From bf9e9566a8a61454905e19e7075422e3da0f0215 Mon Sep 17 00:00:00 2001 From: jacobshandling <61553566+jacobshandling@users.noreply.github.com> Date: Wed, 21 May 2025 10:40:57 -0700 Subject: [PATCH] UI: Fix permissions for accessing queries table Edit UX (#29319) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## For #28532 #### As global observer: ![Screenshot 2025-05-20 at 10 03 59 PM](https://github.com/user-attachments/assets/8ad9d01d-d0cb-402c-b32b-1928a494054e) #### As global admin: ![Screenshot 2025-05-20 at 10 04 01 PM](https://github.com/user-attachments/assets/6f8fdfd5-9255-4865-b91a-0d2fd4a22121) - [x] Changes file added for user-visible changes in `changes/` - [x] Manual QA for all new/changed functionality --------- Co-authored-by: Jacob Shandling --- changes/28532-fix-query-edit-permissinos | 1 + .../QueriesTable/QueriesTableConfig.tsx | 23 +++++++++++++++---- frontend/utilities/permissions/permissions.ts | 2 +- 3 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 changes/28532-fix-query-edit-permissinos diff --git a/changes/28532-fix-query-edit-permissinos b/changes/28532-fix-query-edit-permissinos new file mode 100644 index 0000000000..c3d189819b --- /dev/null +++ b/changes/28532-fix-query-edit-permissinos @@ -0,0 +1 @@ +- Fix a bug where global observers could access the "delete query" UX on the queries table diff --git a/frontend/pages/queries/ManageQueriesPage/components/QueriesTable/QueriesTableConfig.tsx b/frontend/pages/queries/ManageQueriesPage/components/QueriesTable/QueriesTableConfig.tsx index 161213231b..fbaa07d7ca 100644 --- a/frontend/pages/queries/ManageQueriesPage/components/QueriesTable/QueriesTableConfig.tsx +++ b/frontend/pages/queries/ManageQueriesPage/components/QueriesTable/QueriesTableConfig.tsx @@ -8,7 +8,14 @@ import PATHS from "router/paths"; import { Tooltip as ReactTooltip5 } from "react-tooltip-5"; import { secondsToDhms } from "utilities/helpers"; -import permissionsUtils from "utilities/permissions"; +import { + isGlobalAdmin, + isGlobalMaintainer, + isTeamAdmin, + isTeamMaintainer, + isTeamObserver, + isOnlyObserver, +} from "utilities/permissions/permissions"; import { getPathWithQueryParams } from "utilities/url"; import { @@ -123,8 +130,8 @@ const generateColumnConfigs = ({ omitSelectionColumn = false, }: IGenerateColumnConfigs): IDataColumn[] => { const isCurrentTeamObserverOrGlobalObserver = currentTeamId - ? permissionsUtils.isTeamObserver(currentUser, currentTeamId) - : permissionsUtils.isOnlyObserver(currentUser); + ? isTeamObserver(currentUser, currentTeamId) + : isOnlyObserver(currentUser); const viewingTeamScope = currentTeamId !== API_ALL_TEAMS_ID; const tableHeaders: IDataColumn[] = [ @@ -282,7 +289,15 @@ const generateColumnConfigs = ({ ), }, ]; - if (!isCurrentTeamObserverOrGlobalObserver && !omitSelectionColumn) { + + const canEditQueries = + isGlobalAdmin(currentUser) || + isGlobalMaintainer(currentUser) || + (currentTeamId && + (isTeamAdmin(currentUser, currentTeamId) || + isTeamMaintainer(currentUser, currentTeamId))); + + if (canEditQueries && !omitSelectionColumn) { tableHeaders.unshift({ id: "selection", // TODO - improve typing of IHeaderProps instead of using any diff --git a/frontend/utilities/permissions/permissions.ts b/frontend/utilities/permissions/permissions.ts index 5b62422d80..e48bbbd7b3 100644 --- a/frontend/utilities/permissions/permissions.ts +++ b/frontend/utilities/permissions/permissions.ts @@ -111,7 +111,7 @@ const isAnyTeamMaintainerOrTeamAdmin = (user: IUser): boolean => { return false; }; -const isOnlyObserver = (user: IUser): boolean => { +export const isOnlyObserver = (user: IUser): boolean => { if (isGlobalObserver(user)) { return true; }