/tests
  - auditLogs.spec.ts
- src/pages
  - GroupsPage
    - GroupsPage.tsx
  - OrganizationSettingsPage
    - CustomRolesPage
      - CustomRolesPage.tsx
    - IdpSyncPage
      - IdpSyncPage.tsx
    - OrganizationMembersPage.tsx
    - OrganizationProvisionersPage.tsx
    - OrganizationSettingsPage.tsx
    - ProvisionersPage
      - ProvisionersPage.tsx
  - TemplatePage
    - TemplatePageHeader.tsx
  - UserSettingsPage
    - ExternalAuthPage
      - ExternalAuthPageView.tsx
    - Sidebar.tsx
  - UsersPage
    - UsersPage.tsx

12 files changed

+193

-132

lines changed

`‎site/e2e/tests/auditLogs.spec.ts‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,6 @@ test("logins are logged", async ({ page }) => {`
`35`	`35`	`awaitpage.goto("/audit");`
`36`	`36`	`constusername=users.auditor.username;`
`37`	`37`
`38`		`-constuser=currentUser(page);`
`39`	`38`	constloginMessage=`${username} logged in`;
`40`	`39`	`// Make sure those things we did all actually show up`
`41`	`40`	`awaitresetSearch(page,username);`

`‎site/src/pages/GroupsPage/GroupsPage.tsx‎`

Lines changed: 16 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,14 +2,14 @@ import GroupAdd from "@mui/icons-material/GroupAddOutlined";`
`2`	`2`	`import{getErrorMessage}from"api/errors";`
`3`	`3`	`import{groupsByOrganization}from"api/queries/groups";`
`4`	`4`	`import{organizationsPermissions}from"api/queries/organizations";`
`5`		`-import{ErrorAlert}from"components/Alert/ErrorAlert";`
`6`	`5`	`import{Button}from"components/Button/Button";`
`7`	`6`	`import{EmptyState}from"components/EmptyState/EmptyState";`
`8`	`7`	`import{displayError}from"components/GlobalSnackbar/utils";`
`9`	`8`	`import{Loader}from"components/Loader/Loader";`
`10`	`9`	`import{SettingsHeader}from"components/SettingsHeader/SettingsHeader";`
`11`	`10`	`import{Stack}from"components/Stack/Stack";`
`12`	`11`	`import{useFeatureVisibility}from"modules/dashboard/useFeatureVisibility";`
	`12`	`+import{RequirePermission}from"modules/permissions/RequirePermission";`
`13`	`13`	`import{typeFC,useEffect}from"react";`
`14`	`14`	`import{Helmet}from"react-helmet-async";`
`15`	`15`	`import{useQuery}from"react-query";`
`@@ -54,16 +54,26 @@ export const GroupsPage: FC = () => {`
`54`	`54`	`return<Loader/>;`
`55`	`55`	`}`
`56`	`56`
	`57`	`+consthelmet=(`
	`58`	`+<Helmet>`
	`59`	`+<title>{pageTitle("Groups")}</title>`
	`60`	`+</Helmet>`
	`61`	`+);`
	`62`	`+`
`57`	`63`	`constpermissions=permissionsQuery.data?.[organization.id];`
`58`		`-if(!permissions){`
`59`		`-return<ErrorAlerterror={permissionsQuery.error}/>;`
	`64`	`+`
	`65`	`+if(!permissions?.viewGroups){`
	`66`	`+return(`
	`67`	`+<>`
	`68`	`+{helmet}`
	`69`	`+<RequirePermissionisFeatureVisible={false}/>`
	`70`	`+</>`
	`71`	`+);`
`60`	`72`	`}`
`61`	`73`
`62`	`74`	`return(`
`63`	`75`	`<>`
`64`		`-<Helmet>`
`65`		`-<title>{pageTitle("Groups")}</title>`
`66`		`-</Helmet>`
	`76`	`+{helmet}`
`67`	`77`
`68`	`78`	`<Stack`
`69`	`79`	`alignItems="baseline"`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPage.tsx‎`

Lines changed: 54 additions & 52 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,8 @@ import { getErrorMessage } from "api/errors";`
`2`	`2`	`import{deleteOrganizationRole,organizationRoles}from"api/queries/roles";`
`3`	`3`	`importtype{Role}from"api/typesGenerated";`
`4`	`4`	`import{DeleteDialog}from"components/Dialogs/DeleteDialog/DeleteDialog";`
	`5`	`+import{EmptyState}from"components/EmptyState/EmptyState";`
`5`	`6`	`import{displayError,displaySuccess}from"components/GlobalSnackbar/utils";`
`6`		`-import{Loader}from"components/Loader/Loader";`
`7`	`7`	`import{SettingsHeader}from"components/SettingsHeader/SettingsHeader";`
`8`	`8`	`import{Stack}from"components/Stack/Stack";`
`9`	`9`	`import{useFeatureVisibility}from"modules/dashboard/useFeatureVisibility";`
`@@ -22,7 +22,7 @@ export const CustomRolesPage: FC = () => {`
`22`	`22`	`const{organization:organizationName}=useParams()as{`
`23`	`23`	`organization:string;`
`24`	`24`	`};`
`25`		`-const{ organizationPermissions}=useOrganizationSettings();`
	`25`	`+const{organization,organizationPermissions}=useOrganizationSettings();`
`26`	`26`
`27`	`27`	`const[roleToDelete,setRoleToDelete]=useState<Role>();`
`28`	`28`
`@@ -49,65 +49,67 @@ export const CustomRolesPage: FC = () => {`
`49`	`49`	`}`
`50`	`50`	`},[organizationRolesQuery.error]);`
`51`	`51`
`52`		`-if(!organizationPermissions){`
`53`		`-return<Loader/>;`
	`52`	`+if(!organization){`
	`53`	`+return<EmptyStatemessage="Organization not found"/>;`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`return(`
`57`		`-<RequirePermission`
`58`		`-isFeatureVisible={`
`59`		`-organizationPermissions.assignOrgRoles\|\|`
`60`		`-organizationPermissions.createOrgRoles\|\|`
`61`		`-organizationPermissions.viewOrgRoles`
`62`		`-}`
`63`		`->`
	`57`	`+<>`
`64`	`58`	`<Helmet>`
`65`		`-<title>{pageTitle("Custom Roles")}</title>`
	`59`	`+<title>`
	`60`	`+{pageTitle(`
	`61`	`+"Custom Roles",`
	`62`	`+organization.display_name\|\|organization.name,`
	`63`	`+)}`
	`64`	`+</title>`
`66`	`65`	`</Helmet>`
`67`		`-`
`68`		`-<Stack`
`69`		`-alignItems="baseline"`
`70`		`-direction="row"`
`71`		`-justifyContent="space-between"`
	`66`	`+<RequirePermission`
	`67`	`+isFeatureVisible={organizationPermissions?.viewOrgRoles??false}`
`72`	`68`	`>`
`73`		`-<SettingsHeader`
`74`		`-title="Roles"`
`75`		`-description="Manage roles for this organization."`
`76`		`-/>`
`77`		`-</Stack>`
	`69`	`+<Stack`
	`70`	`+alignItems="baseline"`
	`71`	`+direction="row"`
	`72`	`+justifyContent="space-between"`
	`73`	`+>`
	`74`	`+<SettingsHeader`
	`75`	`+title="Roles"`
	`76`	`+description="Manage roles for this organization."`
	`77`	`+/>`
	`78`	`+</Stack>`
`78`	`79`
`79`		`-<CustomRolesPageView`
`80`		`-builtInRoles={builtInRoles}`
`81`		`-customRoles={customRoles}`
`82`		`-onDeleteRole={setRoleToDelete}`
`83`		`-canAssignOrgRole={organizationPermissions.assignOrgRoles}`
`84`		`-canCreateOrgRole={organizationPermissions.createOrgRoles}`
`85`		`-isCustomRolesEnabled={isCustomRolesEnabled}`
`86`		`-/>`
	`80`	`+<CustomRolesPageView`
	`81`	`+builtInRoles={builtInRoles}`
	`82`	`+customRoles={customRoles}`
	`83`	`+onDeleteRole={setRoleToDelete}`
	`84`	`+canAssignOrgRole={organizationPermissions?.assignOrgRoles??false}`
	`85`	`+canCreateOrgRole={organizationPermissions?.createOrgRoles??false}`
	`86`	`+isCustomRolesEnabled={isCustomRolesEnabled}`
	`87`	`+/>`
`87`	`88`
`88`		`-<DeleteDialog`
`89`		`-key={roleToDelete?.name}`
`90`		`-isOpen={roleToDelete!==undefined}`
`91`		`-confirmLoading={deleteRoleMutation.isLoading}`
`92`		`-name={roleToDelete?.name??""}`
`93`		`-entity="role"`
`94`		`-onCancel={()=>setRoleToDelete(undefined)}`
`95`		`-onConfirm={async()=>{`
`96`		`-try{`
`97`		`-if(roleToDelete){`
`98`		`-awaitdeleteRoleMutation.mutateAsync(roleToDelete.name);`
	`89`	`+<DeleteDialog`
	`90`	`+key={roleToDelete?.name}`
	`91`	`+isOpen={roleToDelete!==undefined}`
	`92`	`+confirmLoading={deleteRoleMutation.isLoading}`
	`93`	`+name={roleToDelete?.name??""}`
	`94`	`+entity="role"`
	`95`	`+onCancel={()=>setRoleToDelete(undefined)}`
	`96`	`+onConfirm={async()=>{`
	`97`	`+try{`
	`98`	`+if(roleToDelete){`
	`99`	`+awaitdeleteRoleMutation.mutateAsync(roleToDelete.name);`
	`100`	`+}`
	`101`	`+setRoleToDelete(undefined);`
	`102`	`+awaitorganizationRolesQuery.refetch();`
	`103`	`+displaySuccess("Custom role deleted successfully!");`
	`104`	`+}catch(error){`
	`105`	`+displayError(`
	`106`	`+getErrorMessage(error,"Failed to delete custom role"),`
	`107`	`+);`
`99`	`108`	`}`
`100`		`-setRoleToDelete(undefined);`
`101`		`-awaitorganizationRolesQuery.refetch();`
`102`		`-displaySuccess("Custom role deleted successfully!");`
`103`		`-}catch(error){`
`104`		`-displayError(`
`105`		`-getErrorMessage(error,"Failed to delete custom role"),`
`106`		`-);`
`107`		`-}`
`108`		`-}}`
`109`		`-/>`
`110`		`-</RequirePermission>`
	`109`	`+}}`
	`110`	`+/>`
	`111`	`+</RequirePermission>`
	`112`	`+</>`
`111`	`113`	`);`
`112`	`114`	`};`
`113`	`115`

`‎site/src/pages/OrganizationSettingsPage/IdpSyncPage/IdpSyncPage.tsx‎`

Lines changed: 20 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ import { Link } from "components/Link/Link";`
`16`	`16`	`import{Paywall}from"components/Paywall/Paywall";`
`17`	`17`	`import{useFeatureVisibility}from"modules/dashboard/useFeatureVisibility";`
`18`	`18`	`import{useOrganizationSettings}from"modules/management/OrganizationSettingsLayout";`
	`19`	`+import{RequirePermission}from"modules/permissions/RequirePermission";`
`19`	`20`	`import{typeFC,useEffect,useState}from"react";`
`20`	`21`	`import{Helmet}from"react-helmet-async";`
`21`	`22`	`import{useMutation,useQueries,useQuery,useQueryClient}from"react-query";`
`@@ -31,8 +32,7 @@ export const IdpSyncPage: FC = () => {`
`31`	`32`	`const{organization:organizationName}=useParams()as{`
`32`	`33`	`organization:string;`
`33`	`34`	`};`
`34`		`-const{ organizations}=useOrganizationSettings();`
`35`		`-constorganization=organizations?.find((o)=>o.name===organizationName);`
	`35`	`+const{ organization, organizationPermissions}=useOrganizationSettings();`
`36`	`36`	`const[groupField,setGroupField]=useState("");`
`37`	`37`	`const[roleField,setRoleField]=useState("");`
`38`	`38`
`@@ -80,6 +80,23 @@ export const IdpSyncPage: FC = () => {`
`80`	`80`	`return<EmptyStatemessage="Organization not found"/>;`
`81`	`81`	`}`
`82`	`82`
	`83`	`+consthelmet=(`
	`84`	`+<Helmet>`
	`85`	`+<title>`
	`86`	`+{pageTitle("IdP Sync",organization.display_name\|\|organization.name)}`
	`87`	`+</title>`
	`88`	`+</Helmet>`
	`89`	`+);`
	`90`	`+`
	`91`	`+if(!organizationPermissions?.viewIdpSyncSettings){`
	`92`	`+return(`
	`93`	`+<>`
	`94`	`+{helmet}`
	`95`	`+<RequirePermissionisFeatureVisible={false}/>`
	`96`	`+</>`
	`97`	`+);`
	`98`	`+}`
	`99`	`+`
`83`	`100`	`constpatchGroupSyncSettingsMutation=useMutation(`
`84`	`101`	`patchGroupSyncSettings(organizationName,queryClient),`
`85`	`102`	`);`
`@@ -103,9 +120,7 @@ export const IdpSyncPage: FC = () => {`
`103`	`120`
`104`	`121`	`return(`
`105`	`122`	`<>`
`106`		`-<Helmet>`
`107`		`-<title>{pageTitle("IdP Sync")}</title>`
`108`		`-</Helmet>`
	`123`	`+{helmet}`
`109`	`124`
`110`	`125`	`<divclassName="flex flex-col gap-12">`
`111`	`126`	`<headerclassName="flex flex-row items-baseline justify-between">`

`‎site/src/pages/OrganizationSettingsPage/OrganizationMembersPage.tsx‎`

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ import { displayError, displaySuccess } from "components/GlobalSnackbar/utils";`
`15`	`15`	`import{Stack}from"components/Stack/Stack";`
`16`	`16`	`import{useAuthenticated}from"contexts/auth/RequireAuth";`
`17`	`17`	`import{useOrganizationSettings}from"modules/management/OrganizationSettingsLayout";`
	`18`	`+import{RequirePermission}from"modules/permissions/RequirePermission";`
`18`	`19`	`import{typeFC,useState}from"react";`
`19`	`20`	`import{Helmet}from"react-helmet-async";`
`20`	`21`	`import{useMutation,useQuery,useQueryClient}from"react-query";`
`@@ -54,7 +55,7 @@ const OrganizationMembersPage: FC = () => {`
`54`	`55`	`const[memberToDelete,setMemberToDelete]=`
`55`	`56`	`useState<OrganizationMemberWithUserData>();`
`56`	`57`
`57`		`-if(!organization\|\|!organizationPermissions){`
	`58`	`+if(!organization){`
`58`	`59`	`return<EmptyStatemessage="Organization not found"/>;`
`59`	`60`	`}`
`60`	`61`
`@@ -66,6 +67,15 @@ const OrganizationMembersPage: FC = () => {`
`66`	`67`	`</Helmet>`
`67`	`68`	`);`
`68`	`69`
	`70`	`+if(!organizationPermissions){`
	`71`	`+return(`
	`72`	`+<>`
	`73`	`+{helmet}`
	`74`	`+<RequirePermissionisFeatureVisible={false}/>`
	`75`	`+</>`
	`76`	`+);`
	`77`	`+}`
	`78`	`+`
`69`	`79`	`return(`
`70`	`80`	`<>`
`71`	`81`	`{helmet}`

`‎site/src/pages/OrganizationSettingsPage/OrganizationProvisionersPage.tsx‎`

Lines changed: 23 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ import { EmptyState } from "components/EmptyState/EmptyState";`
`4`	`4`	`import{useEmbeddedMetadata}from"hooks/useEmbeddedMetadata";`
`5`	`5`	`import{useDashboard}from"modules/dashboard/useDashboard";`
`6`	`6`	`import{useOrganizationSettings}from"modules/management/OrganizationSettingsLayout";`
	`7`	`+import{RequirePermission}from"modules/permissions/RequirePermission";`
`7`	`8`	`importtype{FC}from"react";`
`8`	`9`	`import{Helmet}from"react-helmet-async";`
`9`	`10`	`import{useQuery}from"react-query";`
`@@ -15,7 +16,7 @@ const OrganizationProvisionersPage: FC = () => {`
`15`	`16`	`const{organization:organizationName}=useParams()as{`
`16`	`17`	`organization:string;`
`17`	`18`	`};`
`18`		`-const{ organization}=useOrganizationSettings();`
	`19`	`+const{ organization, organizationPermissions}=useOrganizationSettings();`
`19`	`20`	`const{ entitlements}=useDashboard();`
`20`	`21`	`const{ metadata}=useEmbeddedMetadata();`
`21`	`22`	`constbuildInfoQuery=useQuery(buildInfo(metadata["build-info"]));`
`@@ -25,16 +26,29 @@ const OrganizationProvisionersPage: FC = () => {`
`25`	`26`	`return<EmptyStatemessage="Organization not found"/>;`
`26`	`27`	`}`
`27`	`28`
	`29`	`+consthelmet=(`
	`30`	`+<Helmet>`
	`31`	`+<title>`
	`32`	`+{pageTitle(`
	`33`	`+"Provisioners",`
	`34`	`+organization.display_name\|\|organization.name,`
	`35`	`+)}`
	`36`	`+</title>`
	`37`	`+</Helmet>`
	`38`	`+);`
	`39`	`+`
	`40`	`+if(!organizationPermissions?.viewProvisioners){`
	`41`	`+return(`
	`42`	`+<>`
	`43`	`+{helmet}`
	`44`	`+<RequirePermissionisFeatureVisible={false}/>`
	`45`	`+</>`
	`46`	`+);`
	`47`	`+}`
	`48`	`+`
`28`	`49`	`return(`
`29`	`50`	`<>`
`30`		`-<Helmet>`
`31`		`-<title>`
`32`		`-{pageTitle(`
`33`		`-"Provisioners",`
`34`		`-organization.display_name\|\|organization.name,`
`35`		`-)}`
`36`		`-</title>`
`37`		`-</Helmet>`
	`51`	`+{helmet}`
`38`	`52`	`<OrganizationProvisionersPageView`
`39`	`53`	`showPaywall={!entitlements.features.multiple_organizations.enabled}`
`40`	`54`	`error={provisionersQuery.error}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitec11f11

File tree

12 files changed

12 files changed

`‎site/e2e/tests/auditLogs.spec.ts‎`

`‎site/src/pages/GroupsPage/GroupsPage.tsx‎`

`‎site/src/pages/OrganizationSettingsPage/CustomRolesPage/CustomRolesPage.tsx‎`

`‎site/src/pages/OrganizationSettingsPage/IdpSyncPage/IdpSyncPage.tsx‎`

`‎site/src/pages/OrganizationSettingsPage/OrganizationMembersPage.tsx‎`

`‎site/src/pages/OrganizationSettingsPage/OrganizationProvisionersPage.tsx‎`

0 commit comments