Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Adding Project access requires same role (#6270)
In order to prevent users from being able to assign roles/permissions they don't have, this PR adds a check that the user performing the action either is Admin, Project owner or has the same role they are trying to grant/add. This addAccess method is only used from Enterprise, so there will be a separate PR there, updating how we return the roles list for a user, so that our frontend can only present the roles a user is actually allowed to grant. This adds the validation to the backend to ensure that even if the frontend thinks we're allowed to add any role to any user here, the backend can be smart enough to stop it. We should still update frontend as well, so that it doesn't look like we can add roles we won't be allowed to.
- Loading branch information
Christopher Kolstad
committed
Feb 20, 2024
1 parent
4857a73
commit e9d9db1
Showing
20 changed files
with
652 additions
and
144 deletions.
There are no files selected for viewing
4 changes: 1 addition & 3 deletions
4
frontend/src/component/executiveDashboard/ExecutiveDashboard.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
frontend/src/hooks/api/getters/useUserProjectRoles/getUserProjectRolesFetcher.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
import { formatApiPath } from '../../../../utils/formatPath'; | ||
import handleErrorResponses from '../httpErrorResponseHandler'; | ||
|
||
export const getUserProjectRolesFetcher = (id: string) => { | ||
const fetcher = () => { | ||
const path = formatApiPath(`api/admin/user/roles?projectId=${id}`); | ||
return fetch(path, { | ||
method: 'GET', | ||
}) | ||
.then(handleErrorResponses('User Project roles')) | ||
.then((res) => res.json()); | ||
}; | ||
|
||
const KEY = `api/admin/projects/${id}/roles`; | ||
|
||
return { | ||
fetcher, | ||
KEY, | ||
}; | ||
}; |
26 changes: 26 additions & 0 deletions
26
frontend/src/hooks/api/getters/useUserProjectRoles/useUserProjectRoles.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
import { getUserProjectRolesFetcher } from './getUserProjectRolesFetcher'; | ||
import useSWR, { SWRConfiguration } from 'swr'; | ||
import { useCallback } from 'react'; | ||
import { IUserProjectRoles } from '../../../../interfaces/userProjectRoles'; | ||
|
||
export const useUserProjectRoles = ( | ||
projectId: string, | ||
options: SWRConfiguration = {}, | ||
) => { | ||
const { KEY, fetcher } = getUserProjectRolesFetcher(projectId); | ||
const { data, error, mutate } = useSWR<IUserProjectRoles>( | ||
KEY, | ||
fetcher, | ||
options, | ||
); | ||
|
||
const refetch = useCallback(() => { | ||
mutate(); | ||
}, [mutate]); | ||
return { | ||
roles: data?.roles || [], | ||
loading: !error && !data, | ||
error, | ||
refetch, | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
export interface IUserProjectRole { | ||
id: number; | ||
name: string; | ||
type: string; | ||
project?: string; | ||
description?: string; | ||
} | ||
|
||
export interface IUserProjectRoles { | ||
version: number; | ||
roles: IUserProjectRole[]; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.