- Notifications
You must be signed in to change notification settings - Fork927
feature: gate audit log by permissions#3464
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
site/src/AppRouter.tsx Outdated
| export const AppRouter: FC = () => { | ||
| const xServices = useContext(XServiceContext) | ||
| const [authState] = useActor(xServices.authXService) | ||
| const { permissions } = authState.context |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is probably a good place to useuseSelector instead ofuseActor so that we don't get re-renders for anything except permissions. In fact, I think my plan was to do that within a wrapper component so that it only gets accessed on pages that need it - seeRequireLicense herehttps://github.com/coder/coder/pull/3008/files#diff-8b4f166561cf1e9c08183827ef490e7741d6e79022122df7d835292bc3b3d0e7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm realizing now that I was thinking about licensing instead of role-based permissions, but maybe it's still a good idea? Up to you!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
That is a good idea! I will play around with the wrapper component when I get to licensing, and make sure permissions go in there, too, if possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The perm stuff looks good 👍. I'll flush out the perms for audit_log when the feature gets in.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
With the switch fromuseActor touseSelector, should be good!
resolves#3460
Only admin and auditor roles should have access to the new audit log. This PR gates both the link in the nav bar as well as the route itself in case someone navigates directly.