Skip to content

Add scope check for d&d menu items #6337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jul 16, 2025
Merged

Add scope check for d&d menu items #6337

merged 9 commits into from
Jul 16, 2025

Conversation

lucanovera
Copy link
Contributor

@lucanovera lucanovera commented Jul 15, 2025
edited
Loading

Description Of Changes

Fix D&D menu items appearing for users without the required scope.

Code Changes

  • Require DISCOVERY_MONITOR_READ scope to show D&D nav menu items
  • Update roles in tests
  • Update detection & discovery cypress test to use the owner role

Steps to Confirm

  1. Login as a internal respondent user
  2. Check no Discovery items in the menu appear
  3. Login as any other type of user
  4. Check Detection & Discovery appears in the menu

Pre-Merge Checklist

  • Issue requirements met
  • All CI pipelines succeeded
  • CHANGELOG.md updated
    • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
    • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
    • Updates unreleased work already in Changelog, no new entry necessary
  • Followup issues:
    • Followup issues created
    • No followup issues
  • Database migrations:
    • Ensure that your downrev is up to date with the latest revision on main
    • Ensure that your downgrade() migration is correct and works
      • If a downgrade migration is not possible for this change, please call this out in the PR description!
    • No migrations
  • Documentation:
    • Documentation complete, PR opened in fidesdocs
    • Documentation issue created in fidesdocs
    • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
    • No documentation updates required

@vercel Vercel
Copy link

vercel bot commented Jul 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Skipped Deployments
Name Status Preview Comments Updated (UTC)
fides-plus-nightly ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2025 3:03am
fides-privacy-center ⬜️ Ignored (Inspect) Jul 16, 2025 3:03am

@lucanovera lucanovera requested a review from jpople July 15, 2025 17:31
jpople
jpople reviewed Jul 15, 2025
View reviewed changes
Copy link
Contributor

@jpople jpople left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to add a check for this-- can we handle the case where a user has discovery_monitor:read but not discovery_monitor:update? This would allow a user with the former but not the latter to both view the pages and make changes, which seems potentially problematic.

@lucanovera
Copy link
Contributor Author

Good to add a check for this-- can we handle the case where a user has discovery_monitor:read but not discovery_monitor:update? This would allow a user with the former but not the latter to both view the pages and make changes, which seems potentially problematic.

Yeah you're right. I'll create a follow up ticket for that so we don't forget. This is a quick fix I made because I saw the new user (internal respondent) is supposed to be very limited but it was seeing that option in the menu.

@lucanovera
Merge branch 'main' into ENG-955-Viewers-and-users-without-access-to-…
6a330c2 
…Data-Discovery-are-still-seeing-the-option-in-the-menu
@lucanovera lucanovera merged commit d7ca3ca into main Jul 16, 2025
20 checks passed
@lucanovera lucanovera deleted the ENG-955-Viewers-and-users-without-access-to-Data-Discovery-are-still-seeing-the-option-in-the-menu branch July 16, 2025 03:52
@cypress Cypress
Copy link

cypress bot commented Jul 16, 2025

fides    Run #13124

Run Properties:  status check passed Passed #13124  •  git commit d7ca3caf23: Add scope check for d&d menu items (#6337)
Project fides
Branch Review main
Run status status check passed Passed #13124
Run duration 01m 04s
Commit git commit d7ca3caf23: Add scope check for d&d menu items (#6337)
Committer Lucano Vera
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 5
View all changes introduced in this branch ↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpople jpople jpople approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lucanovera @jpople