fix(ESSNTL-5253): Change required permissions for tabs #2003
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bastilian
reviewed
Aug 30, 2023
| @@ -9,7 +9,10 @@ const App = () => { | |||
| return ( | |||
| <div className="inventory"> | |||
| <NotificationsPortal /> | |||
| <RBACProvider appName="inventory" checkResourceDefinitions> | |||
| <RBACProvider | |||
| appName={null /* fetch permissions from all scopes */} | |||
There was a problem hiding this comment.
What if we extend the RBACProvider to support something like scopes, with * being all?
There was a problem hiding this comment.
I was an author of the recent RBACProvider changes actually, and yeah, this is the good suggestion. There were some suggestions from Karel to keep it simple for now though. So there are three values accepted ATM: null for fetching all scopes, undefined for none, and string that represents the name of app and also scope.
gkarat
added a commit
to gkarat/insights-inventory-frontend
that referenced
this pull request
Aug 30, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes https://issues.redhat.com/browse/ESSNTL-5253. Should be merged after RedHatInsights/frontend-components#1900 is released.
With this PR, Inventory fetches permissions for all applications, not only from the inventory scope. This way, we can read all the required permissions before rendering contents of each tab on the System details page (Advisor, Vulnerability, etc.). This also updates the list of permissions according to the stage, not prod, RBAC config, and makes exception for org. admins to always show the tab contents.
How to test
Have an account for which you can alter roles/permissions. Go to /inventory and any system's details page. Leave only the Inventory Read role, and verify that all tabs except General and Advisor are unavailable (should write no access). Try to add some viewer roles for each app and check that the tabs are now viewable.