From c4f296960f450e29bd8cbd34f5ecbf1aae0f0837 Mon Sep 17 00:00:00 2001 From: Debsmita Santra Date: Thu, 11 Jan 2024 14:02:31 +0530 Subject: [PATCH] fix(rbac): disable edit when the user is unauthorized to read the catalog-entity (#1049) --- .../components/RoleOverview/MembersCard.tsx | 20 ++++++++++++++++--- plugins/rbac/src/hooks/useRoles.ts | 17 ++++++++++++++-- 2 files changed, 32 insertions(+), 5 deletions(-) diff --git a/plugins/rbac/src/components/RoleOverview/MembersCard.tsx b/plugins/rbac/src/components/RoleOverview/MembersCard.tsx index c592434b07..1215516cb4 100644 --- a/plugins/rbac/src/components/RoleOverview/MembersCard.tsx +++ b/plugins/rbac/src/components/RoleOverview/MembersCard.tsx @@ -1,6 +1,7 @@ import React from 'react'; import { Table, WarningPanel } from '@backstage/core-components'; +import { catalogEntityReadPermission } from '@backstage/plugin-catalog-common/alpha'; import { usePermission } from '@backstage/plugin-permission-react'; import { Card, CardContent, makeStyles } from '@material-ui/core'; @@ -43,10 +44,14 @@ const getEditIcon = (isAllowed: boolean, roleName: string) => { export const MembersCard = ({ roleName }: MembersCardProps) => { const { data, loading, retry, error } = useMembers(roleName); const [members, setMembers] = React.useState(); - const permissionResult = usePermission({ + const policyEntityPermissionResult = usePermission({ permission: policyEntityUpdatePermission, resourceRef: policyEntityUpdatePermission.resourceType, }); + const catalogEntityPermissionResult = usePermission({ + permission: catalogEntityReadPermission, + resourceRef: catalogEntityReadPermission.resourceType, + }); const classes = useStyles(); const actions = [ @@ -57,8 +62,17 @@ export const MembersCard = ({ roleName }: MembersCardProps) => { onClick: () => retry(), }, { - icon: () => getEditIcon(permissionResult.allowed, roleName), - tooltip: !permissionResult.allowed ? 'Unauthorized to edit' : 'Edit', + icon: () => + getEditIcon( + policyEntityPermissionResult.allowed && + catalogEntityPermissionResult.allowed, + roleName, + ), + tooltip: + catalogEntityPermissionResult.allowed && + policyEntityPermissionResult.allowed + ? 'Edit' + : 'Unauthorized to edit', isFreeAction: true, onClick: () => {}, }, diff --git a/plugins/rbac/src/hooks/useRoles.ts b/plugins/rbac/src/hooks/useRoles.ts index 54ce7cf6e3..18b77e9967 100644 --- a/plugins/rbac/src/hooks/useRoles.ts +++ b/plugins/rbac/src/hooks/useRoles.ts @@ -81,13 +81,26 @@ export const useRoles = ( lastModified: '-', actionsPermissionResults: { delete: deletePermissionResult, - edit: editPermissionResult, + edit: { + allowed: + editPermissionResult.allowed && + catalogEntityReadPermissionResult.allowed, + loading: + editPermissionResult.loading && + catalogEntityReadPermissionResult.loading, + }, }, }, ]; }, []) : [], - [roles, policies, deletePermissionResult, editPermissionResult], + [ + roles, + policies, + deletePermissionResult, + editPermissionResult, + catalogEntityReadPermissionResult, + ], ); const loading = rolesLoading && policiesLoading; useInterval(