Skip to content
This repository has been archived by the owner on May 19, 2020. It is now read-only.

Fix user management permission issues #1112

Closed
wants to merge 23 commits into from
Closed

Fix user management permission issues #1112

wants to merge 23 commits into from

Conversation

msecret
Copy link
Contributor

@msecret msecret commented Jun 7, 2017

Before:
The user objects in UserStore had two different data structures related to permissions:

  1. The organization_roles / space_roles array with each role in the array
  2. The roles object with an array of roles by org / space guid.

This is an example user object:

{
  guid: 'asdflkja',
  organization_roles: ['org_manager'],
  roles: {
    'asdfkjlsdf': ['org_manager']
  }
}

The organization/space_roles property was used for displaying what roles a user had checked off on the org and space page. This array of roles was completely replaced each time a new org or space page was loaded, which lead to some potential bugs. The roles property with org/space guid was used to check the current user's role. This was incorrectly set based on prior assumptions about how CF api returned things.

This PR changes all role logic to use the 2nd, roles with org/space guid data structure. Additionally, it now uses this roles property to get all the users that belong to an org or space. Benefits of this:

  • Keeps all role logic in one data structure rather then duplicate logic in different places which can easily get confusing.
  • Fixes some bugs related to all users having org manager roles on all orgs. Fixes potential problems with user roles being set strangely based on space and org routes loading for users.

Marco Segreto and others added 22 commits June 7, 2017 17:52
For users. So all users have a roles field with space and org
guids for each role they have.
For fetching user orgs and spaces. This was being used incorrectly
for permission management so should be removed.
Because it's much more accurate of a name, as the roles are what is
actually being fetched, and the data is more consistent with the
org roles fetch action / route.
Should full add user to the store with correct roles.
So both space and org role actions can both use it to merge the
most recent roles into the `roles` field.
Have them use the roles property for consistency, so all logic
related to users and what org/space they belong to is in the same
location.
Refactor the role list control to use the org/space guid for the
role checks in the new data structure.

Also adds a tests which hopefully will catch any broken problems
later.
Because this is the correct place for them to be, not in the store.
Same as add user roles, it's supposed to be in actions.
So it deletes the roles for the specific org and not any org.
And add tests that weren't there before.
@rememberlenny
Copy link
Contributor

This is GREAT functionality. I didnt quite get what the two did or why the functions in CF were so different until coming in contact with these problems. Thanks for building this abstraction.

@@ -26,9 +26,9 @@ const userActions = {
});
},

fetchSpaceUsers(spaceGuid) {
fetchSpaceUserRoles(spaceGuid) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great. I was confused as to the naming convention broke from the tradition here.

@@ -332,8 +318,6 @@ const userActions = {
.then(userInfo =>
Promise.all([
userActions.fetchUser(userInfo.user_id),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great

initialCurrentUserAccess={ this.state.currentUserAccess }
initialEmpty={ this.state.empty }
initialLoading={ this.state.loading }
users={ this.state.users }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this port

As it's good to have the count there together, so you know the count
of users was correct when you check the user was there by the list
index.
Copy link
Contributor

@rememberlenny rememberlenny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really great. I can 100% say that you solved a very big point of confusion for me.

@rememberlenny
Copy link
Contributor

Im gonna hit the bed, but this looks good to merge. I'd like to pull off this for my branch.

@msecret
Copy link
Contributor Author

msecret commented Jun 8, 2017

@rememberlenny let's try and work together tomorrow to merge that one in.

@@ -93,7 +93,8 @@ export function space(orgGuid, spaceGuid, next) {
spaceActions.fetch(spaceGuid);
serviceActions.fetchAllInstances(spaceGuid);
userActions.changeCurrentlyViewedType('space_users');
userActions.fetchSpaceUsers(spaceGuid);
userActions.fetchOrgUsers(orgGuid);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to be consistent, is there a reason why this wasn't also renamed to be fetchOrgUserRoles?

Copy link
Contributor

@jcscottiii jcscottiii Jun 8, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nevermind, it already exists, but what's the difference between this and fetchOrgUserRoles

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I found that there's no CF API equivalent to fetchSpaceUsers like fetchOrgUsers. So essentially, you have to fetch org users and then fetch space user roles to assign all the users to specific roles for a space.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think fetchOrgUsers has some more data the fetchOrgUserRoles

@jcscottiii
Copy link
Contributor

LGTM. just had one question.

@rememberlenny
Copy link
Contributor

Merged into #1115

@rememberlenny rememberlenny deleted the ms-fix_perms branch June 9, 2017 17:23
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants