feat: client side access control checks #27635
Open
+371
−87
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zlwaterfield
force-pushed
the
zach/rbac/6d
branch
from
fb9e3c8 to
580b445
Compare
zlwaterfield
changed the title
|
Size Change: +766 B (+0.07%) Total Size: 1.16 MB ℹ️ View Unchanged
|
📸 UI snapshots have been updated2 snapshot changes in total. 0 added, 2 modified, 0 deleted:
Triggered by this commit. |
joshsny
reviewed
Jan 17, 2025
frontend/src/layout/navigation-3000/sidepanel/panels/access_control/accessControlLogic.ts
Outdated
Show resolved
Hide resolved
14 tasks
📸 UI snapshots have been updated4 snapshot changes in total. 0 added, 4 modified, 0 deleted:
Triggered by this commit. |
zlwaterfield
force-pushed
the
zach/rbac/6d
branch
from
d776f6f to
6510905
Compare
joshsny
approved these changes
Jan 21, 2025
| <AccessControlledLemonButton | ||
| userAccessLevel={featureFlag.user_access_level} | ||
| minAccessLevel="editor" | ||
| resourceType="feature flag" |
There was a problem hiding this comment.
nit(non-blocking): resourceType is free text for inserting into the disabledReason, but it's also passed to accessLevelSatisfied where it needs to be correct. may be worth considering an enum or string literal
📸 UI snapshots have been updated1 snapshot changes in total. 0 added, 1 modified, 0 deleted:
Triggered by this commit. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Follow along: #24512
This PR is adding a component that checks if the current user can perform an action on a resource under the access control model and return a reason why if not. It will disable buttons/inputs where the user does not have access and show a tooltip on hover with more information. This includes a helped component named
<AccessControlledLemonButton />that extendsLemonButtonto make it very easy to use.Initially adding for the main four resources (insights, dashboards, notebooks, feature flags). The actions being blocked are being made under the assumption the user will always have access to the underlying data ,so they will still be able to duplicate, view SQL, etc. They just won't be able to action edit or delete the resource. This doesn't yet cover 100% of cases but it's covering most. It's integrating into existing patterns of
canEditInsightandcanEditDashboard.Only relevant for those with the feature flag on.
👉 Stay up-to-date with PostHog coding conventions for a smoother review.
Does this work well for both Cloud and self-hosted?
Yes
How did you test this code?
Manually