Skip to content

fix: fix loading states and permissions checks in organization settings #16465

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Feb 19, 2025
Merged

fix: fix loading states and permissions checks in organization settings #16465

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
f3828b4
oh man what I have gotten myself into
aslilac Feb 5, 2025
cd61327
fix even more-er permissions
aslilac Feb 5, 2025
baccd65
Merge branch 'main' into lilac/fix-a-bunch-of-orgs-stuff
aslilac Feb 7, 2025
0a59089
oh yeah
aslilac Feb 7, 2025
379bacd
oh yeah
aslilac Feb 7, 2025
45b2ba6
🔥
aslilac Feb 7, 2025
b841aac
yes
aslilac Feb 8, 2025
d7990cf
🧹
aslilac Feb 8, 2025
acf5cc7
:)
aslilac Feb 8, 2025
6db6aa4
Merge branch 'main' into lilac/fix-a-bunch-of-orgs-stuff
aslilac Feb 11, 2025
c8db4f7
yay polish time
aslilac Feb 11, 2025
1bb6137
💀
aslilac Feb 11, 2025
44b84d1
Merge branch 'main' into lilac/fix-a-bunch-of-orgs-stuff
aslilac Feb 18, 2025
5cd198b
🧹
aslilac Feb 18, 2025
0cb6c4e
of course
aslilac Feb 18, 2025
b4227b2
fix some stories
aslilac Feb 18, 2025
5f6b248
a few more permissions fixes
aslilac Feb 18, 2025
81fbdf4
mmmmm bep
aslilac Feb 18, 2025
41ff221
:|
aslilac Feb 18, 2025
58a0876
testin'
aslilac Feb 18, 2025
71b3170
ok lets do this separately
aslilac Feb 18, 2025
37d87d3
add missing query to terminal page story
aslilac Feb 19, 2025
660cbda
🧹
aslilac Feb 19, 2025
b6024b5
Merge branch 'main' into lilac/fix-a-bunch-of-orgs-stuff
aslilac Feb 19, 2025
f0f3859
story fixes
aslilac Feb 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
a few more permissions fixes
  • Loading branch information
@aslilac
aslilac committed Feb 18, 2025
commit 5f6b24820546bf2a9ceda424aad52bb1e82ac25c
14 changes: 7 additions & 7 deletions coderd/rbac/roles.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,11 +324,10 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
// CRUD to provisioner daemons for now.
ResourceProvisionerDaemon.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
// Needs to read all organizations since
ResourceOrganization.Type: {policy.ActionRead},
ResourceUser.Type: {policy.ActionRead},
ResourceGroup.Type: {policy.ActionRead},
ResourceGroupMember.Type: {policy.ActionRead},
// Org roles are not really used yet, so grant the perm at the site level.
ResourceUser.Type: {policy.ActionRead},
ResourceGroup.Type: {policy.ActionRead},
ResourceGroupMember.Type: {policy.ActionRead},
ResourceOrganization.Type: {policy.ActionRead},
ResourceOrganizationMember.Type: {policy.ActionRead},
}),
Org: map[string][]Permission{},
Expand All @@ -347,10 +346,11 @@ func ReloadBuiltinRoles(opts *RoleOptions) {
policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete,
policy.ActionUpdatePersonal, policy.ActionReadPersonal,
},
ResourceGroup.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
ResourceGroupMember.Type: {policy.ActionRead},
ResourceOrganization.Type: {policy.ActionRead},
// Full perms to manage org members
ResourceOrganizationMember.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
ResourceGroup.Type: {policy.ActionCreate, policy.ActionRead, policy.ActionUpdate, policy.ActionDelete},
ResourceGroupMember.Type: {policy.ActionRead},
// Manage org membership based on OIDC claims
ResourceIdpsyncSettings.Type: {policy.ActionRead, policy.ActionUpdate},
}),
Expand Down
14 changes: 12 additions & 2 deletions site/src/modules/management/OrganizationSettingsLayout.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ import {
type OrganizationPermissions,
canViewOrganization,
} from "./organizationPermissions";
import { Paywall } from "components/Paywall/Paywall";
import { docs } from "utils/docs";

export const OrganizationSettingsContext = createContext<
OrganizationSettingsValue | undefined
Expand Down Expand Up @@ -46,7 +48,7 @@ export const useOrganizationSettings = (): OrganizationSettingsValue => {
};

const OrganizationSettingsLayout: FC = () => {
const { organizations } = useDashboard();
const { organizations, showOrganizations } = useDashboard();
const { organization: orgName } = useParams() as {
organization?: string;
};
Expand Down Expand Up @@ -123,7 +125,15 @@ const OrganizationSettingsLayout: FC = () => {
<hr className="h-px border-none bg-border" />
<div className="px-10 max-w-screen-2xl">
<Suspense fallback={<Loader />}>
<Outlet />
{showOrganizations ? (
<Outlet />
) : (
<Paywall
message="Organizations"
description="Organizations can be used to segment and isolate resources inside a Coder deployment. You need a Premium license to use this feature."
documentationLink={docs("/admin/users/organizations")}
/>
)}
</Suspense>
</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion site/src/modules/management/OrganizationSidebarView.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ const OrganizationSettingsNavigation: FC<
Roles
</SettingsSidebarNavItem>
)}
{orgPermissions.viewProvisioners && (
{orgPermissions.viewProvisionerJobs && (
<SettingsSidebarNavItem
href={urlForSubpage(organization.name, "provisioners")}
>
Expand Down
7 changes: 7 additions & 0 deletions site/src/modules/management/organizationPermissions.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,13 @@ export const organizationPermissionChecks = (organizationId: string) =>
},
action: "read",
},
viewProvisionerJobs: {
object: {
resource_type: "provisioner_jobs",
organization_id: organizationId,
},
action: "read",
},
viewIdpSyncSettings: {
object: {
resource_type: "idpsync_settings",
Expand Down
4 changes: 2 additions & 2 deletions site/src/pages/OrganizationSettingsPage/ProvisionersPage/ProvisionersPage.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,13 @@ import { ProvisionerDaemonsPage } from "./ProvisionerDaemonsPage";
import { ProvisionerJobsPage } from "./ProvisionerJobsPage";

const ProvisionersPage: FC = () => {
const { organization } = useOrganizationSettings();
const { organization, organizationPermissions } = useOrganizationSettings();
const tab = useSearchParamsKey({
key: "tab",
defaultValue: "jobs",
});

if (!organization) {
if (!organization || !organizationPermissions?.viewProvisionerJobs) {
return (
<>
<Helmet>
Expand Down
2 changes: 2 additions & 0 deletions site/src/testHelpers/entities.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2855,6 +2855,7 @@ export const MockOrganizationPermissions: OrganizationPermissions = {
createOrgRoles: true,
assignOrgRoles: true,
viewProvisioners: true,
viewProvisionerJobs: true,
viewIdpSyncSettings: true,
editIdpSyncSettings: true,
};
Expand All @@ -2870,6 +2871,7 @@ export const MockNoOrganizationPermissions: OrganizationPermissions = {
createOrgRoles: false,
assignOrgRoles: false,
viewProvisioners: false,
viewProvisionerJobs: false,
viewIdpSyncSettings: false,
editIdpSyncSettings: false,
};
Expand Down
Loading