New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1881386: hide Import with Wizard button when missing permissions #6725
Conversation
@suomiy: This pull request references Bugzilla bug 1881386, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
}) | ||
.then((result: SelfSubjectAccessReviewKind) => { | ||
if (result?.status?.allowed) { | ||
setImportAllowed(result?.status?.allowed); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you replace result?.status?.allowed
with true
?
we don't really using the result
here, for example we can't set it to false
in case the result is false
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would be keeping the origin of that value. Nevertheless it doesn't really matter - changed to true
setImportAllowed(result?.status?.allowed); | ||
} | ||
}) | ||
.catch(() => setImportAllowed(true)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do we return true
on fail, what am I missing ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the default behaviour of rbac in console. If you fail checking permisions for something, then do it and fail/succeed a bit later
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you point to an example ?
I found 2 places where we default to false
and did not not find places where we default to true
[1]
console/frontend/packages/dev-console/src/components/import/image-search/ImageStreamNsDropdown.tsx
Line 38 in e7565ea
.catch(() => dispatch({ type: Action.setHasAccessToPullImage, value: false })), |
[2]
return null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a - if you decide we should use this use case, you should also add the comment explaining the odd behaviour:
https://github.com/openshift/console/blob/master/frontend/public/components/utils/rbac.tsx#L114
b - this is not the default behaviour, useAccessReview2
is used far less then useAccessReview
that defaults to false
https://github.com/openshift/console/blob/master/frontend/public/components/utils/rbac.tsx#L127
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
useAccessReview
uses useAccessReview2
under the hood, so it has the same behaviour and defaults to true
ok, copied the explanation there
ee84e8b
to
29520fa
Compare
/lgtm |
/hold we need a comment to explain why we default to allow access when access check is failing (or default to dissallow) |
29520fa
to
f5172c8
Compare
/hold cancel |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: suomiy, yaacov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest |
@suomiy: All pull requests linked via external trackers have merged: Bugzilla bug 1881386 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
No description provided.