livebook-dev/livebook
1
1
Fork 0
mirror of https://github.com/livebook-dev/livebook.git synced 2025-09-10 15:04:25 +08:00
Code Issues Projects Releases Packages Wiki Activity

Apply review comments

Browse source
This commit is contained in:
Alexandre de Souza 2025-05-12 10:38:29 -03:00
parent c6ecf1a3de
commit 4f4d8f6bd7
No known key found for this signature in database
GPG key ID: E39228FFBA346545
5 changed files with 140 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/livebook/apps.ex
View file

@ -80,7 +80,6 @@ defmodule Livebook.Apps do
@spec authorized?(App.t(), Livebook.Users.User.t()) :: boolean()
def authorized?(app, user)
def authorized?(%{app_spec: %Apps.TeamsAppSpec{}}, %{groups: [], access_type: :apps}), do: false
def authorized?(_app, %{access_type: :full}), do: true
def authorized?(%{slug: slug, app_spec: %Apps.TeamsAppSpec{hub_id: id}}, user) do

3
lib/livebook/hubs/team_client.ex
View file

@ -691,7 +691,8 @@ defmodule Livebook.Hubs.TeamClient do
with {:ok, current_deployment_group} <- fetch_deployment_group(deployment_group.id, state) do
if state.deployment_group_id == deployment_group.id and
(current_deployment_group.authorization_groups != deployment_group.authorization_groups or
current_deployment_group.groups_auth != deployment_group.groups_auth) do
current_deployment_group.groups_auth != deployment_group.groups_auth or
current_deployment_group.teams_auth != deployment_group.teams_auth) do
Teams.Broadcasts.server_authorization_updated(deployment_group)
end
end

42
test/livebook_teams/web/admin_live_test.exs
View file

@ -164,5 +164,47 @@ defmodule LivebookWeb.Integration.AdminLiveTest do
{:ok, view, _html} = live(conn, ~p"/apps")
assert render(view) =~ "No apps running."
end
test "shows admin page if authentication is disabled",
%{conn: conn, node: node, code: code} = context do
{:ok, deployment_group} =
erpc_call(node, :toggle_groups_authorization, [context.deployment_group])
oidc_provider = erpc_call(node, :create_oidc_provider, [context.org])
authorization_group =
erpc_call(node, :create_authorization_group, [
%{
group_name: "marketing",
access_type: :apps,
prefixes: ["ops-"],
oidc_provider: oidc_provider,
deployment_group: deployment_group
}
])
erpc_call(node, :update_user_info_groups, [
code,
[
%{
"provider_id" => to_string(oidc_provider.id),
"group_name" => authorization_group.group_name
}
]
])
assert conn
|> get(~p"/settings")
|> html_response(401) =~ "Not authorized"
{:ok, %{teams_auth: false} = deployment_group} =
erpc_call(node, :toggle_teams_authentication, [deployment_group])
id = to_string(deployment_group.id)
assert_receive {:server_authorization_updated, %{id: ^id, teams_auth: false}}
{:ok, view, _html} = live(conn, ~p"/settings")
assert render(view) =~ "System settings"
end
end
end

48
test/livebook_teams/web/app_session_live_test.exs
View file

@ -151,6 +151,54 @@ defmodule LivebookWeb.Integration.AppSessionLiveTest do
{:ok, view, _html} = live(conn, path)
assert render(view) =~ "Not authorized"
end
@tag :tmp_dir
test "shows app if disable the authentication in real-time",
%{conn: conn, node: node, code: code, tmp_dir: tmp_dir} = context do
{:ok, deployment_group} =
erpc_call(node, :toggle_groups_authorization, [context.deployment_group])
oidc_provider = erpc_call(node, :create_oidc_provider, [context.org])
authorization_group =
erpc_call(node, :create_authorization_group, [
%{
group_name: "marketing",
access_type: :apps,
prefixes: ["mkt-"],
oidc_provider: oidc_provider,
deployment_group: deployment_group
}
])
erpc_call(node, :update_user_info_groups, [
code,
[
%{
"provider_id" => to_string(oidc_provider.id),
"group_name" => authorization_group.group_name
}
]
])
slug = "analytics-app"
pid = deploy_app(slug, context.team, context.org, context.deployment_group, tmp_dir, node)
session_id = Livebook.App.get_session_id(pid, user: Livebook.Users.User.new())
path = ~p"/apps/#{slug}/sessions/#{session_id}"
{:ok, view, _html} = live(conn, path)
assert render(view) =~ "Not authorized"
{:ok, %{teams_auth: false} = deployment_group} =
erpc_call(node, :toggle_teams_authentication, [deployment_group])
id = to_string(deployment_group.id)
assert_receive {:server_authorization_updated, %{id: ^id, teams_auth: false}}
assert_redirect view, path
{:ok, view, _html} = live(conn, path)
assert render(view) =~ "LivebookApp:#{slug}"
end
end
defp deploy_app(slug, team, org, deployment_group, tmp_dir, node) do

48
test/livebook_teams/web/apps_live_test.exs
View file

@ -160,6 +160,54 @@ defmodule LivebookWeb.Integration.AppsLiveTest do
|> get(~p"/apps")
|> html_response(200) =~ slug
end
@tag :tmp_dir
test "shows all apps if disable the authentication in real-time",
%{conn: conn, node: node, code: code, tmp_dir: tmp_dir} = context do
{:ok, deployment_group} =
erpc_call(node, :toggle_groups_authorization, [context.deployment_group])
oidc_provider = erpc_call(node, :create_oidc_provider, [context.org])
authorization_group =
erpc_call(node, :create_authorization_group, [
%{
group_name: "marketing",
access_type: :apps,
prefixes: ["mkt-"],
oidc_provider: oidc_provider,
deployment_group: deployment_group
}
])
erpc_call(node, :update_user_info_groups, [
code,
[
%{
"provider_id" => to_string(oidc_provider.id),
"group_name" => authorization_group.group_name
}
]
])
slug = "marketing-app"
deploy_app(slug, context.team, context.org, context.deployment_group, tmp_dir, node)
assert conn
|> get(~p"/apps")
|> html_response(200) =~ "No apps running."
{:ok, %{teams_auth: false} = deployment_group} =
erpc_call(node, :toggle_teams_authentication, [deployment_group])
id = to_string(deployment_group.id)
assert_receive {:server_authorization_updated, %{id: ^id, teams_auth: false}}
assert conn
|> get(~p"/apps")
|> html_response(200) =~ slug
end
end
defp deploy_app(slug, team, org, deployment_group, tmp_dir, node) do