Skip to content

fix: correct git provider access check for existing deploys#4570

Merged
Siumauricio merged 2 commits into
canaryfrom
fix/git-provider-deploy-edit-access
Jun 7, 2026
Merged

fix: correct git provider access check for existing deploys#4570
Siumauricio merged 2 commits into
canaryfrom
fix/git-provider-deploy-edit-access

Conversation

@Siumauricio
Copy link
Copy Markdown
Contributor

@Siumauricio Siumauricio commented Jun 7, 2026

Summary

  • Introduces canEditDeployGitSource in git-provider.ts to correctly determine whether a user can edit the git source configuration of an existing deploy
  • Replaces the old userId ownership-only check in application.ts and compose.ts routers with the new function
  • Owner: always has edit access
  • Admin/Member: only if they own the provider (userId) or it is shared with the org (sharedWithOrganization) — being assigned via accessedGitProviders (enterprise) only grants permission to connect new deploys, not to modify existing ones
  • Fixes issue Admin users blocked from changing git branch on compose deployments #4469 where admins were blocked from editing deploys using providers they had access to
  • Fixes the inverse bug where enterprise members assigned to a private provider could edit the git source of deploys owned by others

Adds 26 unit tests covering all role/sharing/license combinations for both getAccessibleGitProviderIds and the new canEditDeployGitSource.

@Siumauricio
fix: use canEditDeployGitSource for git provider access on existing d…
0810c76 
…eploys

Replaces the simple userId ownership check with a new canEditDeployGitSource
function that correctly handles all role/sharing scenarios. Owner always has
access; admin and member only if they own the provider or it is shared with
the org — being assigned via accessedGitProviders (enterprise) only grants
permission to connect new deploys, not to edit the git source of existing ones.

Adds 26 unit tests covering owner, admin, member (with/without enterprise
license), shared providers, and the key regression case from issue #4469.
@dosubot dosubot Bot added size:M This PR changes 30-99 lines, ignoring generated files. bug Something isn't working labels Jun 7, 2026
@Siumauricio Siumauricio mentioned this pull request Jun 7, 2026
Closed
3 tasks
@Siumauricio Siumauricio merged commit e9a0932 into canary Jun 7, 2026
4 checks passed
@Siumauricio Siumauricio deleted the fix/git-provider-deploy-edit-access branch June 7, 2026 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working size:M This PR changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Siumauricio