11import type { QueryClient } from "react-query" ;
22import { API } from "api/api" ;
33import type {
4- AuthorizationCheck ,
54 AuthorizationResponse ,
65 CreateOrganizationRequest ,
76 Organization ,
@@ -124,60 +123,6 @@ export const provisionerDaemons = (organization: string) => {
124123 } ;
125124} ;
126125
127- const orgChecks = (
128- organizationId : string ,
129- ) : Record < string , AuthorizationCheck > => ( {
130- viewMembers : {
131- object : {
132- resource_type : "organization_member" ,
133- organization_id : organizationId ,
134- } ,
135- action : "read" ,
136- } ,
137- editMembers : {
138- object : {
139- resource_type : "organization_member" ,
140- organization_id : organizationId ,
141- } ,
142- action : "update" ,
143- } ,
144- createGroup : {
145- object : {
146- resource_type : "group" ,
147- organization_id : organizationId ,
148- } ,
149- action : "create" ,
150- } ,
151- viewGroups : {
152- object : {
153- resource_type : "group" ,
154- organization_id : organizationId ,
155- } ,
156- action : "read" ,
157- } ,
158- editGroups : {
159- object : {
160- resource_type : "group" ,
161- organization_id : organizationId ,
162- } ,
163- action : "update" ,
164- } ,
165- editOrganization : {
166- object : {
167- resource_type : "organization" ,
168- organization_id : organizationId ,
169- } ,
170- action : "update" ,
171- } ,
172- auditOrganization : {
173- object : {
174- resource_type : "audit_log" ,
175- organization_id : organizationId ,
176- } ,
177- action : "read" ,
178- } ,
179- } ) ;
180-
181126/**
182127 * Fetch permissions for a single organization.
183128 *
@@ -190,7 +135,31 @@ export const organizationPermissions = (organizationId: string | undefined) => {
190135 return {
191136 queryKey : [ "organization" , organizationId , "permissions" ] ,
192137 queryFn : ( ) =>
193- API . checkAuthorization ( { checks : orgChecks ( organizationId ) } ) ,
138+ // Only request what we use on individual org settings, members, and group
139+ // pages, which at the moment is whether you can edit the members on the
140+ // members page and whether you can see the create group button on the
141+ // groups page. The edit organization check for the settings page is
142+ // covered by the multi-org query at the moment, and the edit group check
143+ // on the group page is done on the group itself, not the org, so neither
144+ // show up here.
145+ API . checkAuthorization ( {
146+ checks : {
147+ editMembers : {
148+ object : {
149+ resource_type : "organization_member" ,
150+ organization_id : organizationId ,
151+ } ,
152+ action : "update" ,
153+ } ,
154+ createGroup : {
155+ object : {
156+ resource_type : "group" ,
157+ organization_id : organizationId ,
158+ } ,
159+ action : "create" ,
160+ } ,
161+ } ,
162+ } ) ,
194163 } ;
195164} ;
196165
@@ -209,19 +178,54 @@ export const organizationsPermissions = (
209178 return {
210179 queryKey : [ "organizations" , "permissions" ] ,
211180 queryFn : async ( ) => {
181+ // Only request what we need for the sidebar, which is one edit permission
182+ // per sub-link (audit page, settings page, groups page, and members page)
183+ // that tells us whether to show that page, since we only show them if you
184+ // can edit (and not, at the moment if you can only view).
185+ const checks = ( organizationId : string ) => ( {
186+ editMembers : {
187+ object : {
188+ resource_type : "organization_member" ,
189+ organization_id : organizationId ,
190+ } ,
191+ action : "update" ,
192+ } ,
193+ editGroups : {
194+ object : {
195+ resource_type : "group" ,
196+ organization_id : organizationId ,
197+ } ,
198+ action : "update" ,
199+ } ,
200+ editOrganization : {
201+ object : {
202+ resource_type : "organization" ,
203+ organization_id : organizationId ,
204+ } ,
205+ action : "update" ,
206+ } ,
207+ auditOrganization : {
208+ object : {
209+ resource_type : "audit_log" ,
210+ organization_id : organizationId ,
211+ } ,
212+ action : "read" ,
213+ } ,
214+ } ) ;
215+
212216 // The endpoint takes a flat array, so to avoid collisions prepend each
213217 // check with the org ID (the key can be anything we want).
214- const checks = organizations
218+ const prefixedChecks = organizations
215219 . map ( ( org ) =>
216- Object . entries ( orgChecks ( org . id ) ) . map ( ( [ key , val ] ) => [
220+ Object . entries ( checks ( org . id ) ) . map ( ( [ key , val ] ) => [
217221 `${ org . id } ${ key } ,
218222 val ,
219223 ] ) ,
220224 )
221225 . flat ( ) ;
222226
223227 const response = await API . checkAuthorization ( {
224- checks : Object . fromEntries ( checks ) ,
228+ checks : Object . fromEntries ( prefixedChecks ) ,
225229 } ) ;
226230
227231 // Now we can unflatten by parsing out the org ID from each check.
0 commit comments