Admin cannot access project settings for projects created by other users (SZ-152)
rk@tigase.net opened 6 hours ago

Admin cannot access project settings for projects created by other users.

  • rk@tigase.net commented 6 hours ago

    Fixing directly on wolsonsc

  • rk@tigase.net changed state to 'In Progress' 6 hours ago
    Previous Value Current Value
    Open
    In Progress
  • rk@tigase.net commented 6 hours ago

    ROot case: frontend: ProjectLayout.tsx that Cretes project menus uses canManage to decide if the current user should be allowed to manage the project: canManager only checks if MAINTAINER role:

    // src/pages/projects/ProjectLayout.tsx
    
    const canManage  = hasAtLeast("MAINTAINER");
    

    Fix: canManage shud include ADMIN role:

    // src/pages/projects/ProjectLayout.tsx
    //...
    import { useAuth } from "../../context/AuthContext";
    //...
    const { user } = useAuth();
    const isSystemAdmin = user?.roles?.includes('ADMIN') ?? false;
    const canManage = hasAtLeast("MAINTAINER") || isSystemAdmin;
    
  • rk@tigase.net commented 6 hours ago

    Testing the fix...

  • rk@tigase.net changed state to 'In QA' 6 hours ago
    Previous Value Current Value
    In Progress
    In QA
  • rk@tigase.net commented 6 hours ago

    Now pull requests of a project are inaccessible by admin role: same fix for access to PRs:

    Broken:

    const canWrite = hasAtLeast("DEVELOPER");
    

    Fix:

    const canWrite = hasAtLeast("DEVELOPER") || isSystemAdmin;
    
    
  • rk@tigase.net changed state to 'In Progress' 6 hours ago
    Previous Value Current Value
    In QA
    In Progress
  • rk@tigase.net changed state to 'In QA' 6 hours ago
    Previous Value Current Value
    In Progress
    In QA
  • rk@tigase.net commented 5 hours ago
    rksuma@Ramakrishnans-MacBook-Pro sztab % git add frontend/src/pages/projects/ProjectLayout.tsx
    git commit -m "SZ-152: Admin can access project Settings and Pull Requests tabs on all projects"
    git push origin wolnosc
    [wolnosc 8d8d3b2] SZ-152: Admin can access project Settings and Pull Requests tabs on all projects
     1 file changed, 6 insertions(+), 2 deletions(-)
    Enumerating objects: 13, done.
    Counting objects: 100% (13/13), done.
    Delta compression using up to 12 threads
    Compressing objects: 100% (7/7), done.
    Writing objects: 100% (7/7), 775 bytes | 775.00 KiB/s, done.
    Total 7 (delta 6), reused 0 (delta 0), pack-reused 0 (from 0)
    To https://tigase.dev/sztab.git
       ccfea68..8d8d3b2  wolnosc -> wolnosc
    rksuma@Ramakrishnans-MacBook-Pro sztab % 
    
    
  • rk@tigase.net changed state to 'Closed' 5 hours ago
    Previous Value Current Value
    In QA
    Closed
issue 1 of 1
Type
Bug
Priority
Major
Assignee
Version
1.10.1
Sprints
n/a
Customer
n/a
Issue Votes (0)
Watchers (2)
Reference
SZ-152
Please wait...
Page is in error, reload to recover