fix: Redirect non admin users to "/" if they try to access "/users" (#…

…489)
awslabs · Jun 14, 2021 · 5516317 · 5516317
1 parent 3627100
commit 5516317
Show file tree

Hide file tree

Showing 8 changed files with 42 additions and 12 deletions.
diff --git a/.github/workflows/deploy-integ.yml b/.github/workflows/deploy-integ.yml
@@ -102,6 +102,8 @@ jobs:
           CYPRESS_BASE_URL: ${{ secrets.CYPRESS_BASE_URL}}
           CYPRESS_researcherEmail: ${{ secrets.CYPRESS_RESEARCHER_EMAIL}}
           CYPRESS_researcherPassword: ${{ secrets.CYPRESS_RESEARCHER_PASSWORD}}
+          CYPRESS_adminEmail: ${{ secrets.CYPRESS_ADMIN_EMAIL}}
+          CYPRESS_adminPassword: ${{ secrets.CYPRESS_ADMIN_PASSWORD}}
   merge-develop-to-mainline:
     name: Merge develop to mainline
     runs-on: ubuntu-18.04

diff --git a/addons/addon-base-raas-ui/packages/base-raas-ui/src/parts/users/User.js b/addons/addon-base-raas-ui/packages/base-raas-ui/src/parts/users/User.js
@@ -15,7 +15,7 @@
 
 import React from 'react';
 import { Tab, Segment, Container } from 'semantic-ui-react';
-import { observer } from 'mobx-react';
+import { inject, observer } from 'mobx-react';
 import { withRouter } from 'react-router-dom';
 import RolesList from './RolesList';
 import UsersList from './UsersList';
@@ -28,14 +28,17 @@ const panes = [
 // eslint-disable-next-line react/prefer-stateless-function
 class User extends React.Component {
   render() {
+    if (!this.props.userStore.cloneUser.isAdmin) {
+      this.props.history.push('/');
+    }
     return (
       <Container className="mt3 animated fadeIn">
         <Segment basic className="p0">
-          <Tab panes={panes} />
+          <Tab panes={panes} data-testid="users-table" />
         </Segment>
       </Container>
     );
   }
 }
 
-export default withRouter(observer(User));
+export default inject('userStore')(withRouter(observer(User)));
diff --git a/main/end-to-end-tests/README.md b/main/end-to-end-tests/README.md
@@ -11,6 +11,7 @@ In this section we will discuss how you can run these tests from your desktop.
 To run the E2E tests, you will need the following items:
 
 - A Service Workbench environment setup with Service Catalog
+- Username and password of an admin for the Service Workbench environment
 - Username and password of a researcher for the Service Workbench environment
 - A project set up for that researcher that can launch EC2 workspaces and Sagemaker workspaces
 - A configured EC2 workspace

diff --git a/main/end-to-end-tests/cypress.json b/main/end-to-end-tests/cypress.json
@@ -6,6 +6,8 @@
   "env": {
     "researcherEmail": "<EMAIL ACCOUNT OF PREMADE RESEARCHER>",
     "researcherPassword": "<RESEARCHER ACCOUNT PASSWORD>",
+    "adminEmail": "<EMAIL ACCOUNT OF PREMADE ADMIN>",
+    "adminPassword": "<ADMIN ACCOUNT PASSWORD>",
     "isCognitoEnabled": false,
     "workspaces": {
       "sagemaker": {

diff --git a/main/end-to-end-tests/cypress/integration/login.spec.js b/main/end-to-end-tests/cypress/integration/login.spec.js
@@ -14,6 +14,6 @@
  */
 describe('Login', () => {
   it('should login as researcher successfully', () => {
-    cy.login();
+    cy.login('researcher');
   });
 });
diff --git a/main/end-to-end-tests/cypress/integration/page-routing.spec.js b/main/end-to-end-tests/cypress/integration/page-routing.spec.js
@@ -0,0 +1,14 @@
+describe('page routing', () => {
+  describe('should navigate to /users page correctly', () => {
+    it('should redirect researchers trying to access /users page', () => {
+      cy.login('researcher');
+      cy.visit('/users');
+      cy.get("div[data-testid='page-title'] div").contains('Dashboard');
+    });
+    it('should allow admin to access /users page', () => {
+      cy.login('admin');
+      cy.visit('/users');
+      cy.get("div[data-testid='users-table']");
+    });
+  });
+});
diff --git a/main/end-to-end-tests/cypress/integration/workspaces.spec.js b/main/end-to-end-tests/cypress/integration/workspaces.spec.js
@@ -15,7 +15,7 @@
 
 describe('Launch a new sagemaker workspace', () => {
   before(() => {
-    cy.login();
+    cy.login('researcher');
     navigateToWorkspaces();
     terminatePrexistingWorkspaces();
   });

diff --git a/main/end-to-end-tests/cypress/support/commands.js b/main/end-to-end-tests/cypress/support/commands.js
@@ -44,20 +44,28 @@
 
 // TODO: If an environment is configured with an Identity Provider, the login steps needs to select an
 // identity provider
-Cypress.Commands.add('login', () => {
-  const loginInfo = {
-    researcherEmail: Cypress.env('researcherEmail'),
-    researcherPassword: Cypress.env('researcherPassword'),
-  };
+Cypress.Commands.add('login', role => {
+  let loginInfo = {};
+  if (role === 'researcher') {
+    loginInfo = {
+      email: Cypress.env('researcherEmail'),
+      password: Cypress.env('researcherPassword'),
+    };
+  } else if (role === 'admin') {
+    loginInfo = {
+      email: Cypress.env('adminEmail'),
+      password: Cypress.env('adminPassword'),
+    };
+  }
   const isCognitoEnabled = Cypress.env('isCognitoEnabled');
 
   if (isCognitoEnabled) {
     cy.visit('/?internal');
   } else {
     cy.visit('/');
   }
-  cy.get("div[data-testid='username'] input").type(loginInfo.researcherEmail);
-  cy.get("div[data-testid='password'] input").type(loginInfo.researcherPassword);
+  cy.get("div[data-testid='username'] input").type(loginInfo.email);
+  cy.get("div[data-testid='password'] input").type(loginInfo.password);
   cy.get("button[data-testid='login']").click();
   cy.get("div[data-testid='page-title'] div").contains('Dashboard');
 });