Skip to content

fix: fix permissions for workspace creation #17241

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Apr 3, 2025
Merged

fix: fix permissions for workspace creation #17241

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
55ed653
fix: fix permissions for workspace creation
jaaydenh Apr 3, 2025
19fcd6f
fix: format
jaaydenh Apr 3, 2025
af721d2
fix: remove checkbox component
jaaydenh Apr 3, 2025
49951a6
fix: revert create createWorkspaceForUser permissions
jaaydenh Apr 3, 2025
0b13269
fix: get org id for permission check on template layout
jaaydenh Apr 3, 2025
d1f7eb0
Revert "fix: get org id for permission check on template layout"
jaaydenh Apr 3, 2025
5f4b733
Merge branch 'main' into jaaydenh/workspace-creation-fix
jaaydenh Apr 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions site/src/api/queries/organizations.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -306,6 +306,7 @@ export const organizationsPermissions = (

export const workspacePermissionsByOrganization = (
organizationIds: string[] | undefined,
userId: string,
) => {
if (!organizationIds) {
return { enabled: false };
Expand All @@ -315,10 +316,9 @@ export const workspacePermissionsByOrganization = (
queryKey: ["workspaces", organizationIds.sort(), "permissions"],
queryFn: async () => {
const prefixedChecks = organizationIds.flatMap((orgId) =>
Object.entries(workspacePermissionChecks(orgId)).map(([key, val]) => [
`${orgId}.${key}`,
val,
]),
Object.entries(workspacePermissionChecks(orgId, userId)).map(
([key, val]) => [`${orgId}.${key}`, val],
),
);

const response = await API.checkAuthorization({
Expand Down
9 changes: 6 additions & 3 deletions site/src/modules/permissions/workspaces.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
export const workspacePermissionChecks = (organizationId: string) =>
export const workspacePermissionChecks = (
organizationId: string,
userId: string,
) =>
({
createWorkspaceForUser: {
createWorkspace: {
object: {
resource_type: "workspace",
organization_id: organizationId,
owner_id: "*",
owner_id: userId,
},
action: "create",
},
Expand Down
9 changes: 3 additions & 6 deletions site/src/pages/CreateWorkspacePage/CreateWorkspacePage.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,6 @@ import { Loader } from "components/Loader/Loader";
import { useAuthenticated } from "contexts/auth/RequireAuth";
import { useEffectEvent } from "hooks/hookPolyfills";
import { useDashboard } from "modules/dashboard/useDashboard";
import {
type WorkspacePermissions,
workspacePermissionChecks,
} from "modules/permissions/workspaces";
import { generateWorkspaceName } from "modules/workspaces/generateWorkspaceName";
import { type FC, useCallback, useEffect, useRef, useState } from "react";
import { Helmet } from "react-helmet-async";
Expand All @@ -30,6 +26,7 @@ import { pageTitle } from "utils/page";
import type { AutofillBuildParameter } from "utils/richParameters";
import { paramsUsedToCreateWorkspace } from "utils/workspace";
import { CreateWorkspacePageView } from "./CreateWorkspacePageView";
import { type CreateWSPermissions, createWorkspaceChecks } from "./permissions";

export const createWorkspaceModes = ["form", "auto", "duplicate"] as const;
export type CreateWorkspaceMode = (typeof createWorkspaceModes)[number];
Expand Down Expand Up @@ -67,7 +64,7 @@ const CreateWorkspacePage: FC = () => {
const permissionsQuery = useQuery(
templateQuery.data
? checkAuthorization({
checks: workspacePermissionChecks(templateQuery.data.organization_id),
checks: createWorkspaceChecks(templateQuery.data.organization_id),
})
: { enabled: false },
);
Expand Down Expand Up @@ -209,7 +206,7 @@ const CreateWorkspacePage: FC = () => {
externalAuthPollingState={externalAuthPollingState}
startPollingExternalAuth={startPollingExternalAuth}
hasAllRequiredExternalAuth={hasAllRequiredExternalAuth}
permissions={permissionsQuery.data as WorkspacePermissions}
permissions={permissionsQuery.data as CreateWSPermissions}
parameters={realizedParameters as TemplateVersionParameter[]}
presets={templateVersionPresetsQuery.data ?? []}
creatingWorkspace={createWorkspaceMutation.isLoading}
Expand Down
5 changes: 2 additions & 3 deletions site/src/pages/CreateWorkspacePage/CreateWorkspacePageView.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ import { Stack } from "components/Stack/Stack";
import { Switch } from "components/Switch/Switch";
import { UserAutocomplete } from "components/UserAutocomplete/UserAutocomplete";
import { type FormikContextType, useFormik } from "formik";
import type { WorkspacePermissions } from "modules/permissions/workspaces";
import { generateWorkspaceName } from "modules/workspaces/generateWorkspaceName";
import { type FC, useCallback, useEffect, useMemo, useState } from "react";
import {
Expand All @@ -47,7 +46,7 @@ import type {
ExternalAuthPollingState,
} from "./CreateWorkspacePage";
import { ExternalAuthButton } from "./ExternalAuthButton";

import type { CreateWSPermissions } from "./permissions";
export const Language = {
duplicationWarning:
"Duplicating a workspace only copies its parameters. No state from the old workspace is copied over.",
Expand All @@ -69,7 +68,7 @@ export interface CreateWorkspacePageViewProps {
parameters: TypesGen.TemplateVersionParameter[];
autofillParameters: AutofillBuildParameter[];
presets: TypesGen.Preset[];
permissions: WorkspacePermissions;
permissions: CreateWSPermissions;
creatingWorkspace: boolean;
onCancel: () => void;
onSubmit: (
Expand Down
16 changes: 16 additions & 0 deletions site/src/pages/CreateWorkspacePage/permissions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
export const createWorkspaceChecks = (organizationId: string) =>
({
createWorkspaceForUser: {
object: {
resource_type: "workspace",
organization_id: organizationId,
owner_id: "*",
},
action: "create",
},
}) as const;

export type CreateWSPermissions = Record<
keyof ReturnType<typeof createWorkspaceChecks>,
boolean
>;
4 changes: 3 additions & 1 deletion site/src/pages/TemplatePage/TemplateLayout.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import { ErrorAlert } from "components/Alert/ErrorAlert";
import { Loader } from "components/Loader/Loader";
import { Margins } from "components/Margins/Margins";
import { TabLink, Tabs, TabsList } from "components/Tabs/Tabs";
import { useAuthenticated } from "contexts/auth/RequireAuth";
import { workspacePermissionChecks } from "modules/permissions/workspaces";
import {
type FC,
Expand Down Expand Up @@ -73,6 +74,7 @@ export const TemplateLayout: FC<PropsWithChildren> = ({
children = <Outlet />,
}) => {
const navigate = useNavigate();
const { user: me } = useAuthenticated();
const { organization: organizationName = "default", template: templateName } =
useParams() as { organization?: string; template: string };
const { data, error, isLoading } = useQuery({
Expand All @@ -81,7 +83,7 @@ export const TemplateLayout: FC<PropsWithChildren> = ({
});
const workspacePermissionsQuery = useQuery(
checkAuthorization({
checks: workspacePermissionChecks(organizationName),
checks: workspacePermissionChecks(organizationName, me.id),
}),
);

Expand Down
4 changes: 2 additions & 2 deletions site/src/pages/TemplatePage/TemplatePageHeader.stories.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ const meta: Meta<typeof TemplatePageHeader> = {
canUpdateTemplate: true,
},
workspacePermissions: {
createWorkspaceForUser: true,
createWorkspace: true,
},
},
};
Expand All @@ -35,7 +35,7 @@ export const CanNotUpdate: Story = {
export const CannotCreateWorkspace: Story = {
args: {
workspacePermissions: {
createWorkspaceForUser: false,
createWorkspace: false,
},
},
};
Expand Down
21 changes: 10 additions & 11 deletions site/src/pages/TemplatePage/TemplatePageHeader.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,17 +179,16 @@ export const TemplatePageHeader: FC<TemplatePageHeaderProps> = ({
<PageHeader
actions={
<>
{!template.deprecated &&
workspacePermissions.createWorkspaceForUser && (
<Button
variant="contained"
startIcon={<AddIcon />}
component={RouterLink}
to={`${templateLink}/workspace`}
>
Create Workspace
</Button>
)}
{!template.deprecated && workspacePermissions.createWorkspace && (
<Button
variant="contained"
startIcon={<AddIcon />}
component={RouterLink}
to={`${templateLink}/workspace`}
>
Create Workspace
</Button>
)}

{permissions.canUpdateTemplate && (
<TemplateMenu
Expand Down
3 changes: 2 additions & 1 deletion site/src/pages/TemplatesPage/TemplatesPage.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import { pageTitle } from "utils/page";
import { TemplatesPageView } from "./TemplatesPageView";

export const TemplatesPage: FC = () => {
const { permissions } = useAuthenticated();
const { permissions, user: me } = useAuthenticated();
const { showOrganizations } = useDashboard();

const searchParamsResult = useSearchParams();
Expand All @@ -30,6 +30,7 @@ export const TemplatesPage: FC = () => {
const workspacePermissionsQuery = useQuery(
workspacePermissionsByOrganization(
templatesQuery.data?.map((template) => template.organization_id),
me.id,
),
);

Expand Down
4 changes: 2 additions & 2 deletions site/src/pages/TemplatesPage/TemplatesPageView.stories.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ export const WithTemplates: Story = {
examples: [],
workspacePermissions: {
[MockTemplate.organization_id]: {
createWorkspaceForUser: true,
createWorkspace: true,
},
},
},
Expand All @@ -94,7 +94,7 @@ export const CannotCreateWorkspaces: Story = {
...WithTemplates.args,
workspacePermissions: {
[MockTemplate.organization_id]: {
createWorkspaceForUser: false,
createWorkspace: false,
},
},
},
Expand Down
2 changes: 1 addition & 1 deletion site/src/pages/TemplatesPage/TemplatesPageView.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ const TemplateRow: FC<TemplateRowProps> = ({
{template.deprecated ? (
<DeprecatedBadge />
) : workspacePermissions?.[template.organization_id]
?.createWorkspaceForUser ? (
?.createWorkspace ? (
<MuiButton
size="small"
css={styles.actionButton}
Expand Down
5 changes: 3 additions & 2 deletions site/src/pages/WorkspacesPage/WorkspacesPage.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,15 @@ const WorkspacesPage: FC = () => {
// each hook.
const searchParamsResult = useSafeSearchParams();
const pagination = usePagination({ searchParamsResult });
const { permissions } = useAuthenticated();
const { permissions, user: me } = useAuthenticated();
const { entitlements } = useDashboard();

const templatesQuery = useQuery(templates());

const orgPermissionsQuery = useQuery(
workspacePermissionsByOrganization(
templatesQuery.data?.map((template) => template.organization_id),
me.id,
),
);

Expand All @@ -59,7 +60,7 @@ const WorkspacesPage: FC = () => {

return templatesQuery.data.filter((template) => {
const orgPermission = orgPermissionsQuery.data[template.organization_id];
return orgPermission?.createWorkspaceForUser;
return orgPermission?.createWorkspace;
});
}, [templatesQuery.data, orgPermissionsQuery.data]);

Expand Down
Loading