Skip to content

Commit

Permalink
Merge pull request #4256 from kobotoolbox/fix-settings-perms
Browse files Browse the repository at this point in the history 
Restore access to `Settings > General` to users with `change_asset` permission
  • Loading branch information
@noliveleger
noliveleger authored Feb 8, 2023
2 parents f2f74ec + d94418d commit f280f51
Show file tree
Hide file tree
Showing 2 changed files with 61 additions and 45 deletions.
76 changes: 40 additions & 36 deletions jsapp/js/router/allRoutes.es6
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.LIBRARY_ITEM}
element={
<PermProtectedRoute
requiredPermission={PERMISSIONS_CODENAMES.view_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.view_asset]}
protectedComponent={AssetRoute}
/>
}
Expand All @@ -172,7 +172,7 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.EDIT_LIBRARY_ITEM}
element={
<PermProtectedRoute
requiredPermission={PERMISSIONS_CODENAMES.change_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.change_asset]}
protectedComponent={LibraryAssetEditor}
/>
}
Expand All @@ -181,7 +181,7 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.NEW_LIBRARY_CHILD}
element={
<PermProtectedRoute
requiredPermission={PERMISSIONS_CODENAMES.change_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.change_asset]}
protectedComponent={LibraryAssetEditor}
/>
}
Expand All @@ -190,7 +190,7 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.LIBRARY_ITEM_JSON}
element={
<PermProtectedRoute
requiredPermission={PERMISSIONS_CODENAMES.view_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.view_asset]}
protectedComponent={FormJson}
/>
}
Expand All @@ -199,7 +199,7 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.LIBRARY_ITEM_XFORM}
element={
<PermProtectedRoute
requiredPermission={PERMISSIONS_CODENAMES.view_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.view_asset]}
protectedComponent={FormXform}
/>
}
Expand All @@ -224,9 +224,9 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.FORM_SUMMARY}
element={
<PermProtectedRoute
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_asset
}
]}
protectedComponent={FormSummary}
/>
}
Expand All @@ -236,9 +236,9 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.FORM_LANDING}
element={
<PermProtectedRoute
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_asset
}
]}
protectedComponent={FormLanding}
/>
}
Expand All @@ -253,9 +253,9 @@ const AllRoutes = class AllRoutes extends React.Component {
path={ROUTES.FORM_REPORT}
element={
<PermProtectedRoute
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
protectedComponent={Reports}
/>
}
Expand All @@ -265,9 +265,9 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
Expand All @@ -276,9 +276,9 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
Expand All @@ -287,9 +287,9 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
Expand All @@ -298,9 +298,9 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
Expand All @@ -309,9 +309,9 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
Expand All @@ -320,17 +320,17 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
<Route
path={ROUTES.FORM_PROCESSING}
element={
<PermProtectedRoute
requiredPermission={PERMISSIONS_CODENAMES.view_submissions}
requiredPermissions={[PERMISSIONS_CODENAMES.view_submissions]}
protectedComponent={SingleProcessingRoute}
/>
}
Expand All @@ -343,7 +343,10 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.change_metadata_asset}
requiredPermissions={[
PERMISSIONS_CODENAMES.change_metadata_asset,
PERMISSIONS_CODENAMES.change_asset
]}
/>
}
/>
Expand All @@ -352,7 +355,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.manage_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.change_asset]}
/>
}
/>
Expand All @@ -361,7 +364,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.manage_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.manage_asset]}
/>
}
/>
Expand All @@ -370,7 +373,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.manage_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.manage_asset]}
/>
}
/>
Expand All @@ -379,7 +382,8 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.manage_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.change_asset, PERMISSIONS_CODENAMES.view_submissions]}
requireAll
/>
}
/>
Expand All @@ -388,7 +392,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.manage_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.manage_asset]}
/>
}
/>
Expand All @@ -397,7 +401,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={PERMISSIONS_CODENAMES.manage_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.manage_asset]}
/>
}
/>
Expand All @@ -408,7 +412,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormJson}
requiredPermission={PERMISSIONS_CODENAMES.view_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.view_asset]}
/>
}
/>
Expand All @@ -417,7 +421,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormXform}
requiredPermission={PERMISSIONS_CODENAMES.view_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.view_asset]}
/>
}
/>
Expand All @@ -426,7 +430,7 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormPage}
requiredPermission={PERMISSIONS_CODENAMES.view_asset}
requiredPermissions={[PERMISSIONS_CODENAMES.view_asset]}
/>
}
/>
Expand All @@ -442,9 +446,9 @@ const AllRoutes = class AllRoutes extends React.Component {
element={
<PermProtectedRoute
protectedComponent={FormSubScreens}
requiredPermission={
requiredPermissions={[
PERMISSIONS_CODENAMES.view_submissions
}
]}
/>
}
/>
Expand Down
30 changes: 21 additions & 9 deletions jsapp/js/router/permProtectedRoute.es6
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ import {withRouter} from './legacy';
* @prop {string} path - one of PATHS
* @prop {object} route
* @prop {object} route.protectedComponent - the target route commponent that should be displayed for authenticateed user
* @prop {object} route.requiredPermission - the permission needed to be able to see the route
* @prop {array} route.requiredPermissions - the list of permissions needed to be able to see the route
* @prop {boolean} route.requireAll - toggle whether all permissions of `requiredPermissions` are required or only one of them
*/
class PermProtectedRoute extends React.Component {
constructor(props) {
Expand All @@ -27,7 +28,7 @@ class PermProtectedRoute extends React.Component {
return {
// Whether loadAsset call was made and ended, regardless of success or failure
isLoadAssetFinished: false,
userHasRequiredPermission: null,
userHasRequiredPermissions: null,
errorMessage: null,
asset: null,
};
Expand All @@ -52,13 +53,15 @@ class PermProtectedRoute extends React.Component {
this.setState(this.getInitialState());
actions.resources.loadAsset({id: nextProps.params.uid});
} else if (
this.props.requiredPermission !== nextProps.requiredPermission ||
this.props.requiredPermissions !== nextProps.requiredPermissions ||
this.props.requireAll !== nextProps.requireAll ||
this.props.protectedComponent !== nextProps.protectedComponent
) {
this.setState({
userHasRequiredPermission: this.getUserHasRequiredPermission(
userHasRequiredPermissions: this.getUserHasRequiredPermissions(
this.state.asset,
nextProps.requiredPermission
nextProps.requiredPermissions,
nextProps.requireAll
),
});
}
Expand All @@ -72,9 +75,10 @@ class PermProtectedRoute extends React.Component {
this.setState({
asset: asset,
isLoadAssetFinished: true,
userHasRequiredPermission: this.getUserHasRequiredPermission(
userHasRequiredPermissions: this.getUserHasRequiredPermissions(
asset,
this.props.requiredPermission
this.props.requiredPermissions,
this.props.requireAll
),
});
}
Expand All @@ -83,7 +87,7 @@ class PermProtectedRoute extends React.Component {
if (response.status >= 400) {
this.setState({
isLoadAssetFinished: true,
userHasRequiredPermission: false,
userHasRequiredPermissions: false,
errorMessage: `${response.status.toString()}: ${
response.responseJSON?.detail || response.statusText
}`,
Expand All @@ -99,10 +103,18 @@ class PermProtectedRoute extends React.Component {
);
}

getUserHasRequiredPermissions(asset, requiredPermissions, all = false) {
if (all) {
return requiredPermissions.every((perm) => this.getUserHasRequiredPermission(asset, perm));
} else {
return requiredPermissions.some((perm) => this.getUserHasRequiredPermission(asset, perm));
}
}

render() {
if (!this.state.isLoadAssetFinished) {
return <LoadingSpinner />;
} else if (this.state.userHasRequiredPermission) {
} else if (this.state.userHasRequiredPermissions) {
return (
<Suspense fallback={<LoadingSpinner />}>
<this.props.protectedComponent
Expand Down

0 comments on commit f280f51

Please sign in to comment.