-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ui] Modify variable access permissions for UI users with write in only certain namespaces #24073
base: main
Are you sure you want to change the base?
Conversation
07d10f5
to
ac78fcd
Compare
Ember Test Audit comparison
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I've left some questions but nothing blocking if you know you can resolve/dismiss those.
33763cc
to
468dc16
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Long-term, I wonder if it wouldn't be a bad idea to model the backend's acl
package directly so that we could run conformance tests between them. That would involve building out the radix trie datastructure we use there, so it's a bit of a lift, but we wouldn't need its transaction safety either.
.changelog/24073.txt
Outdated
@@ -0,0 +1,3 @@ | |||
```release-note:bug | |||
ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had * namespace variable write permissions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know for sure but I would bet that this breaks markdown in the changelog once we stitch all the text files together. Let's avoid the problem by writing it out:
ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had * namespace variable write permissions | |
ui: Fixes an issue where variables paths would not let namespaced users write variables unless they also had wildcard namespace variable write permissions |
5656618
to
82f6a7e
Compare
Expands the "Can this user write a variable?" logic so that users with a namespace.variable.write (but not allNamespaces.variable.write) get a "Create Variable" button.
Resolves #23905