diff --git a/app/core/components/ApplicantComments/index.tsx b/app/core/components/ApplicantComments/index.tsx index e60c34e..88e9fb0 100644 --- a/app/core/components/ApplicantComments/index.tsx +++ b/app/core/components/ApplicantComments/index.tsx @@ -40,7 +40,7 @@ export default function AplicantComments({ }: { comments: CommentsArrayType; applicantId: number; - profileId: string; + profileId: string | undefined; }) { return ( @@ -83,7 +83,7 @@ function CommentItem({ }: { comment: CommentItemType; applicantId: number; - profileId: string; + profileId: string | undefined; }) { const [openDeleteModal, setOpenDeleteModal] = useState(false); const [openEditComment, setOpenEditComment] = useState(false); diff --git a/app/models/authorization.server.ts b/app/models/authorization.server.ts index 22d985e..f412dd4 100644 --- a/app/models/authorization.server.ts +++ b/app/models/authorization.server.ts @@ -13,12 +13,15 @@ type Actions = "create" | "view" | "edit" | "delete" | "edit.project"; type Resources = "applicant" | "project"; export function checkPermission( - principal: string | number, + principal: string | number | undefined, role: Roles, action: Actions, resourceType: Resources, resource: any ) { + if (principal === undefined) { + return false; + } const derivedRoles = getDerivedRoles(principal, resourceType, resource); if (role == "ADMIN") { return true; diff --git a/app/routes/applicants.$applicantId._index.tsx b/app/routes/applicants.$applicantId._index.tsx index e75154a..b9dbf00 100644 --- a/app/routes/applicants.$applicantId._index.tsx +++ b/app/routes/applicants.$applicantId._index.tsx @@ -42,8 +42,9 @@ import { getApplicantByEmail } from "~/models/applicant.server"; import { getCommentsApplicant } from "~/models/applicantComment.server"; import { checkPermission } from "~/models/authorization.server"; import type { Roles } from "~/models/authorization.server"; +import { getProfileByUserId } from "~/models/profile.server"; import { getProjectsList } from "~/models/project.server"; -import { requireProfile, requireUser } from "~/session.server"; +import { requireUser } from "~/session.server"; import { validateNavigationRedirect } from "~/utils"; export function links() { @@ -97,12 +98,11 @@ export const loader = async ({ params, request }: LoaderFunctionArgs) => { throw new Response("Not Found", { status: 404 }); } - const profile = await requireProfile(request); - const profileId = profile.id; - const user = await requireUser(request); + const profile = await getProfileByUserId(user.id); + const canEditProject = checkPermission( - profile.id, + profile?.id, user.role as Roles, "edit.project", "applicant", @@ -114,7 +114,7 @@ export const loader = async ({ params, request }: LoaderFunctionArgs) => { projects, canEditProject, applicantId: applicant.id, - profileId, + profileId: profile?.id, comments, }); }; diff --git a/app/routes/applicationForm.$applicantId._index.tsx b/app/routes/applicationForm.$applicantId._index.tsx index 078f126..d5bff22 100644 --- a/app/routes/applicationForm.$applicantId._index.tsx +++ b/app/routes/applicationForm.$applicantId._index.tsx @@ -209,6 +209,7 @@ export default function FormPage() { career in technology. { const [year, month, day] = dateString.split("-"); @@ -11,9 +11,9 @@ const parseDate = (dateString: string): Date => { export const action: ActionFunction = async ({ request }) => { const result = await validator.validate(await request.formData()); - const profile = await requireProfile(request); + const user = await requireUser(request); - const email = profile?.email; + const email = user?.email; const personalEmail = (result?.data?.personalEmail as string) ?? "DefaultPersonalEmailValue"; const fullName = (result?.data?.fullName as string) ?? "DefaultFullNameValue"; @@ -71,7 +71,7 @@ export const action: ActionFunction = async ({ request }) => { (result?.data?.wizelinePrograms as string) ?? "DefaultWizelineProgramsValue"; const comments = (result?.data?.comments as string) ?? "DefaultCommentsValue"; - const avatarApplicant = profile?.avatarUrl as string; + const avatarApplicant = user?.avatarUrl as string; if (!result) { throw new Response("Error", {