From 57c6c9ca9c5e546abc5e75675b6f7b52bb5d7190 Mon Sep 17 00:00:00 2001 From: Mai-Lapyst Date: Sat, 6 Jul 2024 05:30:58 +0000 Subject: [PATCH] Fixes an visual bug where the info box to dispatch a workflow is shown even for users that lack permissions to actualy run the workflow. (#4305) Example: Visit https://v8.next.forgejo.org/Mai-Lapyst/test/actions?workflow=dispatch.yaml&actor=0&status=0 without being logged in. ![image](/attachments/98e74104-4d60-4f7f-b17c-7e76467cd397) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4305 Reviewed-by: Earl Warren Reviewed-by: Gusted Co-authored-by: Mai-Lapyst Co-committed-by: Mai-Lapyst (cherry picked from commit 98c8d45f0b60202ab35e5b0a3837f2ad6d7037f9) --- routers/web/repo/actions/actions.go | 4 +++- tests/e2e/actions.test.e2e.js | 11 ++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go index 90d3226f2d..ff3b16159b 100644 --- a/routers/web/repo/actions/actions.go +++ b/routers/web/repo/actions/actions.go @@ -95,6 +95,8 @@ func List(ctx *context.Context) { allRunnerLabels.AddMultiple(r.AgentLabels...) } + canRun := ctx.Repo.CanWrite(unit.TypeActions) + workflows = make([]Workflow, 0, len(entries)) for _, entry := range entries { workflow := Workflow{Entry: *entry} @@ -146,7 +148,7 @@ func List(ctx *context.Context) { } workflows = append(workflows, workflow) - if workflow.Entry.Name() == curWorkflow { + if canRun && workflow.Entry.Name() == curWorkflow { config := wf.WorkflowDispatchConfig() if config != nil { keys := util.KeysOfMap(config.Inputs) diff --git a/tests/e2e/actions.test.e2e.js b/tests/e2e/actions.test.e2e.js index d7ca75bfc6..dcbd123e0b 100644 --- a/tests/e2e/actions.test.e2e.js +++ b/tests/e2e/actions.test.e2e.js @@ -6,6 +6,8 @@ test.beforeAll(async ({browser}, workerInfo) => { await login_user(browser, workerInfo, 'user2'); }); +const workflow_trigger_notification_text = 'This workflow has a workflow_dispatch event trigger.'; + test('Test workflow dispatch present', async ({browser}, workerInfo) => { const context = await load_logged_in_context(browser, workerInfo, 'user2'); /** @type {import('@playwright/test').Page} */ @@ -13,7 +15,7 @@ test('Test workflow dispatch present', async ({browser}, workerInfo) => { await page.goto('/user2/test_workflows/actions?workflow=test-dispatch.yml&actor=0&status=0'); - await expect(page.getByText('This workflow has a workflow_dispatch event trigger.')).toBeVisible(); + await expect(page.getByText(workflow_trigger_notification_text)).toBeVisible(); const run_workflow_btn = page.locator('#workflow_dispatch_dropdown>button'); await expect(run_workflow_btn).toBeVisible(); @@ -72,3 +74,10 @@ test('Test workflow dispatch success', async ({browser}, workerInfo) => { await expect(page.locator('.run-list>:first-child .run-list-meta', {hasText: 'now'})).toBeVisible(); }); + +test('Test workflow dispatch box not available for unauthenticated users', async ({page}) => { + await page.goto('/user2/test_workflows/actions?workflow=test-dispatch.yml&actor=0&status=0'); + await page.waitForLoadState('networkidle'); + + await expect(page.locator('body')).not.toContainText(workflow_trigger_notification_text); +});