External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-10 15:32:07 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fix rbac around credential access add button (#14290)

Browse Source
This commit is contained in:
Michael Abashian 2023-08-03 09:18:21 -04:00 committed by GitHub
parent 7e4cf859f5
commit aec9a9ca56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
awx/ui/src/components/ResourceAccessList/ResourceAccessList.js
View File

@ -1,10 +1,10 @@
import React, { useCallback, useEffect, useState } from 'react';
import { useLocation } from 'react-router-dom';
import { t } from '@lingui/macro';
import { RolesAPI, TeamsAPI, UsersAPI, OrganizationsAPI } from 'api';
import { RolesAPI, TeamsAPI, UsersAPI } from 'api';
import { getQSConfig, parseQueryString } from 'util/qs';
import useRequest, { useDeleteItems } from 'hooks/useRequest';
import { useUserProfile, useConfig } from 'contexts/Config';
import { useUserProfile } from 'contexts/Config';
import AddResourceRole from '../AddRole/AddResourceRole';
import AlertModal from '../AlertModal';
import DataListToolbar from '../DataListToolbar';
@ -25,8 +25,7 @@ const QS_CONFIG = getQSConfig('access', {
});
function ResourceAccessList({ apiModel, resource }) {
const { isSuperUser, isOrgAdmin } = useUserProfile();
const { me } = useConfig();
const { isSuperUser } = useUserProfile();
const [submitError, setSubmitError] = useState(null);
const [deletionRecord, setDeletionRecord] = useState(null);
const [deletionRole, setDeletionRole] = useState(null);
@ -34,42 +33,15 @@ function ResourceAccessList({ apiModel, resource }) {
const [showDeleteModal, setShowDeleteModal] = useState(false);
const location = useLocation();
const {
isLoading: isFetchingOrgAdmins,
error: errorFetchingOrgAdmins,
request: fetchOrgAdmins,
result: { isCredentialOrgAdmin },
} = useRequest(
useCallback(async () => {
if (
isSuperUser ||
resource.type !== 'credential' ||
!isOrgAdmin ||
!resource?.organization
) {
return false;
}
const {
data: { count },
} = await OrganizationsAPI.readAdmins(resource.organization, {
id: me.id,
});
return { isCredentialOrgAdmin: !!count };
}, [me.id, isOrgAdmin, isSuperUser, resource.type, resource.organization]),
{
isCredentialOrgAdmin: false,
}
);
useEffect(() => {
fetchOrgAdmins();
}, [fetchOrgAdmins]);
let canAddAdditionalControls = false;
if (isSuperUser) {
canAddAdditionalControls = true;
}
if (resource.type === 'credential' && isOrgAdmin && isCredentialOrgAdmin) {
if (
resource.type === 'credential' &&
resource?.summary_fields?.user_capabilities?.edit &&
resource?.organization
) {
canAddAdditionalControls = true;
}
if (resource.type !== 'credential') {
@ -195,8 +167,8 @@ function ResourceAccessList({ apiModel, resource }) {
return (
<>
<PaginatedTable
error={contentError || errorFetchingOrgAdmins}
hasContentLoading={isLoading || isDeleteLoading || isFetchingOrgAdmins}
error={contentError}
hasContentLoading={isLoading || isDeleteLoading}
items={accessRecords}
itemCount={itemCount}
pluralizedItemName={t`Roles`}

18
awx/ui/src/components/ResourceAccessList/ResourceAccessList.test.js
View File

@ -463,7 +463,7 @@ describe('<ResourceAccessList />', () => {
expect(wrapper.find('ToolbarAddButton').length).toEqual(1);
});
test('should not show add button for non system admin & non org admin', async () => {
test('should not show add button for a user without edit permissions on the credential', async () => {
useUserProfile.mockImplementation(() => {
return {
isSuperUser: false,
@ -476,7 +476,21 @@ describe('<ResourceAccessList />', () => {
let wrapper;
await act(async () => {
wrapper = mountWithContexts(
<ResourceAccessList resource={credential} apiModel={CredentialsAPI} />,
<ResourceAccessList
resource={{
...credential,
summary_fields: {
...credential.summary_fields,
user_capabilities: {
edit: false,
delete: false,
copy: false,
use: false,
},
},
}}
apiModel={CredentialsAPI}
/>,
{ context: { router: { credentialHistory } } }
);
});