🚧 🦋 Updates Tokens page#4254
Conversation
| if (id = flash[:token]) && (token = current_user.access_tokens.find_by(id:)) | ||
| render 'access_token_created', locals: { token: } |
There was a problem hiding this comment.
Used to be handled in the template, I think it's the controller's responsibility and it renders now a completely different template without instantiating the presenter or fetching any tokens.
❌ 61 blocking issues (61 total)
|
There was a problem hiding this comment.
I changed this component to be an icon button (much better looking) and that's why users page needed to be updated.
| } | ||
|
|
||
| .pf-c-form__actions { | ||
| .pf-c-button.pf-m-danger { |
There was a problem hiding this comment.
This will include action-list styles to every form and move Delete buttons to the far right (if the form implements action-list, which only CMS ones do and they already are in the right).
| [] | ||
| end | ||
| def accessible_services_with_token | ||
| return Service.none unless has_permission?(:plans) # TODO: is this permission check handled by accessible_services already? |
There was a problem hiding this comment.
Is it possible for an user not to have plans permission AND have accessible services?
There was a problem hiding this comment.
Yes, it is possible. There are four permission types (including :plans) that make accessible_services return a non-empty array (of course, given that some - or ALL - services are enabled).
>> u.accessible_services.count
=> 27
>> u.has_permission?(:plans)
~> admin25 has_permission?(plans) => false
=> false
>> u.admin_sections
=> #<Set: {:partners, :monitoring, :policy_registry}>
However, indeed, at the moment the page only shows service tokens to those users that have :plans permission explicitly.
| @user.allowed_access_token_scopes.empty? | ||
| end | ||
|
|
||
| def service_tokens |
There was a problem hiding this comment.
Confusing name, I know.
|
|
||
| - content_for :javascripts do | ||
| = javascript_packs_with_chunks_tag 'empty_state' | ||
| = stylesheet_packs_chunks_tag 'empty_state' |
There was a problem hiding this comment.
Not related to this PR actually, but a minor typo. empty_state is a SCSS file, not TS.
josemigallas
force-pushed
the
THREESCALE-9869_tokens_page
branch
2 times, most recently
from
dc78ed8 to
4c4cbc1
Compare
* New token are generated already hashed * Old tokens are hashed first time they are used Co-Authored-By: Claude <noreply@anthropic.com>
* Remove dead code * Render on create instead of redirecting, so the user can see the token while still in memory * New template to show the generated token. It was embedded in the index template before * Add I18N, by Claude Co-authored-by: Claude <no-reply@anthropic.com>
Co-Authored-By: Claude <noreply@anthropic.com>
mayorova
left a comment
mayorova
left a comment
There was a problem hiding this comment.
It's hard to review the template changes, but the views look good to me.
|
Careful though, I think this will conflict with #4236 ... UPDATE: I don't think, I am sure 😅 huge conflict incoming... |
Worst timing ever! It's fine, just merge this first and I'll manage the conflicts |
| [] | ||
| end | ||
| def accessible_services_with_token | ||
| return Service.none unless has_permission?(:plans) # TODO: is this permission check handled by accessible_services already? |
There was a problem hiding this comment.
Please don't add TODOs to the code. In this case, this is not even something to do, it's a question.
There was a problem hiding this comment.
This is my way of attacting reviewers' attention when I have doubts. Not a real TODO as you pointer out.
On a side note I used to hate TODOs as well, but honestly it's the only way to register small future tasks/improvements rather than opening a whole new task in JIRA. Also I hate JIRA even more than TODOs 😄.
| else | ||
| [] | ||
| end | ||
| def accessible_services_with_token |
There was a problem hiding this comment.
Why this change? what was wrong with the previous method?
There was a problem hiding this comment.
empty array was simply not proper. Other than that, the implementation looked ugly.
| end | ||
|
|
||
| def service_tokens | ||
| @service_tokens ||= @user.accessible_services_with_token |
There was a problem hiding this comment.
If accessible_services_with_token is now returning services instead of tokens, shouldn't the instance variable here be called @services instead of @service_tokens?
There was a problem hiding this comment.
Yep, I left it half baked I guess. It's better now.
josemigallas
force-pushed
the
THREESCALE-9869_tokens_page
branch
from
4c4cbc1 to
ddb14dd
Compare
josemigallas
changed the base branch from
master
to
THREESCALE-12408-acess-tokens-protection
josemigallas
force-pushed
the
THREESCALE-9869_tokens_page
branch
from
ddb14dd to
cdec879
Compare
| scopes { ['stats'] } | ||
| permission { 'rw' } | ||
| sequence(:name) { |n| "Alaska_#{n}" } | ||
| sequence(:name) { |n| "token_#{n}" } |
There was a problem hiding this comment.
This was suggested by our beloved AI colleague to make it more generic.
|
@damianpm @jlledom Now the review is on top of Joan's changes. |
| dd class="pf-c-description-list__description" | ||
| div class="pf-c-description-list__text" | ||
| = token.plaintext_value | ||
| = token.value |
There was a problem hiding this comment.
It should how the plain text value. This is now showing the token hash in DB, which is meaningless for the user.
| = token.value | |
| = token.plaintext_value |
| | Expires at | Never expires | | ||
| And there should be a link to "I have copied the token" |
There was a problem hiding this comment.
I think it should assert the plain text token is shown here. That would have caught the error in the show template.
| test 'show is rendered when a token is created' do | ||
| expires_at = 1.week.from_now.utc.iso8601 | ||
| post :create, params: { access_token: { name: 'Le Token', scopes: ['account_management'], permission: 'ro', expires_at: } } | ||
|
|
||
| assert_response :success | ||
| assert_template :show | ||
| end |
There was a problem hiding this comment.
Beside from the cuke, this is another place where we could assert the plain token presence in the show template. Either of both is fine for me.
|
This PR is stale because it has not received activity for more than 30 days. Remove stale label or comment or this will be closed in 15 days. |
jlledom
force-pushed
the
THREESCALE-12408-acess-tokens-protection
branch
3 times, most recently
from
43c3ab6 to
4865027
Compare
3 participants
THREESCALE-9869: Tokens index page
😄 Improved tokens index page
😅 Slight change to edit token page
😓 Needed to change users page for consistency with table actions (see image below).
Before:
After
User index page
For consistency and since both tables use the same button icon component, this page has also been updated (edit and delete links):
Edit page action buttons
Added cancel button (goes back to index) and moved delete to the right for better UX:
