Fix edit org member check

code-asher · code-asher · commit 07cc86e6c403 · 2024-07-31T13:58:11.000-08:00
Looks like the resource needs to be organization_member, not user.

Also we were not passing through the edit permission to the edit and
delete buttons.
diff --git a/site/src/api/queries/organizations.ts b/site/src/api/queries/organizations.ts
@@ -122,16 +122,16 @@ export const organizationPermissions = (organizationId: string | undefined) => {
     queryFn: () =>
       API.checkAuthorization({
         checks: {
-          viewUsers: {
+          viewMembers: {
             object: {
-              resource_type: "user",
+              resource_type: "organization_member",
               organization_id: organizationId,
             },
             action: "read",
           },
-          editUsers: {
+          editMembers: {
             object: {
-              resource_type: "user",
+              resource_type: "organization_member",
               organization_id: organizationId,
             },
             action: "update",
diff --git a/site/src/pages/ManagementSettingsPage/OrganizationMembersPage.tsx b/site/src/pages/ManagementSettingsPage/OrganizationMembersPage.tsx
@@ -84,7 +84,7 @@ const OrganizationMembersPage: FC = () => {
       <Stack>
         {Boolean(error) && <ErrorAlert error={error} />}
 
-        {permissions.editUsers && (
+        {permissions.editMembers && (
           <AddOrganizationMember
             isLoading={addMemberMutation.isLoading}
             onSubmit={async (user) => {
@@ -129,7 +129,7 @@ const OrganizationMembersPage: FC = () => {
                     allAvailableRoles={organizationRolesQuery.data}
                     oidcRoleSyncEnabled={false}
                     isLoading={updateMemberRolesMutation.isLoading}
-                    canEditUsers
+                    canEditUsers={permissions.editMembers}
                     onEditRoles={async (newRoleNames) => {
                       try {
                         await updateMemberRolesMutation.mutateAsync({
@@ -145,7 +145,7 @@ const OrganizationMembersPage: FC = () => {
                     }}
                   />
                   <TableCell>
-                    {member.user_id !== me.id && (
+                    {member.user_id !== me.id && permissions.editMembers && (
                       <MoreMenu>
                         <MoreMenuTrigger>
                           <ThreeDotsButton />
diff --git a/site/src/pages/ManagementSettingsPage/OrganizationSettingsPage.tsx b/site/src/pages/ManagementSettingsPage/OrganizationSettingsPage.tsx
@@ -67,7 +67,7 @@ const OrganizationSettingsPage: FC = () => {
   //       shows on this page but disable the fields, although that could be
   //       confusing?
   if (!permissions.editOrganization) {
-    if (permissions.viewAllMembers) {
+    if (permissions.viewMembers) {
       return <Navigate to="members" replace />;
     } else if (permissions.viewGrousp) {
       return <Navigate to="groups" replace />;
diff --git a/site/src/pages/ManagementSettingsPage/Sidebar.tsx b/site/src/pages/ManagementSettingsPage/Sidebar.tsx
@@ -196,7 +196,7 @@ export const OrganizationSettingsNavigation: FC<
               Organization settings
             </SidebarNavSubItem>
           )}
-          {permissionsQuery.data.viewUsers && (
+          {permissionsQuery.data.viewMembers && (
             <SidebarNavSubItem
               href={urlForSubpage(organization.name, "members")}
             >

Original file line number	Diff line number	Diff line change
`@@ -196,7 +196,7 @@ export const OrganizationSettingsNavigation: FC<`
`196`	`196`	`Organization settings`
`197`	`197`	`</SidebarNavSubItem>`
`198`	`198`	`)}`
`199`		`- {permissionsQuery.data.viewUsers && (`
	`199`	`+ {permissionsQuery.data.viewMembers && (`
`200`	`200`	`<SidebarNavSubItem`
`201`	`201`	`href={urlForSubpage(organization.name, "members")}`
`202`	`202`	`>`