Commit b34a9fd

authored

[server] Fix permission issue for collaborators in listenForPrebuildUpdates (#20782)

1 parent 83a98be commit b34a9fdCopy full SHA for b34a9fd

File tree

2 files changed

+35

-6

lines changed

components/server/src
- orgs
  - organization-service.spec.db.ts
- workspace
  - gitpod-server-impl.ts

2 files changed

+35

-6

lines changed

`‎components/server/src/orgs/organization-service.spec.db.ts‎`

Lines changed: 30 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ describe("OrganizationService", async () => {`
`33`	`33`	`let stranger: User;`
`34`	`34`	`const adminId = BUILTIN_INSTLLATION_ADMIN_USER_ID;`
`35`	`35`	`let org: Organization;`
	`36`	`+ let org2: Organization;`
`36`	`37`	`let validateDefaultWorkspaceImage: DefaultWorkspaceImageValidator \| undefined;`
`37`	`38`
`38`	`39`	`beforeEach(async () => {`
`@@ -109,6 +110,8 @@ describe("OrganizationService", async () => {`
`109`	`110`
`110`	`111`	`await withTestCtx(SYSTEM_USER, () => os.joinOrganization(collaborator.id, invite.id));`
`111`	`112`
	`113`	`+ org2 = await os.createOrganization(owner.id, "org2");`
	`114`	`+`
`112`	`115`	`stranger = await userService.createUser({`
`113`	`116`	`identity: {`
`114`	`117`	`authId: "github\|1234",`
`@@ -275,7 +278,7 @@ describe("OrganizationService", async () => {`
`275`	`278`	`await os.createOrganization(owner.id, "org1");`
`276`	`279`	`await os.createOrganization(owner.id, "org2");`
`277`	`280`	`let orgs = await os.listOrganizationsByMember(owner.id, owner.id);`
`278`		`- expect(orgs.length).to.eq(3);`
	`281`	`+ expect(orgs.length).to.eq(4);`
`279`	`282`	`orgs = await os.listOrganizationsByMember(member.id, member.id);`
`280`	`283`	`expect(orgs.length).to.eq(1);`
`281`	`284`	`orgs = await os.listOrganizationsByMember(collaborator.id, collaborator.id);`
`@@ -347,11 +350,12 @@ describe("OrganizationService", async () => {`
`347`	`350`	`expect(members.some((m) => m.userId === owner.id && m.role === "owner")).to.be.true;`
`348`	`351`	`});`
`349`	`352`
`350`		`- it("should listOrganizations", async () => {`
	`353`	`+ it("should listOrganizations (for installation)", async () => {`
`351`	`354`	`const strangerOrg = await os.createOrganization(stranger.id, "stranger-org");`
`352`	`355`	`let orgs = await os.listOrganizations(owner.id, {}, "installation");`
`353`		`- expect(orgs.rows[0].id).to.eq(org.id);`
`354`		`- expect(orgs.total).to.eq(1);`
	`356`	`+ expect(orgs.rows.map((o) => o.id)).to.contain(org.id);`
	`357`	`+ expect(orgs.rows.map((o) => o.id)).to.contain(org2.id);`
	`358`	`+ expect(orgs.total).to.eq(2);`
`355`	`359`
`356`	`360`	`orgs = await os.listOrganizations(stranger.id, {}, "installation");`
`357`	`361`	`expect(orgs.rows[0].id).to.eq(strangerOrg.id);`
`@@ -360,7 +364,28 @@ describe("OrganizationService", async () => {`
`360`	`364`	`orgs = await os.listOrganizations(adminId, {}, "installation");`
`361`	`365`	`expect(orgs.rows.some((org) => org.id === org.id)).to.be.true;`
`362`	`366`	`expect(orgs.rows.some((org) => org.id === strangerOrg.id)).to.be.true;`
`363`		`- expect(orgs.total).to.eq(2);`
	`367`	`+ expect(orgs.total).to.eq(3);`
	`368`	`+ });`
	`369`	`+`
	`370`	`+ it("should listOrganizations (for member)", async () => {`
	`371`	`+ // Owner is member of both orgs`
	`372`	`+ const ownerResult = await os.listOrganizations(owner.id, {}, "member");`
	`373`	`+ expect(ownerResult.rows.map((o) => o.id)).to.include(org.id);`
	`374`	`+ expect(ownerResult.rows.map((o) => o.id)).to.include(org2.id);`
	`375`	`+`
	`376`	`+ // Member is only in org1`
	`377`	`+ const memberResult = await os.listOrganizations(member.id, {}, "member");`
	`378`	`+ expect(memberResult.rows.map((o) => o.id)).to.include(org.id);`
	`379`	`+ expect(memberResult.rows.map((o) => o.id)).to.not.include(org2.id);`
	`380`	`+`
	`381`	`+ // Collaborator is only in org1`
	`382`	`+ const collaboratorResults = await os.listOrganizations(collaborator.id, {}, "member");`
	`383`	`+ expect(collaboratorResults.rows.map((o) => o.id)).to.include(org.id);`
	`384`	`+ expect(collaboratorResults.rows.map((o) => o.id)).to.not.include(org2.id);`
	`385`	`+`
	`386`	`+ // Stranger is in no orgs`
	`387`	`+ const strangerResult = await os.listOrganizations(stranger.id, {}, "member");`
	`388`	`+ expect(strangerResult.total).to.equal(0);`
`364`	`389`	`});`
`365`	`390`
`366`	`391`	`it("should ad as collaborator with dataops + flexibleRole", async () => {`

`‎components/server/src/workspace/gitpod-server-impl.ts‎`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -268,7 +268,11 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {`
`268`	`268`	`subjectId: SubjectId.fromUserId(userId),`
`269`	`269`	`},`
`270`	`270`	`async () => {`
`271`		`- const organizations = await this.getTeams(ctx ?? {});`
	`271`	`+ const { rows: organizations } = await this.organizationService.listOrganizations(`
	`272`	`+ userId,`
	`273`	`+ { limit: 10 },`
	`274`	`+ "member",`
	`275`	`+ );`
`272`	`276`	`for (const organization of organizations) {`
`273`	`277`	`const hasPermission = await this.auth.hasPermissionOnOrganization(`
`274`	`278`	`userId,`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit b34a9fd

File tree

2 files changed

2 files changed

`‎components/server/src/orgs/organization-service.spec.db.ts‎`

`‎components/server/src/workspace/gitpod-server-impl.ts‎`

0 commit comments