fix(access-control): set user id when private (#8839)

app/react/azure/container-instances/CreateView/useLoadFormState.ts

@@ -6,7 +6,7 @@ import {
   Subscription,
 } from '@/react/azure/types';
 import { parseAccessControlFormData } from '@/react/portainer/access-control/utils';
-import { useUser } from '@/react/hooks/useUser';
+import { useCurrentUser } from '@/react/hooks/useUser';
 import { useProvider } from '@/react/azure/queries/useProvider';
 import { useResourceGroups } from '@/react/azure/queries/useResourceGroups';
 import { useSubscriptions } from '@/react/azure/queries/useSubscriptions';
@@ -37,7 +37,7 @@ export function useFormState(
   resourceGroups: Record<string, ResourceGroup[]> = {},
   providers: Record<string, ProviderViewModel> = {}
 ) {
-  const { isAdmin } = useUser();
+  const { isAdmin, user } = useCurrentUser();
 
   const subscriptionOptions = subscriptions.map((s) => ({
     value: s.subscriptionId,
@@ -67,7 +67,7 @@ export function useFormState(
     cpu: 1,
     ports: [{ container: 80, host: 80, protocol: 'TCP' }],
     allocatePublicIP: true,
-    accessControl: parseAccessControlFormData(isAdmin),
+    accessControl: parseAccessControlFormData(isAdmin, user.Id),
   };
 
   return {

app/react/portainer/access-control/AccessControlForm/AccessControlForm.stories.tsx

@@ -31,7 +31,7 @@ interface Args {
 
 function Template({ userRole }: Args) {
   const isAdmin = userRole === Role.Admin;
-  const defaults = parseAccessControlFormData(isAdmin);
+  const defaults = parseAccessControlFormData(isAdmin, 0);
 
   const [value, setValue] = useState(defaults);
 

app/react/portainer/access-control/AccessControlPanel/AccessControlPanelForm.tsx

@@ -3,7 +3,7 @@ import clsx from 'clsx';
 import { useMutation } from 'react-query';
 import { object } from 'yup';
 
-import { useUser } from '@/react/hooks/useUser';
+import { useCurrentUser } from '@/react/hooks/useUser';
 import { notifySuccess } from '@/portainer/services/notifications';
 import { EnvironmentId } from '@/react/portainer/environments/types';
 
@@ -43,7 +43,7 @@ export function AccessControlPanelForm({
   onCancelClick,
   onUpdateSuccess,
 }: Props) {
-  const { isAdmin } = useUser();
+  const { isAdmin, user } = useCurrentUser();
 
   const updateAccess = useMutation(
     (variables: AccessControlFormData) =>
@@ -64,7 +64,11 @@ export function AccessControlPanelForm({
   );
 
   const initialValues = {
-    accessControl: parseAccessControlFormData(isAdmin, resourceControl),
+    accessControl: parseAccessControlFormData(
+      isAdmin,
+      user.Id,
+      resourceControl
+    ),
   };
 
   return (

app/react/portainer/access-control/utils.test.ts

@@ -3,6 +3,25 @@ import { ResourceControlOwnership, ResourceControlType } from './types';
 import { parseAccessControlFormData } from './utils';
 
 describe('parseAccessControlFormData', () => {
+  test('when ownership is private and resource is supplied, authorizedUsers should be UserAccess', () => {
+    const resourceControl = buildResourceControl(
+      ResourceControlOwnership.PRIVATE
+    );
+    resourceControl.UserAccesses = [{ UserId: 1, AccessLevel: 1 }];
+
+    const actual = parseAccessControlFormData(false, 1, resourceControl);
+    expect(actual.authorizedUsers).toContain(1);
+    expect(actual.authorizedUsers).toHaveLength(1);
+  });
+
+  test('when not admin and no resource control, ownership should be set to private and authorizedUsers is only currentUserId', () => {
+    const actual = parseAccessControlFormData(false, 1);
+
+    expect(actual.ownership).toBe(ResourceControlOwnership.PRIVATE);
+    expect(actual.authorizedUsers).toContain(1);
+    expect(actual.authorizedUsers).toHaveLength(1);
+  });
+
   [
     ResourceControlOwnership.ADMINISTRATORS,
     ResourceControlOwnership.RESTRICTED,
@@ -12,7 +31,7 @@ describe('parseAccessControlFormData', () => {
     test(`when resource control supplied, if user is not admin, will change ownership to rc ownership (${ownership})`, () => {
       const resourceControl = buildResourceControl(ownership);
 
-      const actual = parseAccessControlFormData(false, resourceControl);
+      const actual = parseAccessControlFormData(false, 0, resourceControl);
       expect(actual.ownership).toBe(resourceControl.Ownership);
     });
   });
@@ -25,13 +44,13 @@ describe('parseAccessControlFormData', () => {
     test(`when resource control supplied and user is admin, if resource ownership is ${ownership} , will change ownership to rc ownership`, () => {
       const resourceControl = buildResourceControl(ownership);
 
-      const actual = parseAccessControlFormData(true, resourceControl);
+      const actual = parseAccessControlFormData(true, 0, resourceControl);
       expect(actual.ownership).toBe(resourceControl.Ownership);
     });
   });
 
   test('when isAdmin and resource control not supplied, ownership should be set to Administrator', () => {
-    const actual = parseAccessControlFormData(true);
+    const actual = parseAccessControlFormData(true, 0);
 
     expect(actual.ownership).toBe(ResourceControlOwnership.ADMINISTRATORS);
   });
@@ -41,7 +60,7 @@ describe('parseAccessControlFormData', () => {
       ResourceControlOwnership.PRIVATE
     );
 
-    const actual = parseAccessControlFormData(true, resourceControl);
+    const actual = parseAccessControlFormData(true, 0, resourceControl);
     expect(actual.ownership).toBe(ResourceControlOwnership.RESTRICTED);
   });
 

app/react/portainer/access-control/utils.ts

@@ -45,24 +45,42 @@ export function parseOwnershipParameters(
   };
 }
 
+export function defaultValues(
+  isAdmin: boolean,
+  currentUserId: UserId
+): AccessControlFormData {
+  if (!isAdmin) {
+    return {
+      ownership: ResourceControlOwnership.PRIVATE,
+      authorizedTeams: [],
+      authorizedUsers: [currentUserId],
+    };
+  }
+
+  return {
+    ownership: ResourceControlOwnership.ADMINISTRATORS,
+    authorizedTeams: [],
+    authorizedUsers: [],
+  };
+}
+
 export function parseAccessControlFormData(
   isAdmin: boolean,
+  currentUserId: UserId,
   resourceControl?: ResourceControlViewModel
 ): AccessControlFormData {
-  let ownership =
-    resourceControl?.Ownership || ResourceControlOwnership.PRIVATE;
-  if (isAdmin) {
-    if (!resourceControl) {
-      ownership = ResourceControlOwnership.ADMINISTRATORS;
-    } else if (ownership === ResourceControlOwnership.PRIVATE) {
-      ownership = ResourceControlOwnership.RESTRICTED;
-    }
+  if (!resourceControl) {
+    return defaultValues(isAdmin, currentUserId);
+  }
+
+  let ownership = resourceControl.Ownership;
+  if (isAdmin && ownership === ResourceControlOwnership.PRIVATE) {
+    ownership = ResourceControlOwnership.RESTRICTED;
   }
 
   let authorizedTeams: TeamId[] = [];
   let authorizedUsers: UserId[] = [];
   if (
-    resourceControl &&
     [
       ResourceControlOwnership.PRIVATE,
       ResourceControlOwnership.RESTRICTED,