Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Display action buttons if there's ACL access #1320

Merged
merged 4 commits into from Jan 17, 2024
Merged

Display action buttons if there's ACL access #1320

merged 4 commits into from Jan 17, 2024

Conversation

Aravindh-Raju
Copy link
Member

@Aravindh-Raju Aravindh-Raju commented Oct 13, 2023
edited

Fixes #1316 and #1322.

Changes in this pull request:

  • Display the Update and Delete buttons in Zones view when a user has Write and Delete ACL rules applied. Only the Update button will be displayed if there's only Write ACL rule. Both Update and Delete will be displayed if there's Delete ACL rule.

@Aravindh-Raju Aravindh-Raju self-assigned this Oct 13, 2023
@codecov
Copy link

codecov bot commented Oct 13, 2023
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

see 1 file with indirect coverage changes

📢 Thoughts on this report? Let us know!.

nspadaccino
nspadaccino reviewed Oct 17, 2023
View reviewed changes
Copy link
Member

@nspadaccino nspadaccino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works for private zones, but for shared zones the change makes the buttons available for all unowned records. When we opened up the ability to view shared zones to all users, we kept it so that they wouldn't be able to update or delete records from that view #1162.

If we want to stick with that choice, then if a group has an ACL granting delete access for just A records in a shared zone, they should just see the buttons for A records. Same goes for ACL on a specific record mask.

However, maybe this is something we want to change. Maybe limiting access to the update and delete buttons in shared zones is too restrictive?

@Aravindh-Raju
Copy link
Member Author

This works for private zones, but for shared zones the change makes the buttons available for all unowned records. When we opened up the ability to view shared zones to all users, we kept it so that they wouldn't be able to update or delete records from that view #1162.

If we want to stick with that choice, then if a group has an ACL granting delete access for just A records in a shared zone, they should just see the buttons for A records. Same goes for ACL on a specific record mask.

However, maybe this is something we want to change. Maybe limiting access to the update and delete buttons in shared zones is too restrictive?

I've made changes to hide the action buttons in shared zones for now. We shall discuss things we want to do about shared zones as discussed and open a separate PR for that.

@nspadaccino nspadaccino added this to the v0.19.4 milestone Oct 24, 2023
@nspadaccino
Copy link
Member

Created issue #1322 to show buttons in shared zones

nspadaccino
nspadaccino previously approved these changes Oct 25, 2023
View reviewed changes
Copy link
Member

@nspadaccino nspadaccino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@Aravindh-Raju Aravindh-Raju force-pushed the aravindhr/show-action-buttons-if-access branch from 9e0aba7 to 1f07093 Compare October 30, 2023 07:18
nspadaccino
nspadaccino approved these changes Nov 1, 2023
View reviewed changes
Copy link
Member

@nspadaccino nspadaccino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally, looks good, ACL rules are making the proper buttons show up in private zones, and users can now edit and delete unowned records in shared zones directly via zone view

@nspadaccino nspadaccino merged commit d9aa430 into vinyldns:master Jan 17, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nspadaccino nspadaccino nspadaccino approved these changes

@JoshSEdwards JoshSEdwards JoshSEdwards approved these changes

@arpit4ever arpit4ever Awaiting requested review from arpit4ever

@Jay07GIT Jay07GIT Awaiting requested review from Jay07GIT

Assignees

@Aravindh-Raju Aravindh-Raju

Labels
None yet
Projects
None yet
Milestone
v0.19.4
Development

Successfully merging this pull request may close these issues.

Users are not able to view Edit/Delete buttons on records which they have ACLs for
3 participants
@Aravindh-Raju @nspadaccino @JoshSEdwards