Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: [WD-19336] Storage volumes permission checks #1134

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

feat: [WD-19336] Storage volumes permission checks #1134

wants to merge 7 commits into from

Conversation

Kxiru
Copy link
Contributor

@Kxiru Kxiru commented Mar 4, 2025
edited
Loading

Done

Storage Volumes page

  • if instance view permission is missing we should disable linking to the instance
  • if image view permission is missing we should disable linking to the image list
  • disable create volume button if user does not have permission
  • disable add snapshot button if user does not have permission
  • disable button if user does not have permission to delete a SV (DeleteStorageVolumeComponent x2)
  • disable rename header if permission is missing
  • disable SV migrate button if user does not have permission
  • disable SV duplicate button if user does not have permission for any projects

See Storage Volume Permission Actions for full list of implemented / pending actions to permission check.

QA

  1. Run the LXD-UI:
  2. Perform the following QA steps:
    • [List the steps to QA the new feature(s) or prove that a bug has been resolved]

Screenshots

image

@Kxiru Kxiru requested a review from edlerd March 4, 2025 23:48
@Kxiru Kxiru self-assigned this Mar 4, 2025
@webteam-app
Copy link

Demo

Jenkins

demos.haus

@Kxiru Kxiru changed the title Storage volumes permission checks feat: [WD-19336] Storage volumes permission checks Mar 5, 2025
@Kxiru Kxiru force-pushed the storage-volumes-permission-checks branch from 1322d75 to 64663ef Compare March 5, 2025 01:15
@Kxiru Kxiru force-pushed the storage-volumes-permission-checks branch from 64663ef to d3efcd7 Compare March 5, 2025 01:22
edlerd
edlerd reviewed Mar 5, 2025
View reviewed changes
Copy link
Collaborator

@edlerd edlerd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good direction. Some comments on the draft below.

src/api/instances.tsx
@@ -21,6 +21,7 @@ export const instanceEntitlements = [
"can_delete",
"can_edit",
"can_exec",
"can_view",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"can_view",

We never check view permission explicitly. If a user knows an entity exists, they can view it. We can always infer this permission.

src/pages/storage/MigrateVolumeBtn.tsx
@@ -157,7 +159,7 @@ const MigrateVolumeBtn: FC<Props> = ({
type="button"
className={classname}
loading={isVolumeLoading}
disabled={isVolumeLoading}
disabled={!canEditVolume(storageVolume) || isVolumeLoading}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should always add a title explaining why something is disabled. In this new case, add a copy about the missing permission. See other places in the codebase for example copy. The loading state has other cues for why the button is disabled, so we don't need a title for those.

src/pages/storage/StorageVolumeHeader.tsx
@@ -123,7 +125,9 @@ const StorageVolumeHeader: FC<Props> = ({ volume, project }) => {
renameDisabledReason={
(volume.used_by?.length ?? 0) > 0
? "Can not rename, volume is currently in use."
: undefined
: !canEditVolume(volume)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Readability will benefit from extracting the logic into a function with early exits instead of nested ternaries.

src/pages/storage/StorageVolumeNameLink.tsx

return (
<div className={classnames("u-flex", className)}>
<div
className={classnames("u-truncate", "volume-name-link")}
title={caption}
title={volume.name}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The title should match the truncated contents.

Suggested change
title={volume.name}
title={caption}

src/pages/storage/StorageVolumeNameLink.tsx
Comment on lines +43 to +47
const caption = overrideName
? displayLink
? overrideName
: ""
: volume.name;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly, this is to not render anything in the right-hand column on the volume list. Currently, we still render some markup with titles and empty string as content in the case that link should be hidden. Better simplify and avoid the empty markup, as suggested below?

Might be worth adding a comment or solving this in a more straight forward way to make it easy to understand.

Suggested change
const caption = overrideName
? displayLink
? overrideName
: ""
: volume.name;
const caption = overrideName ? overrideName : volume.name;
if (overrideName && !displayLink) {
return null;
}

src/pages/storage/actions/CreateVolumeBtn.tsx
@@ -27,6 +35,7 @@ const CreateVolumeBtn: FC<Props> = ({ project, className, defaultPool }) => {
hasIcon={!isSmallScreen}
onClick={handleAdd}
className={className}
disabled={!canCreateStorageVolumes(project)}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a title.

src/pages/storage/actions/DuplicateVolumeBtn.tsx
@@ -31,6 +33,7 @@ const DuplicateVolumeBtn: FC<Props> = ({ volume, className, onClose }) => {
className={className}
onClick={openPortal}
title="Duplicate volume"
disabled={!canCreateStorageVolumes(volume)}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Title please

src/pages/storage/actions/snapshots/VolumeAddSnapshotBtn.tsx
Comment on lines +42 to +44
: !canManageStorageVolumeSnapshots(volume)
? "You do not have permission to create or delete snapshots of this volume."
: "Add Snapshot"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably better to extract this into a function with early exits as well. Then the disabled check below can use that same function. See how DeleteStoragePoolBtn is doing it for an example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edlerd edlerd edlerd left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@Kxiru Kxiru

Labels
Review: Code needed Review: QA needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Kxiru @webteam-app @edlerd