feat: add shared in organization functionality for Git providers #2804
+6,912
−105
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Introduced a new boolean column `sharedInOrg` in the `git_provider` table to manage sharing settings. - Implemented a toggle switch in the UI to allow users to update the sharing status of their Git providers. - Updated API routes to handle authorization based on the new sharing feature, ensuring only authorized users can modify shared settings. - Enhanced filtering logic to include shared Git providers in user queries.
- Scope visibility to the active organization - Allow access only if owner or shared within that org - Unify access checks and listing filters across routers - Use shared canAccessProvider/filterVisibleProviders helpers - Prevent cross-org exposure
- Require organization-scoped checks for Git provider routes - Align router and service validation to prevent cross-org access - add missing drizzle snapshot and journal
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Git Provider Ownership Control (issue #2220)
Overview
This PR implements ownership-based access control for git provider sharing settings, ensuring that only the creator of a git provider can toggle its "Share in Organization" setting. This change enhances security by preventing unauthorized users from modifying sharing permissions of git providers they don't own.
Changes
Access Control Implementation
ShowGitProviderscomponent to conditionally render the "Share in Organization" switch only for providers owned by the current userupdateSharedInOrgmutation to validate both organization membership AND user ownership before allowing sharing toggle updatesCode Changes
show-git-providers.tsxgit-provider.tsrouter to validate both organization and ownership in a single conditionSecurity Impact
Testing
Please verify:
Future Considerations
This change provides a foundation for more granular provider management features, such as:
Breaking Changes
None