Refactor HostTableConfig to gate selection by capability, not role#45990
Refactor HostTableConfig to gate selection by capability, not role#45990nulmete wants to merge 1 commit into
Conversation
Rename the `isOnlyObserver` parameter on `generateAvailableTableHeaders` and `generateVisibleTableColumns` to `canSelectHosts` (inverted meaning). The parameter only ever gated the leading checkbox column, so naming it after a role forced callers to negate role checks to express a capability. The new name reflects what the flag actually controls. Also flattens the nested reduce into a single filter and removes a dead `team_name` mention from the old observer branch (free tier already skips it via the next branch). Adds HostTableConfig.tests.tsx locking behavior across tier × capability permutations.
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
WalkthroughThis PR refactors the host table column generation utility to replace the Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx`:
- Around line 1445-1448: Unify the derivation of canSelectHosts by computing it
once with the stricter capability logic currently used around the selection
column (replace the ad-hoc uses of !isOnlyObserver). Create a single local
constant (e.g., canSelectHosts) derived using the stricter check that mirrors
the logic at lines ~1828-1831, then pass that constant into every
generateAvailableTableHeaders call (and any other callsites that currently use
!isOnlyObserver) so the Edit Columns UI and table column generation use the
exact same permission check.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: aa6fd804-ca10-4c84-ac0a-74c9bb6a15ee
📒 Files selected for processing (3)
frontend/pages/hosts/ManageHostsPage/HostTableConfig.tests.tsxfrontend/pages/hosts/ManageHostsPage/HostTableConfig.tsxfrontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx
| columns={generateAvailableTableHeaders({ | ||
| isFreeTier, | ||
| canSelectHosts: !isOnlyObserver, | ||
| })} |
There was a problem hiding this comment.
Unify canSelectHosts derivation across callsites.
Line 1447 and Line 1579 use !isOnlyObserver, but Line 1828-Line 1831 uses stricter capability logic. This can expose the selection column in Edit Columns for users who cannot actually select hosts in the table.
Suggested fix
@@
const canRunScriptBatch =
isGlobalAdmin || isGlobalMaintainer || isTeamAdmin || isTeamMaintainer;
+ const canSelectHosts =
+ !isOnlyObserver &&
+ !isGlobalTechnician &&
+ (isOnGlobalTeam || isTeamMaintainerOrTeamAdmin);
@@
columns={generateAvailableTableHeaders({
isFreeTier,
- canSelectHosts: !isOnlyObserver,
+ canSelectHosts,
})}
@@
const tableColumns = generateVisibleTableColumns({
hiddenColumns,
isFreeTier,
- canSelectHosts: !isOnlyObserver,
+ canSelectHosts,
teamId: teamIdForApi,
});
@@
const tableColumns = generateVisibleTableColumns({
hiddenColumns,
isFreeTier,
- canSelectHosts:
- !isOnlyObserver &&
- !isGlobalTechnician &&
- (isOnGlobalTeam || isTeamMaintainerOrTeamAdmin),
+ canSelectHosts,
teamId: teamIdForApi,
});Also applies to: 1576-1580, 1825-1833
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx` around lines 1445 -
1448, Unify the derivation of canSelectHosts by computing it once with the
stricter capability logic currently used around the selection column (replace
the ad-hoc uses of !isOnlyObserver). Create a single local constant (e.g.,
canSelectHosts) derived using the stricter check that mirrors the logic at lines
~1828-1831, then pass that constant into every generateAvailableTableHeaders
call (and any other callsites that currently use !isOnlyObserver) so the Edit
Columns UI and table column generation use the exact same permission check.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #45990 +/- ##
========================================
Coverage 66.80% 66.80%
========================================
Files 2752 2752
Lines 219903 219895 -8
Branches 10890 11012 +122
========================================
- Hits 146910 146906 -4
+ Misses 59721 59716 -5
- Partials 13272 13273 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Refactors the hosts table column configuration to gate the leading selection/checkbox column by an explicit capability (canSelectHosts) rather than by a specific role flag, and adds unit tests around the new behavior. This improves reuse/clarity of HostTableConfig by making callers responsible for computing the appropriate “can bulk select” conditions.
Changes:
- Updated
HostTableConfigto acceptcanSelectHostsand filter out theselectioncolumn when selection isn’t allowed. - Updated
ManageHostsPagecall sites to passcanSelectHostsinstead ofisOnlyObserver. - Added unit tests covering free vs premium tier behavior and selection-column visibility.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| frontend/pages/hosts/ManageHostsPage/ManageHostsPage.tsx | Passes canSelectHosts into host table header/column generation. |
| frontend/pages/hosts/ManageHostsPage/HostTableConfig.tsx | Replaces role-based checks with capability-based filtering for the selection column and centralizes free-tier hidden IDs. |
| frontend/pages/hosts/ManageHostsPage/HostTableConfig.tests.tsx | Adds unit tests validating the new canSelectHosts behavior for available/visible columns. |
Comments suppressed due to low confidence (1)
frontend/pages/hosts/ManageHostsPage/HostTableConfig.tsx:743
generateVisibleTableColumnscurrently hides any column whose id is inhiddenColumns, even if the column is markeddisableHidden. SincedisableHiddenis documented/used to prevent certain columns from being hidden (e.g. selection and display_name), it would be safer to ignorehiddenColumnsfordisableHiddencolumns so required columns can’t disappear due to persisted/legacy settings.
return generateAvailableTableHeaders({
isFreeTier,
canSelectHosts,
teamId,
}).filter((column) => {
return !hiddenColumns.includes(column.id as string);
});
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| columns={generateAvailableTableHeaders({ | ||
| isFreeTier, | ||
| canSelectHosts: !isOnlyObserver, | ||
| })} |
| const tableColumns = generateVisibleTableColumns({ | ||
| hiddenColumns, | ||
| isFreeTier, | ||
| isOnlyObserver, | ||
| canSelectHosts: !isOnlyObserver, | ||
| teamId: teamIdForApi, |
| it("can hide the selection column via hiddenColumns even when canSelectHosts is true", () => { | ||
| const ids = getIds( | ||
| generateVisibleTableColumns({ | ||
| hiddenColumns: ["selection"], | ||
| isFreeTier: false, |
Summary by CodeRabbit
Tests
Refactor