Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-09-05 17:53:12 +02:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/fix-check-for-admin-permission-in-group-access-assignment' into pick-all-roles

Browse Source
This commit is contained in:
Gastón Fournier 2024-06-18 15:03:24 +02:00
commit cdfa4eb7fe
No known key found for this signature in database
GPG Key ID: AF45428626E17A8E
2 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx
View File

@ -38,6 +38,8 @@ import { caseInsensitiveSearch } from 'utils/search';
import type { IServiceAccount } from 'interfaces/service-account';
import { MultipleRoleSelect } from 'component/common/MultipleRoleSelect/MultipleRoleSelect';
import type { IUserProjectRole } from '../../../../interfaces/userProjectRoles';
import { useCheckProjectPermissions } from 'hooks/useHasAccess';
import { ADMIN } from 'component/providers/AccessProvider/permissions';
const StyledForm = styled('form')(() => ({
display: 'flex',
@ -119,6 +121,8 @@ export const ProjectAccessAssign = ({
useProjectApi();
const edit = Boolean(selected);
const checkPermissions = useCheckProjectPermissions(projectId);
const { setToastData, setToastApiError } = useToast();
const navigate = useNavigate();
@ -323,11 +327,10 @@ export const ProjectAccessAssign = ({
const isValid = selectedOptions.length > 0 && selectedRoles.length > 0;
const displayAllRoles =
checkPermissions(ADMIN) ||
userRoles.length === 0 ||
userRoles.some(
(userRole) =>
userRole.name === 'Admin' || userRole.name === 'Owner',
);
userRoles.some((userRole) => userRole.name === 'Owner');
let filteredRoles: IRole[];
if (displayAllRoles) {
filteredRoles = roles;

18
src/lib/features/project/project-service.ts
View File

@ -52,6 +52,7 @@ import {
SYSTEM_USER_ID,
type ProjectCreated,
type IProjectOwnersReadModel,
ADMIN,
} from '../../types';
import type {
IProjectAccessModel,
@ -838,16 +839,21 @@ export default class ProjectService {
}
private async isAllowedToAddAccess(
userAddingAccess: number,
userAddingAccess: IAuditUser,
projectId: string,
rolesBeingAdded: number[],
): Promise<boolean> {
const userPermissions =
await this.accessService.getPermissionsForUser(userAddingAccess);
if (userPermissions.some(({ permission }) => permission === ADMIN)) {
return true;
}
const userRoles = await this.accessService.getAllProjectRolesForUser(
userAddingAccess,
userAddingAccess.id,
projectId,
);
if (
this.isAdmin(userAddingAccess, userRoles) ||
this.isAdmin(userAddingAccess.id, userRoles) ||
this.isProjectOwner(userRoles, projectId)
) {
return true;
@ -864,7 +870,7 @@ export default class ProjectService {
users: number[],
auditUser: IAuditUser,
): Promise<void> {
if (await this.isAllowedToAddAccess(auditUser.id, projectId, roles)) {
if (await this.isAllowedToAddAccess(auditUser, projectId, roles)) {
await this.accessService.addAccessToProject(
roles,
groups,
@ -924,7 +930,7 @@ export default class ProjectService {
await this.validateAtLeastOneOwner(projectId, ownerRole);
}
const isAllowedToAssignRoles = await this.isAllowedToAddAccess(
auditUser.id,
auditUser,
projectId,
newRoles,
);
@ -975,7 +981,7 @@ export default class ProjectService {
await this.validateAtLeastOneOwner(projectId, ownerRole);
}
const isAllowedToAssignRoles = await this.isAllowedToAddAccess(
auditUser.id,
auditUser,
projectId,
newRoles,
);