github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

fix(authorization): disable user list api call if not authorised [EE-5825] (#10380) 

* fix tests
* disable user list api call if not authorised
* fix lint issues
pull/10389/head
Prabhat Khera 2023-09-27 10:12:40 +13:00 committed by GitHub
parent fa087f0bb9
commit 80415ab68f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/react/portainer/access-control/AccessControlPanel/AccessControlPaneDetails.test.tsx
View File

@ -83,7 +83,7 @@ for (let i = 0; i < inheritanceTests.length; i += 1) {
}); });
} }
test('when resource is limited to specific users, show comma separated list of their names', async () => { test('when resource is limited to specific users, show number of users', async () => {
const users = createMockUsers(10, Role.Standard); const users = createMockUsers(10, Role.Standard);
server.use(rest.get('/api/users', (req, res, ctx) => res(ctx.json(users)))); server.use(rest.get('/api/users', (req, res, ctx) => res(ctx.json(users))));
@ -107,7 +107,7 @@ test('when resource is limited to specific users, show comma separated list of t
expect(queryByText(/Authorized users/)).toBeVisible(); expect(queryByText(/Authorized users/)).toBeVisible();
await expect(findByLabelText('authorized-users')).resolves.toHaveTextContent( await expect(findByLabelText('authorized-users')).resolves.toHaveTextContent(
restrictedToUsers.map((user) => user.Username).join(', ') `${restrictedToUsers.length} users`
); );
}); });
@ -145,6 +145,7 @@ async function renderComponent(
resourceControl?: ResourceControlViewModel resourceControl?: ResourceControlViewModel
) { ) {
const WithUser = withUserProvider(AccessControlPanelDetails); const WithUser = withUserProvider(AccessControlPanelDetails);
const queries = renderWithQueryClient( const queries = renderWithQueryClient(
<WithUser resourceControl={resourceControl} resourceType={resourceType} /> <WithUser resourceControl={resourceControl} resourceType={resourceType} />
); );

1
app/react/portainer/access-control/AccessControlPanel/AccessControlPanel.tsx
View File

@ -52,6 +52,7 @@ export function AccessControlPanel({
<AccessControlPanelDetails <AccessControlPanelDetails
resourceType={resourceType} resourceType={resourceType}
resourceControl={resourceControl} resourceControl={resourceControl}
isAuthorisedToFetchUsers={isAdmin || isLeaderOfAnyRestrictedTeams}
/> />
{!isEditDisabled && !isEditMode && ( {!isEditDisabled && !isEditMode && (

7
app/react/portainer/access-control/AccessControlPanel/AccessControlPanelDetails.tsx
View File

@ -24,11 +24,13 @@ import { ResourceControlViewModel } from '../models/ResourceControlViewModel';
interface Props { interface Props {
resourceControl?: ResourceControlViewModel; resourceControl?: ResourceControlViewModel;
resourceType: ResourceControlType; resourceType: ResourceControlType;
isAuthorisedToFetchUsers?: boolean;
} }
export function AccessControlPanelDetails({ export function AccessControlPanelDetails({
resourceControl, resourceControl,
resourceType, resourceType,
isAuthorisedToFetchUsers = false,
}: Props) { }: Props) {
const inheritanceMessage = getInheritanceMessage( const inheritanceMessage = getInheritanceMessage(
resourceType, resourceType,
@ -41,7 +43,10 @@ export function AccessControlPanelDetails({
TeamAccesses: restrictedToTeams = [], TeamAccesses: restrictedToTeams = [],
} = resourceControl || {}; } = resourceControl || {};
const users = useAuthorizedUsers(restrictedToUsers.map((ra) => ra.UserId)); const users = useAuthorizedUsers(
restrictedToUsers.map((ra) => ra.UserId),
isAuthorisedToFetchUsers
);
const teams = useAuthorizedTeams(restrictedToTeams.map((ra) => ra.TeamId)); const teams = useAuthorizedTeams(restrictedToTeams.map((ra) => ra.TeamId));
const teamsLength = teams.data ? teams.data.length : 0; const teamsLength = teams.data ? teams.data.length : 0;