From 51474262eb3203224f9791d0df8cd11b8bae4740 Mon Sep 17 00:00:00 2001
From: Chaim Lev-Ari <chiptus@users.noreply.github.com>
Date: Wed, 15 Nov 2023 09:33:29 +0200
Subject: [PATCH] fix(access-control): show only environment users [EE-6315]
 (#10614)

---
 app/docker/views/configs/edit/config.html     |  1 +
 .../views/configs/edit/configController.js    |  1 +
 .../views/containers/edit/container.html      |  1 +
 app/docker/views/secrets/edit/secret.html     |  1 +
 .../views/secrets/edit/secretController.js    | 62 +++++++++----------
 app/docker/views/services/edit/service.html   |  1 +
 app/docker/views/volumes/edit/volume.html     |  1 +
 .../views/volumes/edit/volumeController.js    |  1 +
 app/portainer/users/queries.ts                |  2 +-
 .../CreateContainerInstanceForm.tsx           |  1 +
 .../CreateView/BaseForm/BaseForm.tsx          |  1 +
 .../AccessControlForm.stories.tsx             |  7 ++-
 .../AccessControlForm.test.tsx                |  1 +
 .../AccessControlForm/AccessControlForm.tsx   |  4 ++
 .../AccessControlPanelForm.tsx                |  2 +-
 .../EditDetails/EditDetails.tsx               |  2 +-
 .../EditDetails/useLoadState.ts               |  2 +-
 17 files changed, 53 insertions(+), 38 deletions(-)

diff --git a/app/docker/views/configs/edit/config.html b/app/docker/views/configs/edit/config.html
index 8f41356b1..fe84f0fb5 100644
--- a/app/docker/views/configs/edit/config.html
+++ b/app/docker/views/configs/edit/config.html
@@ -56,6 +56,7 @@
   resource-control="config.ResourceControl"
   resource-type="resourceType"
   on-update-success="(onUpdateResourceControlSuccess)"
+  environment-id="endpoint.Id"
 >
 </access-control-panel>
 <!-- !access-control-panel -->
diff --git a/app/docker/views/configs/edit/configController.js b/app/docker/views/configs/edit/configController.js
index 955aab1d0..9d8fc398a 100644
--- a/app/docker/views/configs/edit/configController.js
+++ b/app/docker/views/configs/edit/configController.js
@@ -9,6 +9,7 @@ angular.module('portainer.docker').controller('ConfigController', [
   'endpoint',
   function ($scope, $transition$, $state, ConfigService, Notifications, endpoint) {
     $scope.resourceType = ResourceControlType.Config;
+    $scope.endpoint = endpoint;
 
     $scope.onUpdateResourceControlSuccess = function () {
       $state.reload();
diff --git a/app/docker/views/containers/edit/container.html b/app/docker/views/containers/edit/container.html
index c342b4146..e765d8548 100644
--- a/app/docker/views/containers/edit/container.html
+++ b/app/docker/views/containers/edit/container.html
@@ -172,6 +172,7 @@
   resource-control="container.ResourceControl"
   resource-type="resourceType"
   on-update-success="(onUpdateResourceControlSuccess)"
+  environment-id="endpoint.Id"
 >
 </access-control-panel>
 <!-- !access-control-panel -->
diff --git a/app/docker/views/secrets/edit/secret.html b/app/docker/views/secrets/edit/secret.html
index ec50f58ac..524f4819f 100644
--- a/app/docker/views/secrets/edit/secret.html
+++ b/app/docker/views/secrets/edit/secret.html
@@ -53,6 +53,7 @@
   resource-control="secret.ResourceControl"
   resource-type="resourceType"
   on-update-success="(onUpdateResourceControlSuccess)"
+  environment-id="endpoint.Id"
 >
 </access-control-panel>
 <!-- !access-control-panel -->
diff --git a/app/docker/views/secrets/edit/secretController.js b/app/docker/views/secrets/edit/secretController.js
index 2f44157a3..cc527f466 100644
--- a/app/docker/views/secrets/edit/secretController.js
+++ b/app/docker/views/secrets/edit/secretController.js
@@ -1,39 +1,35 @@
 import { ResourceControlType } from '@/react/portainer/access-control/types';
 
-angular.module('portainer.docker').controller('SecretController', [
-  '$scope',
-  '$transition$',
-  '$state',
-  'SecretService',
-  'Notifications',
-  function ($scope, $transition$, $state, SecretService, Notifications) {
-    $scope.resourceType = ResourceControlType.Secret;
+angular.module('portainer.docker').controller('SecretController', SecretController);
 
-    $scope.onUpdateResourceControlSuccess = function () {
-      $state.reload();
-    };
+/* @ngInject */
+function SecretController($scope, $transition$, $state, SecretService, Notifications, endpoint) {
+  $scope.resourceType = ResourceControlType.Secret;
+  $scope.endpoint = endpoint;
+  $scope.onUpdateResourceControlSuccess = function () {
+    $state.reload();
+  };
 
-    $scope.removeSecret = function removeSecret(secretId) {
-      SecretService.remove(secretId)
-        .then(function success() {
-          Notifications.success('Success', 'Secret successfully removed');
-          $state.go('docker.secrets', {});
-        })
-        .catch(function error(err) {
-          Notifications.error('Failure', err, 'Unable to remove secret');
-        });
-    };
+  $scope.removeSecret = function removeSecret(secretId) {
+    SecretService.remove(secretId)
+      .then(function success() {
+        Notifications.success('Success', 'Secret successfully removed');
+        $state.go('docker.secrets', {});
+      })
+      .catch(function error(err) {
+        Notifications.error('Failure', err, 'Unable to remove secret');
+      });
+  };
 
-    function initView() {
-      SecretService.secret($transition$.params().id)
-        .then(function success(data) {
-          $scope.secret = data;
-        })
-        .catch(function error(err) {
-          Notifications.error('Failure', err, 'Unable to retrieve secret details');
-        });
-    }
+  function initView() {
+    SecretService.secret($transition$.params().id)
+      .then(function success(data) {
+        $scope.secret = data;
+      })
+      .catch(function error(err) {
+        Notifications.error('Failure', err, 'Unable to retrieve secret details');
+      });
+  }
 
-    initView();
-  },
-]);
+  initView();
+}
diff --git a/app/docker/views/services/edit/service.html b/app/docker/views/services/edit/service.html
index 712c9da19..dbcd81044 100644
--- a/app/docker/views/services/edit/service.html
+++ b/app/docker/views/services/edit/service.html
@@ -209,6 +209,7 @@
   resource-control="service.ResourceControl"
   resource-type="resourceType"
   on-update-success="(onUpdateResourceControlSuccess)"
+  environment-id="endpoint.Id"
 >
 </access-control-panel>
 <!-- !access-control-panel -->
diff --git a/app/docker/views/volumes/edit/volume.html b/app/docker/views/volumes/edit/volume.html
index e11b35001..0809a35e0 100644
--- a/app/docker/views/volumes/edit/volume.html
+++ b/app/docker/views/volumes/edit/volume.html
@@ -53,6 +53,7 @@
   resource-control="volume.ResourceControl"
   resource-type="resourceType"
   on-update-success="(onUpdateResourceControlSuccess)"
+  environment-id="endpoint.Id"
 >
 </access-control-panel>
 <!-- !access-control-panel -->
diff --git a/app/docker/views/volumes/edit/volumeController.js b/app/docker/views/volumes/edit/volumeController.js
index 78d7279c5..fa351b288 100644
--- a/app/docker/views/volumes/edit/volumeController.js
+++ b/app/docker/views/volumes/edit/volumeController.js
@@ -12,6 +12,7 @@ angular.module('portainer.docker').controller('VolumeController', [
   'endpoint',
   function ($scope, $state, $transition$, VolumeService, ContainerService, Notifications, HttpRequestHelper, endpoint) {
     $scope.resourceType = ResourceControlType.Volume;
+    $scope.endpoint = endpoint;
 
     $scope.onUpdateResourceControlSuccess = function () {
       $state.reload();
diff --git a/app/portainer/users/queries.ts b/app/portainer/users/queries.ts
index 3ea76edcb..cb4c51f9f 100644
--- a/app/portainer/users/queries.ts
+++ b/app/portainer/users/queries.ts
@@ -39,7 +39,7 @@ export function useUsers<T = User[]>(
   select: (data: User[]) => T = (data) => data as unknown as T
 ) {
   const users = useQuery(
-    ['users'],
+    ['users', { includeAdministrator, environmentId }],
     () => getUsers(includeAdministrator, environmentId),
     {
       meta: {
diff --git a/app/react/azure/container-instances/CreateView/CreateContainerInstanceForm.tsx b/app/react/azure/container-instances/CreateView/CreateContainerInstanceForm.tsx
index d8278a901..5ba975bf8 100644
--- a/app/react/azure/container-instances/CreateView/CreateContainerInstanceForm.tsx
+++ b/app/react/azure/container-instances/CreateView/CreateContainerInstanceForm.tsx
@@ -187,6 +187,7 @@ export function CreateContainerInstanceForm() {
             onChange={(values) => setFieldValue('accessControl', values)}
             values={values.accessControl}
             errors={errors.accessControl}
+            environmentId={environmentId}
           />
 
           <div className="form-group">
diff --git a/app/react/docker/containers/CreateView/BaseForm/BaseForm.tsx b/app/react/docker/containers/CreateView/BaseForm/BaseForm.tsx
index 2e191d697..a5a460b4c 100644
--- a/app/react/docker/containers/CreateView/BaseForm/BaseForm.tsx
+++ b/app/react/docker/containers/CreateView/BaseForm/BaseForm.tsx
@@ -169,6 +169,7 @@ export function BaseForm({
           }
           errors={errors?.accessControl}
           values={values.accessControl}
+          environmentId={environment.Id}
         />
 
         <div className="form-group">
diff --git a/app/react/portainer/access-control/AccessControlForm/AccessControlForm.stories.tsx b/app/react/portainer/access-control/AccessControlForm/AccessControlForm.stories.tsx
index 8e1d389c8..f756572bd 100644
--- a/app/react/portainer/access-control/AccessControlForm/AccessControlForm.stories.tsx
+++ b/app/react/portainer/access-control/AccessControlForm/AccessControlForm.stories.tsx
@@ -43,7 +43,12 @@ function Template({ userRole }: Args) {
   return (
     <QueryClientProvider client={testQueryClient}>
       <UserContext.Provider value={userProviderState}>
-        <AccessControlForm values={value} onChange={setValue} errors={{}} />
+        <AccessControlForm
+          values={value}
+          onChange={setValue}
+          errors={{}}
+          environmentId={1}
+        />
       </UserContext.Provider>
     </QueryClientProvider>
   );
diff --git a/app/react/portainer/access-control/AccessControlForm/AccessControlForm.test.tsx b/app/react/portainer/access-control/AccessControlForm/AccessControlForm.test.tsx
index 8ace6514f..1bc523767 100644
--- a/app/react/portainer/access-control/AccessControlForm/AccessControlForm.test.tsx
+++ b/app/react/portainer/access-control/AccessControlForm/AccessControlForm.test.tsx
@@ -315,6 +315,7 @@ async function renderComponent(
   const renderResult = renderWithQueryClient(
     <UserContext.Provider value={state}>
       <AccessControlForm
+        environmentId={1}
         errors={{}}
         values={values}
         onChange={onChange}
diff --git a/app/react/portainer/access-control/AccessControlForm/AccessControlForm.tsx b/app/react/portainer/access-control/AccessControlForm/AccessControlForm.tsx
index a70c57806..77a15b7ee 100644
--- a/app/react/portainer/access-control/AccessControlForm/AccessControlForm.tsx
+++ b/app/react/portainer/access-control/AccessControlForm/AccessControlForm.tsx
@@ -7,6 +7,7 @@ import { SwitchField } from '@@/form-components/SwitchField';
 
 import { EditDetails } from '../EditDetails';
 import { ResourceControlOwnership, AccessControlFormData } from '../types';
+import { EnvironmentId } from '../../environments/types';
 
 export interface Props {
   values: AccessControlFormData;
@@ -14,6 +15,7 @@ export interface Props {
   hideTitle?: boolean;
   formNamespace?: string;
   errors?: FormikErrors<AccessControlFormData>;
+  environmentId: EnvironmentId;
 }
 
 export function AccessControlForm({
@@ -22,6 +24,7 @@ export function AccessControlForm({
   hideTitle,
   formNamespace,
   errors,
+  environmentId,
 }: Props) {
   const { isAdmin } = useUser();
 
@@ -50,6 +53,7 @@ export function AccessControlForm({
           values={values}
           errors={errors}
           formNamespace={formNamespace}
+          environmentId={environmentId}
         />
       )}
     </>
diff --git a/app/react/portainer/access-control/AccessControlPanel/AccessControlPanelForm.tsx b/app/react/portainer/access-control/AccessControlPanel/AccessControlPanelForm.tsx
index 10c7c3d52..48ac26211 100644
--- a/app/react/portainer/access-control/AccessControlPanel/AccessControlPanelForm.tsx
+++ b/app/react/portainer/access-control/AccessControlPanel/AccessControlPanelForm.tsx
@@ -30,7 +30,7 @@ interface Props {
   resourceType: ResourceControlType;
   resourceId: ResourceId;
   resourceControl?: ResourceControlViewModel;
-  environmentId?: EnvironmentId;
+  environmentId: EnvironmentId;
   onCancelClick(): void;
   onUpdateSuccess(): Promise<void>;
 }
diff --git a/app/react/portainer/access-control/EditDetails/EditDetails.tsx b/app/react/portainer/access-control/EditDetails/EditDetails.tsx
index 3c2e108de..9b2b854d7 100644
--- a/app/react/portainer/access-control/EditDetails/EditDetails.tsx
+++ b/app/react/portainer/access-control/EditDetails/EditDetails.tsx
@@ -19,7 +19,7 @@ interface Props {
   isPublicVisible?: boolean;
   errors?: FormikErrors<AccessControlFormData>;
   formNamespace?: string;
-  environmentId?: EnvironmentId;
+  environmentId: EnvironmentId;
 }
 
 export function EditDetails({
diff --git a/app/react/portainer/access-control/EditDetails/useLoadState.ts b/app/react/portainer/access-control/EditDetails/useLoadState.ts
index f4426a99e..5b44d1c19 100644
--- a/app/react/portainer/access-control/EditDetails/useLoadState.ts
+++ b/app/react/portainer/access-control/EditDetails/useLoadState.ts
@@ -2,7 +2,7 @@ import { useTeams } from '@/react/portainer/users/teams/queries';
 import { useUsers } from '@/portainer/users/queries';
 import { EnvironmentId } from '@/react/portainer/environments/types';
 
-export function useLoadState(environmentId?: EnvironmentId, enabled = true) {
+export function useLoadState(environmentId: EnvironmentId, enabled = true) {
   const teams = useTeams(false, environmentId);
 
   const users = useUsers(false, environmentId, enabled);