Skip to content

Commit

Permalink
Hide review box if user cannot review access requests (#49785)
Browse files Browse the repository at this point in the history
oss counterpart for
gravitational/teleport.e#5628

This adds some testing to the view as well as the equivalent to the web
solution for Connect. Connect was missing the [recently
added](#48536)
`ReviewRequests` field in the user ACL, so I added it here.

Because this is handled in the tsh code, we don't have to worry about
backward compatibility here for Connect right?
  • Loading branch information
avatus authored Dec 9, 2024
1 parent 331938d commit b91395a
Show file tree
Hide file tree
Showing 12 changed files with 272 additions and 159 deletions.
78 changes: 45 additions & 33 deletions gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 15 additions & 1 deletion gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions lib/teleterm/clusters/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ func (c *Cluster) GetWithDetails(ctx context.Context, authClient authclient.Clie
Dbs: convertToAPIResourceAccess(userACL.DBServers),
Kubeservers: convertToAPIResourceAccess(userACL.KubeServers),
AccessRequests: convertToAPIResourceAccess(userACL.AccessRequests),
ReviewRequests: userACL.ReviewRequests,
}

withDetails := &ClusterWithDetails{
Expand Down
2 changes: 2 additions & 0 deletions proto/teleport/lib/teleterm/v1/cluster.proto
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ message ACL {
ResourceAccess recorded_sessions = 13;
// active_sessions defines access to active sessions.
ResourceAccess active_sessions = 14;
// review_requests defines the ability to review requests
bool review_requests = 15;
}

// ResourceAccess describes access verbs
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
/**
* Teleport
* Copyright (C) 2024 Gravitational, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

import { render, screen } from 'design/utils/testing';

import { makeEmptyAttempt, makeSuccessAttempt } from 'shared/hooks/useAsync';

import { requestRolePending } from '../../fixtures';

import { RequestView, RequestViewProps } from './RequestView';
import { RequestFlags } from './types';

const sampleFlags: RequestFlags = {
canAssume: false,
isAssumed: false,
canDelete: false,
canReview: true,
ownRequest: false,
isPromoted: false,
};

const props: RequestViewProps = {
user: 'loggedInUsername',
fetchRequestAttempt: makeSuccessAttempt(requestRolePending),
submitReviewAttempt: makeEmptyAttempt(),
getFlags: () => sampleFlags,
confirmDelete: false,
toggleConfirmDelete: () => null,
submitReview: () => null,
assumeRole: () => null,
fetchSuggestedAccessListsAttempt: makeSuccessAttempt([]),
assumeRoleAttempt: makeEmptyAttempt(),
assumeAccessList: () => null,
deleteRequestAttempt: makeEmptyAttempt(),
deleteRequest: () => null,
};

const reviewBoxText = `${props.user} - add a review`;

test('renders review box if user can review', async () => {
render(<RequestView {...props} />);
expect(screen.getByText(reviewBoxText)).toBeInTheDocument();
});

test('does not render review box if user cannot review', async () => {
render(
<RequestView
{...props}
getFlags={() => ({
...sampleFlags,
canReview: false,
})}
/>
);
expect(screen.queryByText(reviewBoxText)).not.toBeInTheDocument();
});
Loading

0 comments on commit b91395a

Please sign in to comment.