Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Guard Add Users buttons on team details page #2762

Closed
bcmdarroch opened this issue Jan 30, 2020 · 0 comments
Closed

Guard Add Users buttons on team details page #2762

bcmdarroch opened this issue Jan 30, 2020 · 0 comments
Assignees
@srenatus
Labels
auth-team anything that needs to be on the auth team board automate-auth automate-ui ui
Milestone
Auth: Sprint 15

Comments

@bcmdarroch
Copy link
Contributor

bcmdarroch commented Jan 30, 2020
edited by srenatus
Loading

Describe the bug

Right now there is no mechanism for hiding the Add Users button on the team-details page when the logged-in user has no permissions.
Screen Shot 2020-01-30 at 9 47 00 AM

This will require refactoring the user-table a bit. Right now we're passing overridePermissions input to the table on team-details. This was because at the time we did not have parameterized introspection. Now we do! So let's fix this.

To Reproduce

  1. start Automate
  2. create a policy
echo '{
   "name": "testing",
   "id": "test1",
   "members": [
     "user:local:test"
   ],
   "statements": [
     {
       "effect": "ALLOW",
       "actions": ["iam:*:list", "iam:*:get"],
       "projects": [
         "*"
       ]
     }
   ],
   "projects": []
 }' >> pol.json

export TOK=`chef-automate iam token create ADM --admin`
curl -kH "api-token: $TOK" -X POST -d @pol.json https://localhost/apis/iam/v2/policies?pretty
  1. log in to the UI as admin
  2. create user test
  3. log in as user test
  4. navigate to https://a2-dev.test/settings/teams/admins
  5. you should be able to click Add Users, try to add some users, then get a 403 error

Expected behavior

If a logged-in user is allowed to see a team and its users but is not allowed to manage team membership, they will not see the Add Users button on the team details page.

Design Details

  • hide the add users button if they don't have permission to add users to a team
  • if they happen to navigate to the add users page of a team, display this message on the page: It looks like you don't have permission to add users to this team. Reach out to your administrator or contact Chef Support for help. with Chef Support being an open in new tab link to our support page

Visual Design of Message

this or similar, feel free to use other properties to do the same thing

margin-top: 80px;
font-size: 18px;
line-height: 28px;

no-permission

TBD if we also want to make some changes to the team-add-users modal in the case that someone without permissions navigated directly to https://a2-dev.test/settings/teams/admins/add-users. That would require some UX design from @susanev.
@bcmdarroch bcmdarroch added automate-auth ui automate-ui auth-team anything that needs to be on the auth team board needs-triage labels Jan 30, 2020
@bcmdarroch bcmdarroch mentioned this issue Jan 30, 2020
Merged
5 tasks
@susanev susanev added this to the Auth: Sprint 13 milestone Apr 15, 2020
@srenatus srenatus self-assigned this May 19, 2020
@srenatus srenatus changed the title Guard Add Users buttons on team add user modal Guard Add Users buttons on team details page May 19, 2020
@srenatus srenatus mentioned this issue May 19, 2020
Merged
3 tasks
srenatus added a commit that referenced this issue May 29, 2020
@srenatus @msorens
#2762 guard add users button on team details view (#3736)
22e5d7d 
* automate-ui: misc small changes

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* automate-ui/user-table: expose {get,create}PermissionsPaths, use in team-details

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* automate-ui/team-add-users: add no-access blank page

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* Full page render

Leverage the existing full-page rendering.
1. Setting the confirm button text to empty suppresses the lower buttons.
2. Use the same close handler to return to team details on exit.
3. A bit of a kludge: using the `heading` attribute to trigger the full page settings.

Signed-off-by: michael sorens <msorens@chef.io>

* automate-ui/authorized.component: remove overrideVisible

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* teams.proto: fix and amend example payloads

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* teams.proto: fix and amend example payloads [regen]

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* automate-ui/team-details: update specs

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* Add line breaks for consistency and clarity

Signed-off-by: michael sorens <msorens@chef.io>

* Unit test fixes identified by wallaby

It is occasionally "more correct" than the standard test runner

Signed-off-by: michael sorens <msorens@chef.io>

* Delete those defamatory falsehoods

Signed-off-by: michael sorens <msorens@chef.io>

* user-table: guard "add some users to get started"

The message to be shown when the user cannot add users is TBD.

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* user-table: change "no create perms" message

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* project-details: remove whitespace

Signed-off-by: Stephan Renatus <srenatus@chef.io>

* Make app-user-table ignorant of its consumers

Let the body of the `<app-user-table>` provide the text
of a "no-users-present-and-no-permissions-to-add-them" message.

Signed-off-by: michael sorens <msorens@chef.io>

Co-authored-by: michael sorens <msorens@chef.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srenatus srenatus

Labels
auth-team anything that needs to be on the auth team board automate-auth automate-ui ui
Projects
None yet
Milestone
Auth: Sprint 15
Development

No branches or pull requests
3 participants
@srenatus @susanev @bcmdarroch