search

sourcegraph / sourcegraph-public-snapshot

Code AI platform with Code Search & Cody
https://sourcegraph.com
Other
10.1k stars 1.29k forks source link

insights: editing dashboard grants with user restricted response #26442

Open coury-clark opened 3 years ago

coury-clark commented 3 years ago

Currently the insights dashboard GraphQL returns some limited information about which grants are available to the dashboard

"""
Permissions object. Note: only organizations the user has access to will be included.
"""
type InsightsPermissionGrants {
    """
    Specific users that have permission.
    """
    users: [ID!]!
    """
    Organizations that have permission.
    """
    organizations: [ID!]!
    """
    True if the permission is set to global.
    """
    global: Boolean!
}

This information should be restricted based on the user context initiating the request, and filter org / user information down. However, this is incompatible with the definition for editing / creating dashboards, which requires a complete definition of grants available to the dashboard. Obviously, this is not possible to provide if a user doesn't have access to the complete list.

We need to provide a way to edit / create dashboards without mutating the overall visibility, but still allow users with non-global access (non-admins) to mutate and edit dashboards for things they can see.

github-actions[bot] commented 3 years ago

Heads up @joelkw @felixfbecker @vovakulikov @unclejustin - the "team/code-insights" label was applied to this issue.

coury-clark commented 2 years ago

Leaving a note that we need to check if this issue is still relevant, the API has gone through quite a few iterations at this point.

leonore commented 2 years ago

This would need to be part of larger work and require some discussions.