Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Show menu section if user has access to at least one of its pages #8978

Merged
merged 1 commit into from
Apr 26, 2024
Merged

Show menu section if user has access to at least one of its pages #8978

merged 1 commit into from
Apr 26, 2024

Conversation

winterhazel
Copy link
Collaborator

@winterhazel winterhazel commented Apr 25, 2024
edited
Loading

Description

As reported in #8713 (comment), the Storage section in the sidebar is not displayed to users when they do not have permission to the API listVolumesMetrics. However, roles can have permissions to other APIs, such as listBackups and listSnapshots, in which case the section should be displayed. This situation is not exclusive to the Storage section.

This PR fixes this issue by changing how the routes are filtered. Now, sections will be shown if they have at least one visible child. For other routes, the previous logic is still applied.

Closes #8730.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

Here's how the menu looks like before (left) and after the changes (right) for a user that does not have permission for listVolumesMetrics:

Screenshot from 2024-04-25 10-50-04

How Has This Been Tested?

  1. I created a role v, based on the role User, that had access to listSnapshots and listBuckets, but did not have to listVolumesMetrics;
  2. I created an account v using role v;
  3. I accessed the UI using account v;
  4. I verified that the Storage section was shown, having the Volume Snapshots and Buckets pages;
  5. I verified that the other sections did not change;
  6. I clicked the Storage section and verified that I was redirected to the Volume Snapshots page;
  7. I denied listSnaphots and listBuckets for role v;
  8. I logged out, cleared my cache and logged in again. I verified that the Storage section was not shown anymore.

@winterhazel
Copy link
Collaborator Author

@blueorangutan package

@winterhazel winterhazel mentioned this pull request Apr 25, 2024
Closed
@blueorangutan
Copy link

@winterhazel a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@BryanMLima
Copy link
Contributor

@blueorangutan ui

@blueorangutan
Copy link

@BryanMLima a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

@blueorangutan
Copy link

UI build: ✔️
Live QA URL: https://qa.cloudstack.cloud/simulator/pr/8978 (QA-JID-322)

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 9429

bernardodemarco
bernardodemarco approved these changes Apr 25, 2024
View reviewed changes
Copy link
Collaborator

@bernardodemarco bernardodemarco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I've manually tested the PR in the QA environment.

  1. I created a role based on the User role.
  2. I denied the role's access to listNetworks and listVolumesMetrics APIs.
  3. I created an account using the custom role.
  4. I checked that the Storage and Network sections and their subsections are being displayed correctly.
Storage section

image

Network section

image

Great fix, @winterhazel!

@DaanHoogland
Copy link
Contributor

@blueorangutan ui

@blueorangutan
Copy link

@DaanHoogland a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

@blueorangutan
Copy link

UI build: ✔️
Live QA URL: https://qa.cloudstack.cloud/simulator/pr/8978 (QA-JID-324)

@DaanHoogland
Copy link
Contributor

@winterhazel @bernardodemarco I tried this in qa:

I created a role based on the Read-Only User role.
I denied the role's access to listVirtualMachines, listNetworks, listVolumes and listTemplates APIs.
I created an account using the custom role.
I tried to log in but could not.

to double check I created a "regular" Read-Only user and could log in.

@winterhazel
Copy link
Collaborator Author

@winterhazel @bernardodemarco I tried this in qa:

I created a role based on the Read-Only User role.
I denied the role's access to listVirtualMachines, listNetworks, listVolumes and listTemplates APIs.
I created an account using the custom role.
I tried to log in but could not.

to double check I created a "regular" Read-Only user and could log in.

Hey @DaanHoogland, I reproduced your steps in QA and was able to log in. I created the account t (password is also t).

I suppose that the user you created was cripple. I verified that it did not have access to listZones, which is an API users are unable to login without. This behavior has nothing to do with the changes here, and you can verify that this account is unable to login in the QA of other PRs as well.

@DaanHoogland
Copy link
Contributor

I suppose that the user you created was cripple. I verified that it did not have access to listZones, which is an API users are unable to login without. This behavior has nothing to do with the changes here, and you can verify that this account is unable to login in the QA of other PRs as well.

you are right, I added listZones and cripple can login with all menus available. 👍

@DaanHoogland DaanHoogland merged commit 00ee5fd into apache:main Apr 26, 2024
18 of 23 checks passed
@rohityadavcloud rohityadavcloud added this to the 4.20.0.0 milestone Apr 30, 2024
dhslove pushed a commit to ablecloud-team/ablestack-cloud that referenced this pull request May 3, 2024
@winterhazel @dhslove
Show menu section if user has access to at least one of its pages (ap…
b9cab79 
…ache#8978)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BryanMLima BryanMLima BryanMLima left review comments

@bernardodemarco bernardodemarco bernardodemarco approved these changes

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@sureshanaparti sureshanaparti Awaiting requested review from sureshanaparti

Assignees
No one assigned
Labels
component:UI
Projects
None yet
Milestone
4.20.0
Development

Successfully merging this pull request may close these issues.

[UI] Storage menu not showing even with API permissions
6 participants
@winterhazel @blueorangutan @BryanMLima @DaanHoogland @bernardodemarco @rohityadavcloud