Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: project tokens can now be created with the correct permissions #4165

Merged
merged 4 commits into from
Jul 6, 2023
Merged

fix: project tokens can now be created with the correct permissions #4165

merged 4 commits into from
Jul 6, 2023

Conversation

sighphyre
Copy link
Member

This fixes the creation of project only tokens (done through the project settings). When we redesigned the way tokens are created, we missed project specific tokens, which have their own permission set that wasn't respected. This forces only the project api for token creation to use the CREATE_PROJECT_API_TOKEN instead of the global CREATE_CLIENT_API_TOKEN or CREATE_FRONTEND_API_TOKEN

@vercel
Copy link

vercel bot commented Jul 6, 2023
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
unleash-monorepo-frontend ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jul 6, 2023 0:42am
1 Ignored Deployment
Name Status Preview Comments Updated (UTC)
unleash-docs ⬜️ Ignored (Inspect) Jul 6, 2023 0:42am

sighphyre
sighphyre commented Jul 6, 2023
View reviewed changes
src/lib/routes/admin-api/project/api-token.ts
const permissionRequired = tokenTypeToCreatePermission(
createToken.type,
);
const permissionRequired = CREATE_PROJECT_API_TOKEN;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creation of both frontend and client tokens use the same permission here. Seems to be a feature, not a bug so I've left it alone and allowed it to use that exact permission

sighphyre
sighphyre commented Jul 6, 2023
View reviewed changes
frontend/src/component/admin/apiToken/ApiTokenForm/useApiTokenForm.ts Outdated
},
];

const hasAdminAccess = useHasRootAccess(ADMIN);
const hasCreateFrontendAccess = useHasRootAccess(CREATE_FRONTEND_API_TOKEN);
const hasCreateFrontendTokenAccess = useHasRootAccess(CREATE_PROJECT_API_TOKEN, project);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CREATE_PROJECT_API_TOKEN gives access to create both front end and client tokens so this is intentional

chriswk
chriswk approved these changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@chriswk chriswk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. We just had a customer report this as well, nice to have a fix ready.

gastonfournier
gastonfournier approved these changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@gastonfournier gastonfournier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@sighphyre sighphyre merged commit 79dd508 into main Jul 6, 2023
17 checks passed
@sighphyre sighphyre deleted the fix/project-token-crud branch July 6, 2023 13:47
sighphyre added a commit that referenced this pull request Jul 6, 2023
@sighphyre
fix: project tokens can now be created with the correct permissions (#…
9778f54 
…4165)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chriswk chriswk chriswk approved these changes

@gastonfournier gastonfournier gastonfournier approved these changes

Assignees

@sighphyre sighphyre

Labels
None yet
Projects
Issues and PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sighphyre @chriswk @gastonfournier