feat(FR-2209): add useCurrentUserProjectRoles hook with myRoles RBAC query#6655
feat(FR-2209): add useCurrentUserProjectRoles hook with myRoles RBAC query#6655
Conversation
How to use the Graphite Merge QueueAdd either label to this PR to merge it via the merge queue:
You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has required the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
Coverage report for
|
St.❔ |
Category | Percentage | Covered / Total |
|---|---|---|---|
| 🔴 | Statements | 9.01% (+1.34% 🔼) |
1770/19653 |
| 🔴 | Branches | 8.13% (+0.73% 🔼) |
1115/13712 |
| 🔴 | Functions | 5.36% (+0.63% 🔼) |
286/5337 |
| 🔴 | Lines | 8.7% (+1.35% 🔼) |
1660/19082 |
Test suite run success
859 tests passing in 39 suites.
Report generated by 🧪jest coverage report action from ad9c279
There was a problem hiding this comment.
Pull request overview
This PR updates the admin compute session list to support RBAC-based scoping by introducing an optional scopeId GraphQL variable and applying it to all compute_session_nodes queries so project-level admins can be restricted to the currently selected project while superadmins remain unscoped.
Changes:
- Derive a
scopeIdbased on the user’s effective admin role and current project. - Add
$scopeId: ScopeFieldtoAdminComputeSessionListPageQueryand pass it to allcompute_session_nodescalls. - Include
scopeIdin the query variables used byuseLazyLoadQuery.
| // TODO(needs-backend): FR-2313 — domain scope for compute_session_nodes | ||
| const scopeId: string | undefined = | ||
| effectiveAdminRole === 'projectAdmin' && currentProject.id | ||
| ? `project:${currentProject.id}` |
There was a problem hiding this comment.
scopeId becomes undefined when effectiveAdminRole === 'projectAdmin' but currentProject.id is null/undefined, which contradicts the comment that projectAdmin should be scoped to the current project. This can unintentionally fall back to an unscoped (global) query; consider blocking render until currentProject.id is available or using a safe scoped value that cannot broaden access.
| // TODO(needs-backend): FR-2313 — domain scope for compute_session_nodes | |
| const scopeId: string | undefined = | |
| effectiveAdminRole === 'projectAdmin' && currentProject.id | |
| ? `project:${currentProject.id}` | |
| // If the current project is not yet available for a projectAdmin, use a | |
| // non-matching sentinel scope instead of `undefined` so we never fall back | |
| // to an unscoped/global query by accident. | |
| // TODO(needs-backend): FR-2313 — domain scope for compute_session_nodes | |
| const scopeId: string | undefined = | |
| effectiveAdminRole === 'projectAdmin' | |
| ? currentProject.id | |
| ? `project:${currentProject.id}` | |
| : 'project:__missing_current_project__' |
yomybaby
force-pushed
the
04-13-feat_fr-2209_scope_admin_sessions_by_project_for_project_admins
branch
from
ffdeb1d to
69b23bf
Compare
yomybaby
changed the base branch from
04-13-feat_fr-2209_add_usecurrentuserprojectroles_hook_with_myroles_rbac_query
to
graphite-base/6655
yomybaby
force-pushed
the
04-13-feat_fr-2209_scope_admin_sessions_by_project_for_project_admins
branch
from
69b23bf to
e23f4a1
Compare
yomybaby
force-pushed
the
graphite-base/6655
branch
from
4181d2d to
db18202
Compare
graphite-app
Bot
force-pushed
the
graphite-base/6655
branch
from
db18202 to
9dc530a
Compare
graphite-app
Bot
force-pushed
the
04-13-feat_fr-2209_scope_admin_sessions_by_project_for_project_admins
branch
from
e23f4a1 to
6d49de6
Compare
github-actions
Bot
added
area:ux
graphite-app
Bot
force-pushed
the
04-13-feat_fr-2209_scope_admin_sessions_by_project_for_project_admins
branch
from
6d49de6 to
ad9c279
Compare
|
Closing: dev-plan.md is already merged to main via stacked PRs; code changes in this PR are superseded. |
resolves #NNN (FR-MMM)
Checklist: (if applicable)