Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Restrict access by role to submissions_services_summary #4212

Merged
merged 1 commit into from
Jan 27, 2025
Merged

fix: Restrict access by role to submissions_services_summary #4212

merged 1 commit into from
Jan 27, 2025

Conversation

DafyddLlyr
Copy link
Contributor

@DafyddLlyr DafyddLlyr commented Jan 27, 2025
edited
Loading

Configures missing permissions, please see comments and #4211 (comment) for context.

@github-actions GitHub Actions
Copy link

🤖 Hasura Change Summary compared a subset of table metadata including permissions:

Updated Tables (1)

DafyddLlyr
DafyddLlyr commented Jan 27, 2025
View reviewed changes
hasura.planx.uk/metadata/tables.yaml
Comment on lines +1877 to +1881
filter:
team:
flows:
creator_id:
_eq: x-hasura-user-id
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Users with the demoUser role can only access the records for flows which they created.

DafyddLlyr
DafyddLlyr commented Jan 27, 2025
View reviewed changes
hasura.planx.uk/metadata/tables.yaml
Comment on lines +1945 to +1952
filter:
team:
members:
_and:
- user_id:
_eq: x-hasura-user-id
- role:
_eq: teamEditor
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Users with the teamEditor role can only access records which are associated with teams where they hold the teamEditor role.

@DafyddLlyr DafyddLlyr mentioned this pull request Jan 27, 2025
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 27, 2025
edited
Loading

Removed vultr server and associated DNS entries

jessicamcinchak
jessicamcinchak approved these changes Jan 27, 2025
View reviewed changes
Copy link
Member

@jessicamcinchak jessicamcinchak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this folowup ! Currently we were handling this permissions level in the editor-only (eg the "Submissions log" page/route is only accessble to teamEditors of said team and platformAdmins), but much more robust to have db select access in place too

@DafyddLlyr DafyddLlyr merged commit 935831a into main Jan 27, 2025
13 checks passed
@DafyddLlyr DafyddLlyr deleted the dp/demo-user-role-submissions-services branch January 27, 2025 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jessicamcinchak jessicamcinchak jessicamcinchak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DafyddLlyr @jessicamcinchak