From ea4bdfa48e751e91d37050a5db592ced23857033 Mon Sep 17 00:00:00 2001 From: Kashish Mittal Date: Fri, 16 May 2025 10:31:05 -0400 Subject: [PATCH] rename hasCreatedBy to isTaskOwner Signed-off-by: Kashish Mittal --- .changeset/weak-bags-behave.md | 2 +- .../authorizing-scaffolder-template-details.md | 4 ++-- plugins/scaffolder-backend/report-alpha.api.md | 2 +- .../src/service/rules.test.ts | 18 +++++++++--------- .../scaffolder-backend/src/service/rules.ts | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.changeset/weak-bags-behave.md b/.changeset/weak-bags-behave.md index c8024f8ff4..25a0147917 100644 --- a/.changeset/weak-bags-behave.md +++ b/.changeset/weak-bags-behave.md @@ -9,4 +9,4 @@ BREAKING : - Converted `scaffolder.task.read` and `scaffolder.task.cancel` into Resource Permissions. -- Added a new scaffolder rule `hasCreatedBy` for `scaffolder.task.read` and `scaffolder.task.cancel` to allow for conditional permission policies such as restricting access to tasks and task events based on task creators. +- Added a new scaffolder rule `isTaskOwner` for `scaffolder.task.read` and `scaffolder.task.cancel` to allow for conditional permission policies such as restricting access to tasks and task events based on task creators. diff --git a/docs/features/software-templates/authorizing-scaffolder-template-details.md b/docs/features/software-templates/authorizing-scaffolder-template-details.md index 200035e434..7ff2cd9377 100644 --- a/docs/features/software-templates/authorizing-scaffolder-template-details.md +++ b/docs/features/software-templates/authorizing-scaffolder-template-details.md @@ -220,7 +220,7 @@ class ExamplePermissionPolicy implements PermissionPolicy { // Allow users to read tasks they created return createScaffolderTaskConditionalDecision( request.permission, - scaffolderTaskConditions.hasCreatedBy({ + scaffolderTaskConditions.isTaskOwner({ createdBy: user?.info.userEntityRef ? [user?.info.userEntityRef] : [], }), ); @@ -245,7 +245,7 @@ class ExamplePermissionPolicy implements PermissionPolicy { if (user?.info.userEntityRef === 'user:default/bob') { return createScaffolderTaskConditionalDecision( request.permission, - scaffolderTaskConditions.hasCreatedBy({ + scaffolderTaskConditions.isTaskOwner({ createdBy: user?.info.userEntityRef ? [user?.info.userEntityRef] : [], diff --git a/plugins/scaffolder-backend/report-alpha.api.md b/plugins/scaffolder-backend/report-alpha.api.md index 6c64bfa848..47b87602f6 100644 --- a/plugins/scaffolder-backend/report-alpha.api.md +++ b/plugins/scaffolder-backend/report-alpha.api.md @@ -85,7 +85,7 @@ export const scaffolderActionConditions: Conditions<{ // @alpha export const scaffolderTaskConditions: Conditions<{ - hasCreatedBy: PermissionRule< + isTaskOwner: PermissionRule< SerializedTask, { key: string; diff --git a/plugins/scaffolder-backend/src/service/rules.test.ts b/plugins/scaffolder-backend/src/service/rules.test.ts index 92d3718496..85e393247a 100644 --- a/plugins/scaffolder-backend/src/service/rules.test.ts +++ b/plugins/scaffolder-backend/src/service/rules.test.ts @@ -22,7 +22,7 @@ import { hasProperty, hasStringProperty, hasTag, - hasCreatedBy, + isTaskOwner, } from './rules'; import { createConditionAuthorizer } from '@backstage/plugin-permission-node'; import { RESOURCE_TYPE_SCAFFOLDER_ACTION } from '@backstage/plugin-scaffolder-common/alpha'; @@ -527,7 +527,7 @@ describe('hasStringProperty', () => { }); }); -describe('hasCreatedBy', () => { +describe('isTaskOwner', () => { describe('apply', () => { const task: SerializedTask = { id: 'a-random-id', @@ -538,28 +538,28 @@ describe('hasCreatedBy', () => { }; it('returns false when createdBy is an empty array', () => { expect( - hasCreatedBy.apply(task, { + isTaskOwner.apply(task, { createdBy: [], }), ).toEqual(false); }); it('returns false when createdBy is not matched (single user in createdBy)', () => { expect( - hasCreatedBy.apply(task, { + isTaskOwner.apply(task, { createdBy: ['not-matched'], }), ).toEqual(false); }); it('returns true when createdBy matches (single user in createdBy)', () => { expect( - hasCreatedBy.apply(task, { + isTaskOwner.apply(task, { createdBy: ['user:default/user-1'], }), ).toEqual(true); }); it('returns false when createdBy is not matched (multiple users in createdBy)', () => { expect( - hasCreatedBy.apply(task, { + isTaskOwner.apply(task, { createdBy: [ 'user:default/user-2', 'user:default/user-3', @@ -570,7 +570,7 @@ describe('hasCreatedBy', () => { }); it('returns true when createdBy matches (multiple users in createdBy)', () => { expect( - hasCreatedBy.apply(task, { + isTaskOwner.apply(task, { createdBy: [ 'user:default/user-1', 'user:default/user-2', @@ -583,7 +583,7 @@ describe('hasCreatedBy', () => { describe('toQuery', () => { it('returns the correct query filter with values (single user in createdBy)', () => { expect( - hasCreatedBy.toQuery({ + isTaskOwner.toQuery({ createdBy: ['user:default/user-1'], }), ).toEqual({ key: 'created_by', values: ['user:default/user-1'] }); @@ -591,7 +591,7 @@ describe('hasCreatedBy', () => { }); it('returns the correct query filter with values (multiple users in createdBy)', () => { expect( - hasCreatedBy.toQuery({ + isTaskOwner.toQuery({ createdBy: ['user:default/user-1', 'user:default/user-2'], }), ).toEqual({ diff --git a/plugins/scaffolder-backend/src/service/rules.ts b/plugins/scaffolder-backend/src/service/rules.ts index 69fb69bb73..05575cbbe3 100644 --- a/plugins/scaffolder-backend/src/service/rules.ts +++ b/plugins/scaffolder-backend/src/service/rules.ts @@ -142,8 +142,8 @@ export const createTaskPermissionRule = makeCreatePermissionRule< typeof RESOURCE_TYPE_SCAFFOLDER_TASK >(); -export const hasCreatedBy = createTaskPermissionRule({ - name: 'HAS_CREATED_BY', +export const isTaskOwner = createTaskPermissionRule({ + name: 'IS_TASK_OWNER', description: 'Allows tasks created by certain users to be accessible', resourceType: RESOURCE_TYPE_SCAFFOLDER_TASK, paramsSchema: z.object({ @@ -174,4 +174,4 @@ export const scaffolderActionRules = { hasNumberProperty, hasStringProperty, }; -export const scaffolderTaskRules = { hasCreatedBy }; +export const scaffolderTaskRules = { isTaskOwner };