update dsa reports tab permissions

coralproject · Nov 20, 2023 · 7a641d5 · 7a641d5
1 parent dc018d5
commit 7a641d5
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 3 deletions.
diff --git a/client/src/core/client/admin/App/Navigation/NavigationContainer.tsx b/client/src/core/client/admin/App/Navigation/NavigationContainer.tsx
@@ -2,12 +2,14 @@ import React, { FunctionComponent } from "react";
 import { graphql } from "react-relay";
 
 import { Ability, can } from "coral-admin/permissions/tenant";
+import { GQLUSER_ROLE } from "coral-common/client/src/core/client/framework/schema/__generated__/types";
 import { useLocal, withFragmentContainer } from "coral-framework/lib/relay";
 import {
   SignOutMutation,
   withSignOutMutation,
 } from "coral-framework/mutations";
 
+import { NavigationContainer_settings as SettingsData } from "coral-admin/__generated__/NavigationContainer_settings.graphql";
 import { NavigationContainer_viewer as ViewerData } from "coral-admin/__generated__/NavigationContainer_viewer.graphql";
 import { NavigationContainerLocal } from "coral-admin/__generated__/NavigationContainerLocal.graphql";
 
@@ -16,9 +18,13 @@ import Navigation from "./Navigation";
 interface Props {
   signOut: SignOutMutation;
   viewer: ViewerData | null;
+  settings: SettingsData | null;
 }
 
-const NavigationContainer: FunctionComponent<Props> = ({ viewer }) => {
+const NavigationContainer: FunctionComponent<Props> = ({
+  viewer,
+  settings,
+}) => {
   const [{ dsaFeaturesEnabled }] = useLocal<NavigationContainerLocal>(
     graphql`
       fragment NavigationContainerLocal on Local {
@@ -30,7 +36,19 @@ const NavigationContainer: FunctionComponent<Props> = ({ viewer }) => {
     <Navigation
       showDashboard={!!viewer && can(viewer, Ability.VIEW_STATISTICS)}
       showConfigure={!!viewer && can(viewer, Ability.CHANGE_CONFIGURATION)}
-      showReports={!!dsaFeaturesEnabled}
+      showReports={
+        !!dsaFeaturesEnabled &&
+        !!viewer &&
+        can(viewer, Ability.MODERATE_DSA_REPORTS) &&
+        // Exclude single-site moderators
+        !(
+          settings?.multisite &&
+          viewer.role === GQLUSER_ROLE.MODERATOR &&
+          viewer.moderationScopes &&
+          viewer.moderationScopes.sites &&
+          viewer.moderationScopes.sites.length === 1
+        )
+      }
     />
   );
 };
@@ -40,6 +58,16 @@ const enhanced = withSignOutMutation(
     viewer: graphql`
       fragment NavigationContainer_viewer on User {
         role
+        moderationScopes {
+          sites {
+            id
+          }
+        }
+      }
+    `,
+    settings: graphql`
+      fragment NavigationContainer_settings on Settings {
+        multisite
       }
     `,
   })(NavigationContainer)

diff --git a/client/src/core/client/admin/permissions/tenant.ts b/client/src/core/client/admin/permissions/tenant.ts
@@ -5,7 +5,8 @@ import { PermissionMap } from "./types";
 export type AbilityType =
   | "CHANGE_CONFIGURATION"
   | "INVITE_USERS"
-  | "VIEW_STATISTICS";
+  | "VIEW_STATISTICS"
+  | "MODERATE_DSA_REPORTS";
 interface PermissionContext {
   TODO: never;
 }
@@ -21,6 +22,10 @@ const permissionMap: PermissionMap<AbilityType, PermissionContext> = {
     [GQLUSER_ROLE.ADMIN]: () => true,
     [GQLUSER_ROLE.MODERATOR]: () => true,
   },
+  MODERATE_DSA_REPORTS: {
+    [GQLUSER_ROLE.ADMIN]: () => true,
+    [GQLUSER_ROLE.MODERATOR]: () => true,
+  },
 };
 
 export const Ability = mapValues(permissionMap, (_, key) => key) as {