mirror of
1
Fork 0

Fixes an visual bug where the info box to dispatch a workflow is shown even for users that lack permissions to actualy run the workflow. (#4305)

Example: Visit https://v8.next.forgejo.org/Mai-Lapyst/test/actions?workflow=dispatch.yaml&actor=0&status=0 without being logged in.

![image](/attachments/98e74104-4d60-4f7f-b17c-7e76467cd397)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4305
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
This commit is contained in:
Mai-Lapyst 2024-07-06 05:30:58 +00:00 committed by Earl Warren
parent c49afdf0ff
commit 98c8d45f0b
2 changed files with 13 additions and 2 deletions

View File

@ -95,6 +95,8 @@ func List(ctx *context.Context) {
allRunnerLabels.AddMultiple(r.AgentLabels...)
}
canRun := ctx.Repo.CanWrite(unit.TypeActions)
workflows = make([]Workflow, 0, len(entries))
for _, entry := range entries {
workflow := Workflow{Entry: *entry}
@ -146,7 +148,7 @@ func List(ctx *context.Context) {
}
workflows = append(workflows, workflow)
if workflow.Entry.Name() == curWorkflow {
if canRun && workflow.Entry.Name() == curWorkflow {
config := wf.WorkflowDispatchConfig()
if config != nil {
keys := util.KeysOfMap(config.Inputs)

View File

@ -6,6 +6,8 @@ test.beforeAll(async ({browser}, workerInfo) => {
await login_user(browser, workerInfo, 'user2');
});
const workflow_trigger_notification_text = 'This workflow has a workflow_dispatch event trigger.';
test('Test workflow dispatch present', async ({browser}, workerInfo) => {
const context = await load_logged_in_context(browser, workerInfo, 'user2');
/** @type {import('@playwright/test').Page} */
@ -13,7 +15,7 @@ test('Test workflow dispatch present', async ({browser}, workerInfo) => {
await page.goto('/user2/test_workflows/actions?workflow=test-dispatch.yml&actor=0&status=0');
await expect(page.getByText('This workflow has a workflow_dispatch event trigger.')).toBeVisible();
await expect(page.getByText(workflow_trigger_notification_text)).toBeVisible();
const run_workflow_btn = page.locator('#workflow_dispatch_dropdown>button');
await expect(run_workflow_btn).toBeVisible();
@ -72,3 +74,10 @@ test('Test workflow dispatch success', async ({browser}, workerInfo) => {
await expect(page.locator('.run-list>:first-child .run-list-meta', {hasText: 'now'})).toBeVisible();
});
test('Test workflow dispatch box not available for unauthenticated users', async ({page}) => {
await page.goto('/user2/test_workflows/actions?workflow=test-dispatch.yml&actor=0&status=0');
await page.waitForLoadState('networkidle');
await expect(page.locator('body')).not.toContainText(workflow_trigger_notification_text);
});