Skip to content

Member roles have access to template version promote, leads to 404 #15850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stirby opened this issue Dec 12, 2024 · 4 comments · Fixed by #17511
Closed

Member roles have access to template version promote, leads to 404 #15850

stirby opened this issue Dec 12, 2024 · 4 comments · Fixed by #17511
Assignees
@BrunoQuaresma
Labels
s3 Bugs that confuse, annoy, or are purely cosmetic site Area: frontend dashboard

Comments

@stirby
Copy link
Collaborator

stirby commented Dec 12, 2024

In the dashboard under Templates -> <Template> -> Versions, users with the member role may view, but not click, the "Promote" button to set an active version for a template. They can click anywhere in the version listing; when they do, it returns a 404.

Image

In general, there's no reason for developers to see the versions page as they are not managing template status. Thus, we should hide the "versions" section entirely and redirect non-template-admins when they navigate here directly.
@stirby stirby added s3 Bugs that confuse, annoy, or are purely cosmetic site Area: frontend dashboard labels Dec 12, 2024
@coder-labeler coder-labeler bot added the needs-triage Issue that require triage label Dec 12, 2024
@stirby
Copy link
Collaborator Author

stirby commented Dec 12, 2024

Produced on 2.18, still need to check 2.17 (stable).

@stirby stirby removed the needs-triage Issue that require triage label Dec 12, 2024
@stirby stirby marked this as a duplicate of #16129 Jan 14, 2025
@stirby stirby mentioned this issue Jan 14, 2025
Closed
@stirby
Copy link
Collaborator Author

stirby commented Jan 14, 2025

Let's prioritize this for next sprint. It's bothering customers.

@stirby stirby closed this as completed Jan 14, 2025
@stirby stirby reopened this Jan 14, 2025
@coder-labeler coder-labeler bot added bug risk Prone to bugs needs-triage Issue that require triage labels Jan 14, 2025
@matifali
Copy link
Member

Additional context from #16129

  • A user with a member role can list all versions of a template and click the Promote button.
    • This action currently does nothing (no-op).
    • Suggestion: Disable or hide the Promote button to prevent accidental clicks.
Image
  • When clicking on a template version, users encounter a 404 error with a vague message.
    • Suggestion: Display a clear RBAC (Role-Based Access Control) error explaining that the user cannot access this page.
Image

@matifali matifali removed bug risk Prone to bugs needs-triage Issue that require triage labels Jan 15, 2025
@dannykopping
Copy link
Contributor

I ran into this today; this is quite a rough UX.

@BrunoQuaresma BrunoQuaresma mentioned this issue Apr 22, 2025
Merged
BrunoQuaresma added a commit that referenced this issue Apr 22, 2025
@BrunoQuaresma
fix: don't show promote button for members (#17511)
83b2c9b 
Fix #15850
gcp-cherry-pick-bot bot pushed a commit that referenced this issue Apr 22, 2025
@BrunoQuaresma
fix: don't show promote button for members (#17511)
8ec201b 
Fix #15850
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this issue Apr 22, 2025
Merged
matifali pushed a commit that referenced this issue Apr 24, 2025
@gcp-cherry-pick-bot
fix: don't show promote button for members (cherry-pick #17511) (#17513)
1e8ac6c 
Co-authored-by: Bruno Quaresma <bruno@coder.com>
Co-authored-by: M Atif Ali <atif@coder.com>
fix: don't show promote button for members (#17511)
Fix #15850
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BrunoQuaresma BrunoQuaresma

Labels
s3 Bugs that confuse, annoy, or are purely cosmetic site Area: frontend dashboard
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: don't show promote button for members coder/coder
4 participants
@dannykopping @BrunoQuaresma @matifali @stirby