ROX-30334: Adds context for OCP plugin user permissions#16185
Merged
Conversation
Contributor
Author
|
This change is part of the following stack: Change managed by git-spice. |
|
Skipping CI for Draft Pull Request. |
Contributor
|
Images are ready for the commit at 0c689a0. To use with deploy scripts, first |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #16185 +/- ##
=======================================
Coverage 48.91% 48.91%
=======================================
Files 2613 2613
Lines 193188 193188
=======================================
+ Hits 94499 94501 +2
+ Misses 91266 91263 -3
- Partials 7423 7424 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
e2497b3 to
286e5b2
Compare
ed5e29b to
c6165ed
Compare
This was referenced Jul 28, 2025
dvail
commented
Jul 28, 2025
ui/apps/platform/src/ConsolePlugin/SecurityVulnerabilitiesPage/Index.tsx
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Hey @dvail - I've reviewed your changes - here's some feedback:
- Index.tsx no longer wraps its content in PluginProvider, so usePermissions will break if the OCP extension-point doesn’t inject your provider—make sure the provider is applied to every plugin entry point.
- The usePluginContext hook currently just returns an empty object—either populate it with shared context data or remove it until you actually need it to avoid dead code.
- You can simplify the repetitive hasReadAccess calls by iterating over a resource list and building your access map dynamically, which will make it easier to add new resources later.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Index.tsx no longer wraps its content in PluginProvider, so usePermissions will break if the OCP extension-point doesn’t inject your provider—make sure the provider is applied to every plugin entry point.
- The usePluginContext hook currently just returns an empty object—either populate it with shared context data or remove it until you actually need it to avoid dead code.
- You can simplify the repetitive hasReadAccess calls by iterating over a resource list and building your access map dynamically, which will make it easier to add new resources later.
## Individual Comments
### Comment 1
<location> `ui/apps/platform/src/ConsolePlugin/SecurityVulnerabilitiesPage/Index.tsx:12` </location>
<code_context>
export function Index() {
+ const { hasReadAccess } = usePermissions();
+ const hasReadAccessForAlert = hasReadAccess('Alert');
+ const hasReadAccessForCluster = hasReadAccess('Cluster');
+ const hasReadAccessForDeployment = hasReadAccess('Deployment');
</code_context>
<issue_to_address>
Consider generating the resource access object dynamically in a loop to avoid repetitive variable declarations.
You can collapse all six calls into a single loop/object‐build and drop the individual `hasReadAccessForXxx` variables. For example, using `Object.fromEntries`:
```tsx
import React from 'react';
import usePermissions from 'hooks/usePermissions';
import SummaryCounts from 'Containers/Dashboard/SummaryCounts';
import ViolationsByPolicyCategory from 'Containers/Dashboard/Widgets/ViolationsByPolicyCategory';
import { PageSection, Title } from '@patternfly/react-core';
import { CheckCircleIcon } from '@patternfly/react-icons';
export function Index() {
const { hasReadAccess } = usePermissions();
const resources = ['Cluster', 'Node', 'Alert', 'Deployment', 'Image', 'Secret'] as const;
const hasReadAccessForResource = Object.fromEntries(
resources.map((r) => [r, hasReadAccess(r)])
) as Record<typeof resources[number], boolean>;
return (
<>
<PageSection>
<Title headingLevel="h1">{"Hello, Plugin!"}</Title>
<SummaryCounts hasReadAccessForResource={hasReadAccessForResource} />
<ViolationsByPolicyCategory />
</PageSection>
<PageSection>
<p>
<span className="console-plugin-template__nice">
<CheckCircleIcon /> Success!
</span>{" "}
Your plugin is working.
</p>
</PageSection>
</>
);
}
```
— you get the same mapping, zero repetition, and still pass an object of `{ Cluster, Node, … }` booleans into `SummaryCounts`.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
ui/apps/platform/src/ConsolePlugin/SecurityVulnerabilitiesPage/Index.tsx
Show resolved
Hide resolved
286e5b2 to
4c6195f
Compare
c6165ed to
9cefc7c
Compare
Base automatically changed from
dv/ROX-30334-use-context-for-user-permissions
to
master
July 31, 2025 16:35
9cefc7c to
45c6254
Compare
Contributor
There was a problem hiding this comment.
Hey @dvail - I've reviewed your changes - here's some feedback:
- DRY up the multiple hasReadAccessForX calls in Index by iterating over a list of resource types to build your permissions map, which will make adding new resources easier.
- Wrap the constructed hasReadAccessForResource object in useMemo so SummaryCounts only re-renders when actual permission values change, preventing unnecessary updates.
- Since PluginProvider is now a named export, verify that the console.context-provider extension in your webpack config still resolves correctly (or re-export it as default if needed).
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- DRY up the multiple hasReadAccessForX calls in Index by iterating over a list of resource types to build your permissions map, which will make adding new resources easier.
- Wrap the constructed hasReadAccessForResource object in useMemo so SummaryCounts only re-renders when actual permission values change, preventing unnecessary updates.
- Since PluginProvider is now a named export, verify that the console.context-provider extension in your webpack config still resolves correctly (or re-export it as default if needed).
## Individual Comments
### Comment 1
<location> `ui/apps/platform/src/ConsolePlugin/PluginContent.tsx:8` </location>
<code_context>
+function PluginContent({ children }: { children: React.ReactNode }) {
+ const { isLoadingPermissions } = usePermissions();
+
+ if (isLoadingPermissions) {
+ return <LoadingSection />;
+ }
+
</code_context>
<issue_to_address>
Rendering a loading section while permissions are loading may block rendering indefinitely if loading fails.
Add error handling or a timeout to prevent the UI from being blocked if the permissions query fails or hangs.
</issue_to_address>
### Comment 2
<location> `ui/apps/platform/src/ConsolePlugin/SecurityVulnerabilitiesPage/Index.tsx:12` </location>
<code_context>
export function Index() {
+ const { hasReadAccess } = usePermissions();
+ const hasReadAccessForAlert = hasReadAccess('Alert');
+ const hasReadAccessForCluster = hasReadAccess('Cluster');
+ const hasReadAccessForDeployment = hasReadAccess('Deployment');
</code_context>
<issue_to_address>
Consider generating the permissions object dynamically from a resource list instead of declaring individual variables.
You can eliminate all six individual `hasReadAccessForX` variables by building the `hasReadAccessForResource` object in one go. For example:
```tsx
export function Index() {
const { hasReadAccess } = usePermissions();
const resourceNames = [
'Cluster',
'Node',
'Alert',
'Deployment',
'Image',
'Secret',
] as const;
const hasReadAccessForResource = Object.fromEntries(
resourceNames.map((res) => [res, hasReadAccess(res)])
) as Record<typeof resourceNames[number], boolean>;
return (
<>
<PageSection>
<Title headingLevel="h1">Hello, Plugin!</Title>
<SummaryCounts
hasReadAccessForResource={hasReadAccessForResource}
/>
<ViolationsByPolicyCategory />
</PageSection>
{/* … */}
</>
);
}
```
Steps:
1. Define a `resourceNames` array of all resource strings.
2. Use `Object.fromEntries` (or `reduce`) to turn that array into your permissions object.
3. Remove all six `const hasReadAccessForX = …` lines.
This keeps the same functionality but removes boilerplate and nesting.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
ui/apps/platform/src/ConsolePlugin/SecurityVulnerabilitiesPage/Index.tsx
Show resolved
Hide resolved
pedrottimark
reviewed
Aug 1, 2025
pedrottimark
approved these changes
Aug 1, 2025
45c6254 to
72e5b89
Compare
9 tasks
72e5b89 to
0c689a0
Compare
Stringy
pushed a commit
that referenced
this pull request
Aug 15, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a context implementation for the OCP plugin in order to allow usage of the
usePermissions()hook, and components that rely on that hook. The context implementation utilizes a plugin SDK extension point so that context data is shared across multiple plugin entry points. This should prevent duplicate requests of things like permissions during a single session. (TODO - Need to make a note to verify this when additional entry points are added.)User-facing documentation
Testing and quality
Automated testing
How I validated my change
Load the plugin and verify that the
mypermissionsrequest is made and that the permissions are correctly passed to the components. If the request was not wired up correctly, none of the summary counts would render.