Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

fix: improve permissions checks in organization settings#16849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletionsite/e2e/tests/auditLogs.spec.ts
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -35,7 +35,6 @@ test("logins are logged", async ({ page }) => {
await page.goto("/audit");
const username = users.auditor.username;

const user = currentUser(page);
const loginMessage = `${username} logged in`;
// Make sure those things we did all actually show up
await resetSearch(page, username);
Expand Down
22 changes: 16 additions & 6 deletionssite/src/pages/GroupsPage/GroupsPage.tsx
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -2,14 +2,14 @@ import GroupAdd from "@mui/icons-material/GroupAddOutlined";
import { getErrorMessage } from "api/errors";
import { groupsByOrganization } from "api/queries/groups";
import { organizationsPermissions } from "api/queries/organizations";
import { ErrorAlert } from "components/Alert/ErrorAlert";
import { Button } from "components/Button/Button";
import { EmptyState } from "components/EmptyState/EmptyState";
import { displayError } from "components/GlobalSnackbar/utils";
import { Loader } from "components/Loader/Loader";
import { SettingsHeader } from "components/SettingsHeader/SettingsHeader";
import { Stack } from "components/Stack/Stack";
import { useFeatureVisibility } from "modules/dashboard/useFeatureVisibility";
import { RequirePermission } from "modules/permissions/RequirePermission";
import { type FC, useEffect } from "react";
import { Helmet } from "react-helmet-async";
import { useQuery } from "react-query";
Expand DownExpand Up@@ -54,16 +54,26 @@ export const GroupsPage: FC = () => {
return <Loader />;
}

const helmet = (
<Helmet>
<title>{pageTitle("Groups")}</title>
</Helmet>
);

const permissions = permissionsQuery.data?.[organization.id];
if (!permissions) {
return <ErrorAlert error={permissionsQuery.error} />;

if (!permissions?.viewGroups) {
return (
<>
{helmet}
<RequirePermission isFeatureVisible={false} />
</>
);
}

return (
<>
<Helmet>
<title>{pageTitle("Groups")}</title>
</Helmet>
{helmet}

<Stack
alignItems="baseline"
Expand Down
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -2,8 +2,8 @@ import { getErrorMessage } from "api/errors";
import { deleteOrganizationRole, organizationRoles } from "api/queries/roles";
import type { Role } from "api/typesGenerated";
import { DeleteDialog } from "components/Dialogs/DeleteDialog/DeleteDialog";
import { EmptyState } from "components/EmptyState/EmptyState";
import { displayError, displaySuccess } from "components/GlobalSnackbar/utils";
import { Loader } from "components/Loader/Loader";
import { SettingsHeader } from "components/SettingsHeader/SettingsHeader";
import { Stack } from "components/Stack/Stack";
import { useFeatureVisibility } from "modules/dashboard/useFeatureVisibility";
Expand All@@ -22,7 +22,7 @@ export const CustomRolesPage: FC = () => {
const { organization: organizationName } = useParams() as {
organization: string;
};
const { organizationPermissions } = useOrganizationSettings();
const {organization,organizationPermissions } = useOrganizationSettings();

const [roleToDelete, setRoleToDelete] = useState<Role>();

Expand All@@ -49,65 +49,67 @@ export const CustomRolesPage: FC = () => {
}
}, [organizationRolesQuery.error]);

if (!organizationPermissions) {
return <Loader />;
if (!organization) {
return <EmptyState message="Organization not found" />;
}

return (
<RequirePermission
isFeatureVisible={
organizationPermissions.assignOrgRoles ||
organizationPermissions.createOrgRoles ||
organizationPermissions.viewOrgRoles
}
>
<>
<Helmet>
<title>{pageTitle("Custom Roles")}</title>
<title>
{pageTitle(
"Custom Roles",
organization.display_name || organization.name,
)}
</title>
</Helmet>

<Stack
alignItems="baseline"
direction="row"
justifyContent="space-between"
<RequirePermission
isFeatureVisible={organizationPermissions?.viewOrgRoles ?? false}
>
<SettingsHeader
title="Roles"
description="Manage roles for this organization."
/>
</Stack>
<Stack
alignItems="baseline"
direction="row"
justifyContent="space-between"
>
<SettingsHeader
title="Roles"
description="Manage roles for this organization."
/>
</Stack>

<CustomRolesPageView
builtInRoles={builtInRoles}
customRoles={customRoles}
onDeleteRole={setRoleToDelete}
canAssignOrgRole={organizationPermissions.assignOrgRoles}
canCreateOrgRole={organizationPermissions.createOrgRoles}
isCustomRolesEnabled={isCustomRolesEnabled}
/>
<CustomRolesPageView
builtInRoles={builtInRoles}
customRoles={customRoles}
onDeleteRole={setRoleToDelete}
canAssignOrgRole={organizationPermissions?.assignOrgRoles ?? false}
canCreateOrgRole={organizationPermissions?.createOrgRoles ?? false}
isCustomRolesEnabled={isCustomRolesEnabled}
/>

<DeleteDialog
key={roleToDelete?.name}
isOpen={roleToDelete !== undefined}
confirmLoading={deleteRoleMutation.isLoading}
name={roleToDelete?.name ?? ""}
entity="role"
onCancel={() => setRoleToDelete(undefined)}
onConfirm={async () => {
try {
if (roleToDelete) {
await deleteRoleMutation.mutateAsync(roleToDelete.name);
<DeleteDialog
key={roleToDelete?.name}
isOpen={roleToDelete !== undefined}
confirmLoading={deleteRoleMutation.isLoading}
name={roleToDelete?.name ?? ""}
entity="role"
onCancel={() => setRoleToDelete(undefined)}
onConfirm={async () => {
try {
if (roleToDelete) {
await deleteRoleMutation.mutateAsync(roleToDelete.name);
}
setRoleToDelete(undefined);
await organizationRolesQuery.refetch();
displaySuccess("Custom role deleted successfully!");
} catch (error) {
displayError(
getErrorMessage(error, "Failed to delete custom role"),
);
}
setRoleToDelete(undefined);
await organizationRolesQuery.refetch();
displaySuccess("Custom role deleted successfully!");
} catch (error) {
displayError(
getErrorMessage(error, "Failed to delete custom role"),
);
}
}}
/>
</RequirePermission>
}}
/>
</RequirePermission>
</>
);
};

Expand Down
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -16,6 +16,7 @@ import { Link } from "components/Link/Link";
import { Paywall } from "components/Paywall/Paywall";
import { useFeatureVisibility } from "modules/dashboard/useFeatureVisibility";
import { useOrganizationSettings } from "modules/management/OrganizationSettingsLayout";
import { RequirePermission } from "modules/permissions/RequirePermission";
import { type FC, useEffect, useState } from "react";
import { Helmet } from "react-helmet-async";
import { useMutation, useQueries, useQuery, useQueryClient } from "react-query";
Expand All@@ -31,8 +32,7 @@ export const IdpSyncPage: FC = () => {
const { organization: organizationName } = useParams() as {
organization: string;
};
const { organizations } = useOrganizationSettings();
const organization = organizations?.find((o) => o.name === organizationName);
const { organization, organizationPermissions } = useOrganizationSettings();
const [groupField, setGroupField] = useState("");
const [roleField, setRoleField] = useState("");

Expand DownExpand Up@@ -80,6 +80,23 @@ export const IdpSyncPage: FC = () => {
return <EmptyState message="Organization not found" />;
}

const helmet = (
<Helmet>
<title>
{pageTitle("IdP Sync", organization.display_name || organization.name)}
</title>
</Helmet>
);

if (!organizationPermissions?.viewIdpSyncSettings) {
return (
<>
{helmet}
<RequirePermission isFeatureVisible={false} />
</>
);
}

const patchGroupSyncSettingsMutation = useMutation(
patchGroupSyncSettings(organizationName, queryClient),
);
Expand All@@ -103,9 +120,7 @@ export const IdpSyncPage: FC = () => {

return (
<>
<Helmet>
<title>{pageTitle("IdP Sync")}</title>
</Helmet>
{helmet}

<div className="flex flex-col gap-12">
<header className="flex flex-row items-baseline justify-between">
Expand Down
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -15,6 +15,7 @@ import { displayError, displaySuccess } from "components/GlobalSnackbar/utils";
import { Stack } from "components/Stack/Stack";
import { useAuthenticated } from "contexts/auth/RequireAuth";
import { useOrganizationSettings } from "modules/management/OrganizationSettingsLayout";
import { RequirePermission } from "modules/permissions/RequirePermission";
import { type FC, useState } from "react";
import { Helmet } from "react-helmet-async";
import { useMutation, useQuery, useQueryClient } from "react-query";
Expand DownExpand Up@@ -54,7 +55,7 @@ const OrganizationMembersPage: FC = () => {
const [memberToDelete, setMemberToDelete] =
useState<OrganizationMemberWithUserData>();

if (!organization || !organizationPermissions) {
if (!organization) {
return <EmptyState message="Organization not found" />;
}

Expand All@@ -66,6 +67,15 @@ const OrganizationMembersPage: FC = () => {
</Helmet>
);

if (!organizationPermissions) {
return (
<>
{helmet}
<RequirePermission isFeatureVisible={false} />
</>
);
}

return (
<>
{helmet}
Expand Down
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -4,6 +4,7 @@ import { EmptyState } from "components/EmptyState/EmptyState";
import { useEmbeddedMetadata } from "hooks/useEmbeddedMetadata";
import { useDashboard } from "modules/dashboard/useDashboard";
import { useOrganizationSettings } from "modules/management/OrganizationSettingsLayout";
import { RequirePermission } from "modules/permissions/RequirePermission";
import type { FC } from "react";
import { Helmet } from "react-helmet-async";
import { useQuery } from "react-query";
Expand All@@ -15,7 +16,7 @@ const OrganizationProvisionersPage: FC = () => {
const { organization: organizationName } = useParams() as {
organization: string;
};
const { organization } = useOrganizationSettings();
const { organization, organizationPermissions } = useOrganizationSettings();
const { entitlements } = useDashboard();
const { metadata } = useEmbeddedMetadata();
const buildInfoQuery = useQuery(buildInfo(metadata["build-info"]));
Expand All@@ -25,16 +26,29 @@ const OrganizationProvisionersPage: FC = () => {
return <EmptyState message="Organization not found" />;
}

const helmet = (
<Helmet>
<title>
{pageTitle(
"Provisioners",
organization.display_name || organization.name,
)}
</title>
</Helmet>
);

if (!organizationPermissions?.viewProvisioners) {
return (
<>
{helmet}
<RequirePermission isFeatureVisible={false} />
</>
);
}

return (
<>
<Helmet>
<title>
{pageTitle(
"Provisioners",
organization.display_name || organization.name,
)}
</title>
</Helmet>
{helmet}
<OrganizationProvisionersPageView
showPaywall={!entitlements.features.multiple_organizations.enabled}
error={provisionersQuery.error}
Expand Down
Loading
Loading
[8]ページ先頭
©2009-2025 Movatter.jp