Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role validation - allow permissionId to be optional #14853

Merged
merged 5 commits into from
Oct 23, 2024
Merged

Role validation - allow permissionId to be optional #14853

merged 5 commits into from
Oct 23, 2024

Conversation

mike12345567
Copy link
Collaborator

Description

Frontend now expects to be able to supply role without a permissionId, this update makes it so that the validators allow this.

Added test cases for the behaviour - also realised the types in this area were pretty incorrect based on the validators, permissionId was just a string when it was actually typed, fixed this.

@mike12345567 mike12345567 requested a review from a team as a code owner October 23, 2024 14:15
@mike12345567 mike12345567 requested review from adrinr and removed request for a team October 23, 2024 14:15
@qa-wolf QA Wolf
Copy link

qa-wolf bot commented Oct 23, 2024

QA Wolf here! As you write new code it's important that your test coverage is keeping up.
Click here to request test coverage for this PR!

@github-actions github-actions bot added firestorm Data/Infra/Revenue Team size/m labels Oct 23, 2024
mike12345567
mike12345567 commented Oct 23, 2024
View reviewed changes
packages/server/src/api/routes/utils/validators.ts
@@ -214,8 +215,8 @@ export function roleValidator() {
}).optional(),
// this is the base permission ID (for now a built in)
permissionId: Joi.string()
.valid(...Object.values(permissions.BuiltinPermissionID))
.required(),
.valid(...Object.values(BuiltinPermissionID))
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One of two code changes in this PR.

mike12345567
mike12345567 commented Oct 23, 2024
View reviewed changes
packages/server/src/api/controllers/role.ts
@@ -134,7 +135,13 @@ export async function save(ctx: UserCtx<SaveRoleRequest, SaveRoleResponse>) {
}
// assume write permission level for newly created roles
if (isCreate && !permissionId) {
permissionId = PermissionLevel.WRITE
permissionId = BuiltinPermissionID.WRITE
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other Code change in this PR.

adrinr
adrinr reviewed Oct 23, 2024
View reviewed changes
packages/backend-core/src/security/roles.ts
@@ -50,7 +51,7 @@ export class Role implements RoleDoc {
_id: string
_rev?: string
name: string
permissionId: string
permissionId: BuiltinPermissionID
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this not be used for custom roles, as well?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is used in all roles, but its never a string - its just a very old type, we've always validated the Role to make sure it is one of the values in BuiltinPermissionID.

@mike12345567 mike12345567 merged commit 9d05f32 into v3-ui Oct 23, 2024
11 checks passed
@mike12345567 mike12345567 deleted the fix/role-validation branch October 23, 2024 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrinr adrinr adrinr left review comments

@samwho samwho samwho approved these changes

Assignees
No one assigned
Labels
firestorm Data/Infra/Revenue Team size/m
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mike12345567 @samwho @adrinr