fix: incorrect cluster fetching bug

kyma-project · Jul 5, 2024 · a49e960 · a49e960
1 parent e879b0a
commit a49e960
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 7 deletions.
diff --git a/src/state/navigation/extensionsAtom.ts b/src/state/navigation/extensionsAtom.ts
@@ -10,6 +10,7 @@ import { getFetchFn } from '../utils/getFetchFn';
 import { configurationAtom } from 'state/configuration/configurationAtom';
 import { openapiPathIdListSelector } from 'state/openapi/openapiPathIdSelector';
 import {
+  getPermissionResourceRules,
   permissionSetsSelector,
   PermissionSetState,
 } from 'state/permissionSetsSelector';
@@ -24,6 +25,7 @@ import { RESOURCE_PATH } from 'hooks/useMessageList';
 import pluralize from 'pluralize';
 import { useGet } from 'shared/hooks/BackendAPI/useGet';
 import { CustomResourceDefinition } from 'command-pallette/CommandPalletteUI/handlers/crHandler';
+import { createPostFn } from 'shared/hooks/BackendAPI/usePost';
 
 /*
 the order of the overwrting extensions
@@ -92,15 +94,30 @@ async function getConfigMapsWithSelector(
   const namespacedCMUrl = `/api/v1/namespaces/${currentNamespace ??
     kubeconfigNamespace}/configmaps?labelSelector=${selector}`;
 
-  const hasAccessToClusterCMList = doesUserHavePermission(
+  const namespaceAccess = doesUserHavePermission(
     ['list'],
     { resourceGroupAndVersion: '', resourceKind: 'ConfigMap' },
     permissionSet,
   );
-  console.log(hasAccessToClusterCMList);
+
+  const postFn = createPostFn(fetchFn);
+  const clusterPermissionSet = await getPermissionResourceRules(
+    postFn,
+    '',
+    true,
+  );
+  const clusterAccess = doesUserHavePermission(
+    ['list'],
+    { resourceGroupAndVersion: '', resourceKind: 'ConfigMap' },
+    clusterPermissionSet,
+  );
 
   // if user has no access to clusterwide namespace listing, fall back to namespaced listing
-  const url = hasAccessToClusterCMList ? clusterCMUrl : namespacedCMUrl;
+  const url = clusterAccess
+    ? clusterCMUrl
+    : namespaceAccess
+    ? namespacedCMUrl
+    : '';
 
   if (!currentNamespace) {
     try {

diff --git a/src/state/permissionSetsSelector.ts b/src/state/permissionSetsSelector.ts
@@ -37,8 +37,9 @@ export function hasAnyRoleBound(permissionSet: PermissionSetState) {
 export async function getPermissionResourceRules(
   postFn: PostFn,
   namespaceId?: string,
+  clusterWide?: boolean,
 ) {
-  const namespaceName = namespaceId ? namespaceId : '*';
+  const namespaceName = clusterWide || !namespaceId ? '*' : namespaceId;
   const path = '/apis/authorization.k8s.io/v1/selfsubjectrulesreviews';
   const ssrr = {
     typeMeta: {

diff --git a/src/state/utils/getConfigMaps.ts b/src/state/utils/getConfigMaps.ts
@@ -1,6 +1,10 @@
 import { FetchFn } from 'shared/hooks/BackendAPI/useFetch';
+import { createPostFn } from 'shared/hooks/BackendAPI/usePost';
 import { doesUserHavePermission } from 'state/navigation/filters/permissions';
-import { PermissionSetState } from 'state/permissionSetsSelector';
+import {
+  PermissionSetState,
+  getPermissionResourceRules,
+} from 'state/permissionSetsSelector';
 import { K8sResource } from 'types';
 
 export type ConfigMapData = {
@@ -30,14 +34,30 @@ export async function getConfigMaps(
   const namespacedCMUrl = `/api/v1/namespaces/${currentNamespace ??
     kubeconfigNamespace}/configmaps?labelSelector=${labelSelector}`;
 
-  const hasAccessToClusterCMList = doesUserHavePermission(
+  const namespaceAccess = doesUserHavePermission(
     ['list'],
     { resourceGroupAndVersion: '', resourceKind: 'ConfigMap' },
     permissionSet,
   );
 
+  const postFn = createPostFn(fetchFn);
+  const clusterPermissionSet = await getPermissionResourceRules(
+    postFn,
+    '',
+    true,
+  );
+  const clusterAccess = doesUserHavePermission(
+    ['list'],
+    { resourceGroupAndVersion: '', resourceKind: 'ConfigMap' },
+    clusterPermissionSet,
+  );
+
   // user has no access to clusterwide namespace listing, fall back to namespaced listing
-  const url = hasAccessToClusterCMList ? clusterCMUrl : namespacedCMUrl;
+  const url = clusterAccess
+    ? clusterCMUrl
+    : namespaceAccess
+    ? namespacedCMUrl
+    : '';
 
   try {
     const response = await fetchFn({ relativeUrl: url });