Bug 1881386: hide Import with Wizard button when missing permissions #6725
Conversation
openshift-ci-robot
added
bugzilla/severity-high
|
@suomiy: This pull request references Bugzilla bug 1881386, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
approved
| }) | ||
| .then((result: SelfSubjectAccessReviewKind) => { | ||
| if (result?.status?.allowed) { | ||
| setImportAllowed(result?.status?.allowed); |
There was a problem hiding this comment.
can you replace result?.status?.allowed with true ?
we don't really using the result here, for example we can't set it to false in case the result is false
There was a problem hiding this comment.
it would be keeping the origin of that value. Nevertheless it doesn't really matter - changed to true
| setImportAllowed(result?.status?.allowed); | ||
| } | ||
| }) | ||
| .catch(() => setImportAllowed(true)); |
There was a problem hiding this comment.
why do we return true on fail, what am I missing ?
There was a problem hiding this comment.
this is the default behaviour of rbac in console. If you fail checking permisions for something, then do it and fail/succeed a bit later
There was a problem hiding this comment.
can you point to an example ?
I found 2 places where we default to false and did not not find places where we default to true
[1]
[2]
There was a problem hiding this comment.
There was a problem hiding this comment.
a - if you decide we should use this use case, you should also add the comment explaining the odd behaviour:
https://github.com/openshift/console/blob/master/frontend/public/components/utils/rbac.tsx#L114
b - this is not the default behaviour, useAccessReview2 is used far less then useAccessReview that defaults to false
https://github.com/openshift/console/blob/master/frontend/public/components/utils/rbac.tsx#L127
There was a problem hiding this comment.
useAccessReview uses useAccessReview2 under the hood, so it has the same behaviour and defaults to true
ok, copied the explanation there
atiratree
force-pushed
the
bug.1881386
branch
from
ee84e8b
to
29520fa
Compare
|
/lgtm |
|
/hold we need a comment to explain why we default to allow access when access check is failing (or default to dissallow) |
openshift-ci-robot
added
the
do-not-merge/hold
atiratree
force-pushed
the
bug.1881386
branch
from
29520fa
to
f5172c8
Compare
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: suomiy, yaacov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
|
@suomiy: All pull requests linked via external trackers have merged: Bugzilla bug 1881386 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
No description provided.