oh yeah

coder · aslilac · Feb 19, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 7, 2025
commit 0a590893742171e847f461c4e52d0d0cc1466672
@@ -11,6 +11,8 @@ import {
 	organizationPermissionChecks,
 	type OrganizationPermissions,
 	type OrganizationPermissionName,
+	anyOrganizationPermissionChecks,
+	type AnyOrganizationPermissions,
 } from "modules/management/organizationPermissions";
 
 export const createOrganization = (queryClient: QueryClient) => {
@@ -251,6 +253,16 @@ export const organizationsPermissions = (
 	};
 };
 
+export const anyOrganizationPermissions = () => {
+	return {
+		queryKey: ["authorization", "anyOrganization"],
+		queryFn: () =>
+			API.checkAuthorization({
+				checks: anyOrganizationPermissionChecks,
+			}) as Promise<AnyOrganizationPermissions>,
+	};
+};
+
 export const getOrganizationIdpSyncClaimFieldValuesKey = (
 	organization: string,
 	field: string,

diff --git a/site/src/contexts/auth/AuthProvider.tsx b/site/src/contexts/auth/AuthProvider.tsx
@@ -101,6 +101,8 @@ export const AuthProvider: FC<PropsWithChildren> = ({ children }) => {
 		[updateProfileMutation],
 	);
 
+	console.log(permissionsQuery.data);
+
 	return (
 		<AuthContext.Provider
 			value={{

@@ -16,7 +16,6 @@ export const checks = {
 	readWorkspaceProxies: "readWorkspaceProxies",
 	editWorkspaceProxies: "editWorkspaceProxies",
 	createOrganization: "createOrganization",
-	editAnyOrganization: "editAnyOrganization",
 	viewAnyGroup: "viewAnyGroup",
 	createGroup: "createGroup",
 	viewAllLicenses: "viewAllLicenses",
@@ -122,13 +121,6 @@ export const permissionsToCheck = {
 		},
 		action: "create",
 	},
-	[checks.editAnyOrganization]: {
-		object: {
-			resource_type: "organization",
-			any_org: true,
-		},
-		action: "update",
-	},
 	[checks.viewAnyGroup]: {
 		object: {
 			resource_type: "group",

@@ -1,7 +1,10 @@
 import { appearance } from "api/queries/appearance";
 import { entitlements } from "api/queries/entitlements";
 import { experiments } from "api/queries/experiments";
-import { organizations } from "api/queries/organizations";
+import {
+	anyOrganizationPermissions,
+	organizations,
+} from "api/queries/organizations";
 import type {
 	AppearanceConfig,
 	Entitlements,
@@ -14,13 +17,15 @@ import { useEmbeddedMetadata } from "hooks/useEmbeddedMetadata";
 import { type FC, type PropsWithChildren, createContext } from "react";
 import { useQuery } from "react-query";
 import { selectFeatureVisibility } from "./entitlements";
+import { canViewAnyOrganization } from "modules/management/organizationPermissions";
 
 export interface DashboardValue {
 	entitlements: Entitlements;
 	experiments: Experiments;
 	appearance: AppearanceConfig;
 	organizations: readonly Organization[];
 	showOrganizations: boolean;
+	canViewOrganizationSettings: boolean;
 }
 
 export const DashboardContext = createContext<DashboardValue | undefined>(
@@ -33,12 +38,16 @@ export const DashboardProvider: FC<PropsWithChildren> = ({ children }) => {
 	const experimentsQuery = useQuery(experiments(metadata.experiments));
 	const appearanceQuery = useQuery(appearance(metadata.appearance));
 	const organizationsQuery = useQuery(organizations());
+	const anyOrganizationPermissionsQuery = useQuery(
+		anyOrganizationPermissions(),
+	);
 
 	const error =
 		entitlementsQuery.error ||
 		appearanceQuery.error ||
 		experimentsQuery.error ||
-		organizationsQuery.error;
+		organizationsQuery.error ||
+		anyOrganizationPermissionsQuery.error;
 
 	if (error) {
 		return <ErrorAlert error={error} />;
@@ -48,7 +57,8 @@ export const DashboardProvider: FC<PropsWithChildren> = ({ children }) => {
 		!entitlementsQuery.data ||
 		!appearanceQuery.data ||
 		!experimentsQuery.data ||
-		!organizationsQuery.data;
+		!organizationsQuery.data ||
+		!anyOrganizationPermissionsQuery.data;
 
 	if (isLoading) {
 		return <Loader fullscreen />;
@@ -58,6 +68,7 @@ export const DashboardProvider: FC<PropsWithChildren> = ({ children }) => {
 	const organizationsEnabled = selectFeatureVisibility(
 		entitlementsQuery.data,
 	).multiple_organizations;
+	const showOrganizations = hasMultipleOrganizations || organizationsEnabled;
 
 	return (
 		<DashboardContext.Provider
@@ -66,7 +77,10 @@ export const DashboardProvider: FC<PropsWithChildren> = ({ children }) => {
 				experiments: experimentsQuery.data,
 				appearance: appearanceQuery.data,
 				organizations: organizationsQuery.data,
-				showOrganizations: hasMultipleOrganizations || organizationsEnabled,
+				showOrganizations,
+				canViewOrganizationSettings:
+					showOrganizations &&
+					canViewAnyOrganization(anyOrganizationPermissionsQuery.data),
 			}}
 		>
 			{children}

@@ -12,15 +12,13 @@ export const Navbar: FC = () => {
 	const { metadata } = useEmbeddedMetadata();
 	const buildInfoQuery = useQuery(buildInfo(metadata["build-info"]));
 
-	const { appearance, showOrganizations } = useDashboard();
+	const { appearance, canViewOrganizationSettings } = useDashboard();
 	const { user: me, permissions, signOut } = useAuthenticated();
 	const featureVisibility = useFeatureVisibility();
 	const canViewAuditLog =
 		featureVisibility.audit_log && permissions.viewAnyAuditLog;
 	const canViewDeployment = permissions.viewDeploymentValues;
-	const canViewOrganizations =
-		(permissions.viewDeploymentValues || permissions.editAnyOrganization) &&
-		showOrganizations;
+	const canViewOrganizations = canViewOrganizationSettings;
 	const proxyContextValue = useProxy();
 	const canViewHealth = canViewDeployment;
 

@@ -17,7 +17,10 @@ import NotFoundPage from "pages/404Page/404Page";
 import { type FC, Suspense, createContext, useContext } from "react";
 import { useQuery } from "react-query";
 import { Outlet, useParams } from "react-router-dom";
-import type { OrganizationPermissions } from "./organizationPermissions";
+import {
+	canViewOrganization,
+	type OrganizationPermissions,
+} from "./organizationPermissions";
 
 export const OrganizationSettingsContext = createContext<
 	OrganizationSettingsValue | undefined
@@ -41,33 +44,12 @@ export const useOrganizationSettings = (): OrganizationSettingsValue => {
 	return context;
 };
 
-/**
- * Checks if the user can view or edit members or groups for the organization
- * that produced the given OrganizationPermissions.
- */
-const canViewOrganization = (
-	permissions: OrganizationPermissions | undefined,
-): permissions is OrganizationPermissions => {
-	return (
-		permissions !== undefined &&
-		(permissions.editOrganization ||
-			permissions.editMembers ||
-			permissions.viewMembers ||
-			permissions.editGroups ||
-			permissions.viewGroups)
-	);
-};
-
 const OrganizationSettingsLayout: FC = () => {
-	const { permissions } = useAuthenticated();
-	const { organizations } = useDashboard();
+	const { organizations, canViewOrganizationSettings } = useDashboard();
 	const { organization: orgName } = useParams() as {
 		organization?: string;
 	};
 
-	const canViewOrganizationSettings =
-		permissions.viewDeploymentValues || permissions.editAnyOrganization;
-
 	const organization = orgName
 		? organizations.find((org) => org.name === orgName)
 		: undefined;