Skip to content

/health and /stats are always called when hitting the dashboard, regardless of user permissions #10743

New issue
New issue
Closed
#11062
Closed
/health and /stats are always called when hitting the dashboard, regardless of user permissions#10743
#11062
Assignees
BrunoQuaresma
Labels
enterpriseEnterprise-license / premium functionalitys4Internal bugs (e.g. test flakes), extreme edge cases, and bug riskssiteArea: frontend dashboard
@ericpaulsen

Description

@ericpaulsen
ericpaulsen
opened on Nov 16, 2023

the deployment stats footer displays if the API call returns a 200, and is hidden if it returns a non-200 code. this results in every unauthorized user (non Owners) inadvertently spamming the logs with 400s, because they are (correctly) unauthorized to view the /deployment/stats and /debug/health routes.

this is causing log noise for our customers.

this should be added to the /api/v2/authcheck list and conditionally call viewDeploymentStats here:

coder/site/src/components/AuthProvider/permissions.tsx

Lines 84 to 88 in 9f3a955

[checks.viewDeploymentStats]: {
object: {
resource_type: "deployment_stats",
},
action: "read",

Metadata

Metadata

Assignees

Labels

enterpriseEnterprise-license / premium functionalitys4Internal bugs (e.g. test flakes), extreme edge cases, and bug riskssiteArea: frontend dashboard

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions