Fix app-wide denial of stratos-level permissions (checker contract)#5574
Merged
norman-abramovitz merged 2 commits intoJul 5, 2026
Merged
Conversation
The strict-null pass in cloudfoundry#5446 replaced CfUserPermissionsChecker's implicit "this config is not mine" (returning undefined from getBaseSimpleCheck's missing default case) with an explicit of(false) denial. That made the CF checker claim every stratos-level check (internal, internal-scope, api-key) alongside StratosUserPermissionsChecker, so findChecker() saw two claimants and denied the permission app-wide ("Permissions: Found too many ..."). Every stratos permission was denied for every user: the Register Endpoint button never rendered for admins (cloudfoundry#5570), the /api-keys route guard bounced admins to home (cloudfoundry#5571), and password-change / profile-edit / endpoint-admin gating were silently off. Restore the contract explicitly: getSimpleCheck returns undefined for non-CF permission types, and getComplexCheck returns null (not a truthy empty array) when it handles none of the config groups. The new spec pins the checker contract and the two-checkers-registered integration paths that cloudfoundry#5446's gate missed. Fixes cloudfoundry#5570 Fixes cloudfoundry#5571
The api-keys CRUD tests were unreachable while the route guard bounced admins off /api-keys (cloudfoundry#5571); with the guard fixed they run again and hit three stale legacy selectors in the shared list harness: - ListComponent's default root only matched the legacy app-list; migrated pages render app-signal-list. Match either (a page has exactly one). - Header parsing read sortable th text verbatim, which includes the material-icons sort ligature ("Description sort"), so findRow() never matched a column. Strip icon elements before reading header text. - Row-action menus: signal-list renders data-test="row-actions" / "row-actions-menu" instead of the app-table-cell-actions markup; accept both in openRowActionMenuByRow and the api-keys delete step. api-keys.spec.ts now passes 10/10 including the delete flow, which had always self-skipped ("key row not found").
norman-abramovitz
approved these changes
Jul 5, 2026
norman-abramovitz
left a comment
Contributor
There was a problem hiding this comment.
LGTM full e2e was run before ths R was submitted
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
The strict-null pass in #5446 changed
CfUserPermissionsCheckerto answer "deny" instead of "not mine" for permission types it doesn't own.CurrentUserPermissionsService.findCheckerthen saw two claimants for every stratos-level check and denied it app-wide (Permissions: Found too many ... Permission Deniedin the console). This hid the Register Endpoint button from admins (#5570), bounced admins off/api-keys(#5571), and silently disabled password-change / profile-edit / endpoint-admin gating.The first commit restores the checker contract (undefined/null for unowned configs, matching v4.9.3 semantics) and pins it with unit tests, including the two-checkers-registered integration case the #5446 gate missed. The second commit updates the shared e2e list harness for signal-list markup, which the newly reachable api-keys CRUD tests exposed.
How Has This Been Tested?
e2e/tests/core/endpoints-register-modal.spec.ts4/4,api-keys.spec.ts10/10 (the delete flow passes for the first time — it previously always self-skipped)make check gategreen; core e2e suite 78 passed, with only the pre-existing documented failures (Profile theme toggle was never migrated from 4.x #5572 theme toggle, Intermittent e2e failures: pagination 'All' and non-admin endpoint visibility #5573 non-admin endpoint visibility — the latter now fails one assertion later, at the cards-view check)Types of changes
Fixes #5570
Fixes #5571
Refs #5446