Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ui] Modify variable access permissions for UI users with write in only certain namespaces #24073

Merged
merged 4 commits into from
Oct 2, 2024
Merged

[ui] Modify variable access permissions for UI users with write in only certain namespaces #24073

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ac78fcd
Modify variable access permissions for UI users with write in only ce…
philrenaud Sep 26, 2024
468dc16
Addressing some PR comments
philrenaud Oct 1, 2024
ca70e85
Variables index namespaces on * and ability checks are now namespaced
philrenaud Oct 2, 2024
82f6a7e
Mistook Delete for Destroy, and update unit tests for mult-return all…
philrenaud Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/24073.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had * namespace variable write permissions
philrenaud marked this conversation as resolved.
Show resolved Hide resolved
```
27 changes: 17 additions & 10 deletions ui/app/abilities/variable.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,22 +116,29 @@ export default class Variable extends AbstractAbility {

@computed('allPaths', 'namespace', 'path', 'token.selfTokenPolicies')
get policiesSupportVariableWriting() {
if (this.namespace === WILDCARD_GLOB && this.path === WILDCARD_GLOB) {
// If you're checking if you can write from root, and you don't specify a namespace,
// Then if you can write in ANY path in ANY namespace, you can get to /new.
if (this.path === WILDCARD_GLOB) {
// If checking for write permission on the root path
return this.policyNamespacesIncludeVariablesCapabilities(
this.token.selfTokenPolicies,
['write'],
this._nearestMatchingPath(this.path)
WILDCARD_GLOB
);
tgross marked this conversation as resolved.
Show resolved Hide resolved
} else {
// Checking a specific path in a specific namespace.
// TODO: This doesn't cover the case when you're checking for the * namespace at a specific path.
// Right now we require you to specify yournamespace to enable the button.
// Checking a specific path
const matchingPath = this._nearestMatchingPath(this.path);
return this.allPaths
.find((path) => path.name === matchingPath)
?.capabilities?.includes('write');
if (this.namespace === WILDCARD_GLOB) {
// Checking for the * namespace at a specific path
return this.policyNamespacesIncludeVariablesCapabilities(
this.token.selfTokenPolicies,
['write'],
matchingPath
);
tgross marked this conversation as resolved.
Show resolved Hide resolved
} else {
// Checking a specific path in a specific namespace
return this.allPaths
.find((path) => path.name === matchingPath)
?.capabilities?.includes('write');
}
}
}

Expand Down
Loading