fix/app_permissions - Githubissues

drowninginflowers commented 10 months ago

Before The return from permissions_for included apps that had been deleted

After Deleted apps are now excluded from the return

Notes fixes #204

elmerv commented 10 months ago

Testing Environment:

Branches: trivial-ui (main), trivial-api(fix/app_permissions) Branches are ran locally. I used postman to send GET api requests.

Tests

☑️ Test 1: Creating a dashboard app and deleting app:

How I tested: I created and deleted a dashbaord app via local trivial-ui.

Results: Can confirm that deleting a dashboard app works as intended. Deleting a dashboard app removes it from the permissions list. The outputs below are permissions for the user that created the dashboard app.

Result prior to deleting dashboard app:

{
    "update": {
        "app_names": [
            "8c2d85a29ae274"
        ],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [
            "8c2d85a29ae274"
        ],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [
            "8c2d85a29ae274"
        ],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [
            "8c2d85a29ae274"
        ],
        "credential_set_ids": []
    }
}

Results after deleting dashboard app:

{
    "update": {
        "app_names": [],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [],
        "credential_set_ids": []
    }
}

☑️ Test 2: Deleting a sub-app:

How I tested: I created and deleted a sub-app within trivial-ui

Results: This works as intended. Deleting a sub-app removes it in the permissions list. The outputs below are permissions for the user that created the sub-app and dashboard. Note: In this example I only intended to delete one sub-app.

Before:

{
    "update": {
        "app_names": [
            "c81dd1d5e584ef",   <- subapp
            "0e03be7b29a3d9", <- subapp
            "3a9f767be5f3c2"    <- dashboard app
        ],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [
            "c81dd1d5e584ef",
            "0e03be7b29a3d9",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [
            "c81dd1d5e584ef",
            "0e03be7b29a3d9",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [
            "c81dd1d5e584ef",  
            "0e03be7b29a3d9",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    }
}

After:

{
    "update": {
        "app_names": [
            "c81dd1d5e584ef",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [
            "c81dd1d5e584ef",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [
            "c81dd1d5e584ef",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [
            "c81dd1d5e584ef",
            "3a9f767be5f3c2"
        ],
        "credential_set_ids": []
    }
}

︖ Test 3: Deleting a dashboard app with a sub-app:

How I tested: Created and deleted a dashboard with a sub-app within trivial-ui.

Results: Solely deleting a dashboard app removes the dashboard app from permissions list, but doesn't remove it's corresponding sub-apps. Sub-apps are only deleted when done through their respective app settings or trash can icon. I spoke with Jordyn about this and he mentioned that this should be how it works. Would love some confirmation on this @vgkids. The output below are permissions for the user that created the sub-app and dashboard.

Before:

{
    "update": {
        "app_names": [
            "01481e0c9934df", <- dashboard app
            "2e518a4617d7bd" <- sub-app
        ],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [
            "01481e0c9934df",
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [
            "01481e0c9934df",
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [
            "01481e0c9934df",
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    }
}

After:

{
    "update": {
        "app_names": [
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [
            "2e518a4617d7bd"
        ],
        "credential_set_ids": []
    }
}

☑️ Test 4: Confirming that deleted org apps don't show up in permission list

This was the test that presented the issue with deleted apps showing up via permissions list.

How I tested: I created a dashboard app and transferred it to an org via the ruby command line. I then invited an admin to the org via trivial-ui. After inviting the member to org, I deleted the app. Can confirm that the results are as expected, deleting an org app removes permissions for admins in the org. The results below show the permission list for the newly invited admin before and after the app was deleted.

Before:

{
    "update": {
        "app_names": [
            "0339e5619bf426"
        ],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [
            "0339e5619bf426"
        ],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [
            "0339e5619bf426"
        ],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [
            "0339e5619bf426"
        ],
        "credential_set_ids": []
    }
}

After:

{
    "update": {
        "app_names": [],
        "credential_set_ids": []
    },
    "destroy": {
        "app_names": [],
        "credential_set_ids": []
    },
    "grant": {
        "app_names": [],
        "credential_set_ids": []
    },
    "transfer": {
        "app_names": [],
        "credential_set_ids": []
    }
}

Overall, everything looks good to go. I would just like some confirmation on test 3 by James. @drowninginflowers

vgkids commented 10 months ago

Solely deleting a dashboard app removes the dashboard app from permissions list, but doesn't remove it's corresponding sub-apps. Sub-apps are only deleted when done through their respective app settings or trash can icon.

@elmerv This is how we want the API to behave. Can you create an issue in trivial-ui that documents two things? 1) When a dashboard is deleted, what happens to it's children? The user should be given an option to delete them all or understand they will be orphaned.

2) When removing panel from a dashboard, is it it actually deleted or just detached from the dashboard? We likely want to give the user an option to choose which happens.

elmerv commented 10 months ago

Will do @vgkids 👍

solid-adventure / trivial-api

fix/app_permissions #205

Testing Environment:

Tests