fix: permissions inherited roles visability #3345
Conversation
|
Is this ready for review? Or is it still being worked on? |
Nortsova
force-pushed
the
fix/2785-permissions-roles
branch
from
e07f84d to
26f61a4
Compare
Nortsova
changed the title
@rdig It is ready now, sorry I spent some time on the test cases. 🙌 |
There was a problem hiding this comment.
I still have no idea how this disappeared, but I hope it's gonna stay in here permanently now :D
Alright so, I think you almost got it, we somehow need to merge the roles here and mark them as inherited.
Lemme provide breaking steps:
- Assign
fryjust theAdministrationrole inGeneral
- Assign
fryArchitecture,ArbitrationandFundinginAndromeda
- Go to the permissions page and choose
Andromedaas the filter,fryis shown asModnot as anAdmin
I think the issue is with the line I've dropped a comment on, we need to merge inherited + current domain permissions, and we can still have the isInherited to true
Attaching some logs from my debug session
Log 1 is here
Log 2 is here
However, the popup works correctly for this, so at least we don't to fix that 😅
| // inheritedPermissions contains only a difference between parrent and current permissions | ||
| // in case current role is higher inheritedPermissions.length would be 0 | ||
| if (inheritedPermissions.length > 0) { | ||
| return { role: getRole(parentPermissions), isInherited: true }; |
There was a problem hiding this comment.
I think we need to merge both currentTeamPermissions with inheritedPermissions here, or somehow return both to that function (something similar to how PermissionTooltip and PermissionTooltipContent work like)
There was a problem hiding this comment.
yep, it was it, thank you so much for your finding! fixed 🥳
…with children highest roles
There was a problem hiding this comment.
Thanks for the quick turnaround on my comment, I think we're basically ready to go 🤞 ??
Thanks for the thorough testing steps, really helped with testing this a ton!
So I won't spam too many images I'll just note down the cases
leela - Owner in General, just Architecture in Andromeda
amy - Payer in General, Admin in Andromeda and just Architecture in Serenity
fry - Admin in General, Payer in Andromeda
chris-coder (the most annoying test case) - Funding and Arbitration in General and then Administration in Andromeda and Administration + Architecture in Serenity
Also should we somehow save this configuration for all further permission combo testing? :D
Alright so test 1, amy should be an admin since it's All teams and chris-coder is and admin somewhere by some combination ✔️
-
amyis aPayerinGeneralandchris-coderisCustom,leelaandOwner,fryandAdmin✔️
-
In
Andromedafryis an Admin still (even though we "downgraded" him in that domain, he inherits fromGeneral) , amy is compounded into an admin due to inheritance, chris-coder is compounded into a payer, leela inherits the owner
-
In
Serenityfry is an inherited Admin, leela an inherited Owner, chris-coder is compounded into an Admin and so is amy
so all in all, great job 😎 I've also checked Multisig, buuuuut I'm not gonna spam it with even more pictures, since the cases are the exact same :D
There was a problem hiding this comment.
Pfew! This was a pain in the a to test. I can only imagine you wanting to get in done already as it's hanging about for like 3 months :)
Before I get into it I want to mention that step 12 is wrong
Step 12. Navigate to the permissions page to check fry's and amy's roles in Andromeda
Step 12 is wrong, it should say "Serenity"
Another thing is that I found some bugs, but I just want you to open separate issues for them, not fix them here. (see at the bottom)
As for your PR everything seems to be working as expected, so nice job navigating the intricacies of permissions 💯
Direct and inherited "normal" permissions:
Direct and inherited Multisig Permissions:
Bella and Alex admins and owners:
Fry custom permissions:
While reviewing this I found two bugs, but in the spirit of getting this resolved once and for all, I'll point them out, but I'll ask you to open separate issues for each one, so that it doesn't pollute this one.
- User popover cuts off the reputation percentage points
- Redo-ing a multisig permissions actions from the list will re-do it with normal permissions, not multisig as expected (but will work correctly when re-doing from the action sidebar)
Screencast.from.2024-10-17.16-13-40.mp4
|
Hey, I had a call with @olgapod today, and it inspired me to simplify the testing steps so we can transfer these test cases to auto-tests. Here are 3 cases that should be tested. (Then repeat it with multi-sig 🥲)
Step 1. Assign amy Payer permissions in General Step 8. Assign amy Admin permissions in Serenity Let's try Custom roles now Step 17. Assign chris Administration (Custom) permissions in General Sorry it is not less, but at least more structured than previous steps. By the way, there is a bug in Step 14. fry doesn't have an inherited pill, but is located under the owner category, with an Admin role in Andromeda, I raised this question and will inform you about the solution as soon as we find one. So maybe these test steps will be updated. @bassgeta could you please verify these test cases? |
There was a problem hiding this comment.
Nice work figuring this out! There are still issues with the "Owner" permissions appearing in the sub-domains as you have already noted which does through off some of the inherited permissions - but otherwise this is working great and we can fine tune it with the next PR.
I won't spam all the screenshots here, but I followed through the testing steps without issue (other than Owner appearing where it shouldn't).
Also did a tiny bit of multi-sig testing too, this is probably worth a more thorough test at some point, but seems to be working well as far as I can tell!
Description
Funny thing, this bug has been fixed at least three times, but it’s still present. 😁
Here is previous fixes for reference: #2971 , #3024 , #2485
I decided to use the implementation from my last PR, but if you have any concerns, I’m open to refactoring. 🙌
Testing
Step 1. Assign Admin permissions to fry in Andromeda
Step 2. Assign Payer permissions to fry in General
Step 3. Assign Payer permissions to amy in Andromeda
Step 4. Assign Admin permissions to amy in General
Step 5. Navigate to the permissions page to check fry's and amy's roles in Andromeda
Step 6. fry should be an admin, amy should be an admin with inherited pill
Step 7. Install multi-sig extension
Step 8. Assign Admin permissions to amy in Serenity
Step 9. Assign Payer permissions to amy in General
Step 10. Assign Payer permissions to fry in Serenity
Step 11. Assign Admin permissions to fry in General
Step 12. Navigate to the permissions page to check fry's and amy's roles in Serenity
Step 13. amy should be an admin, fry should be an admin with inherited pill
Step 14. Add Bella as a Payer in team Andromeda
Step 15. Add Bella as an Admin in team Serenity
Step 16. Add Alex as an Owner in team General
Step 17. Change Alex permission in team Andromeda to Arbitration only (Custom)
Step 18. Set the Permissions page filter to All Teams
Step 19. Verify that:
Step 20. Set the Permissions page filter to General
Step 21. Verify that:
Step 22. Set the Permissions page filter to Andromeda
Step 23. Verify that:
Step 24. Set the Permissions page filter to Serenity
Step 25. Verify that:
Thanks to @bassgeta for the case with custom roles:
Step 26. Assign fry custom Administration role in General
Step 27. Assign fry Architecture, Arbitration and Funding in Andromeda
Step 28. Set the Permissions page filter to Andromeda
Step 29. Verify that fry is under Admin role with "inherited" badge
Step 30. Set the Permissions page filter to All teams
Step 31. Verify that fry is under Admin role without "inherited" badge
Resolves #2785