Skip to content

Commit

Permalink
Update permissions in the HubMap and Profile components
Browse files Browse the repository at this point in the history
  • Loading branch information
ba1uev committed May 8, 2024
1 parent 0d58c47 commit 94a83d8
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 25 deletions.
26 changes: 15 additions & 11 deletions src/modules/hub-map/client/components/HubMap.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -26,17 +26,21 @@ import { useUpcoming } from '../queries'
import { PermissionsValidator } from '#client/components/PermissionsValidator'
import Permissions from '#shared/permissions'

export const HubMap = () => (
<PermissionsValidator
required={[
Permissions.visits.Create,
Permissions['room-reservation'].Create,
Permissions['guest-invites'].Create,
]}
>
<_HubMap />
</PermissionsValidator>
)
export const HubMap = () => {
const officeId = useStore(stores.officeId)
return (
<PermissionsValidator
officeId={officeId}
required={[
Permissions.visits.Create,
Permissions['room-reservation'].Create,
Permissions['guest-invites'].Create,
]}
>
<_HubMap />
</PermissionsValidator>
)
}

export const _HubMap = () => {
const officeId = useStore(stores.officeId)
Expand Down
22 changes: 18 additions & 4 deletions src/modules/users/client/components/ProfileCard.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,11 @@ export const Card = ({
<div className={cn('flex flex-col', fullView ? 'gap-6' : 'gap-4')}>
<div className="flex flex-col gap-1">
<P className="mb-0">{user.fullName}</P>
<PermissionsValidator required={[Permissions.users.ListProfiles]}>
<MyDetailsVsOthersDetails isMine={isMine}>
<div className="text-text-tertiary text-base leading-6">
{[user.jobTitle, user.team].filter(Boolean).join(' · ')}
</div>
</PermissionsValidator>
</MyDetailsVsOthersDetails>
<div className="mt-3">
{userRoles.map((x) => (
<Tag key={x} size="small" color="gray" className="mr-1 mb-2">
Expand All @@ -96,7 +96,7 @@ export const Card = ({
))}
</div>
</div>
<PermissionsValidator required={[Permissions.users.ListProfiles]}>
<MyDetailsVsOthersDetails isMine={isMine}>
<>
<div className="flex flex-col gap-4">
{location && (
Expand Down Expand Up @@ -151,12 +151,26 @@ export const Card = ({
</PermissionsValidator>
)}
</>
</PermissionsValidator>
</MyDetailsVsOthersDetails>
</div>
</div>
)
}

const MyDetailsVsOthersDetails: React.FC<{
isMine: boolean
children: React.ReactNode
}> = (props) => {
if (props.isMine) {
return <>{props.children}</>
}
return (
<PermissionsValidator required={[Permissions.users.ListProfiles]}>
{props.children}
</PermissionsValidator>
)
}

export const ProfileCard = () => {
const user = useStore(stores.me)

Expand Down
23 changes: 16 additions & 7 deletions src/modules/users/client/components/PublicProfile.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,23 @@ const NoData = () => (
</ComponentWrapper>
)

export const PublicProfile: React.FC<RootComponentProps> = (props) => (
<PermissionsValidator
required={[Permissions.users.ListProfiles]}
onRejectGoHome
>
export const PublicProfile: React.FC<RootComponentProps> = (props) => {
const route = useStore(stores.router)
const me = useStore(stores.me)
const userId = route?.route === 'publicProfile' ? route.params.userId : null
const isMine = me?.id === userId

return isMine ? (
<_PublicProfile {...props} />
</PermissionsValidator>
)
) : (
<PermissionsValidator
required={[Permissions.users.ListProfiles]}
onRejectGoHome
>
<_PublicProfile {...props} />
</PermissionsValidator>
)
}

const _PublicProfile: React.FC<RootComponentProps> = ({ portals }) => {
const route = useStore(stores.router)
Expand Down
14 changes: 11 additions & 3 deletions src/modules/users/server/router.ts
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,9 @@ const userRouter: FastifyPluginCallback = async function (fastify, opts) {
fastify.get(
'/profile/:userId',
async (req: FastifyRequest<{ Params: { userId: string } }>, reply) => {
req.check(Permissions.ListProfiles)
if (req.user.id !== req.params.userId) {
req.check(Permissions.ListProfiles)
}
const user = await fastify.db.User.findByPkActive(req.params.userId, {
include: {
as: 'tags',
Expand Down Expand Up @@ -392,8 +394,14 @@ const userRouter: FastifyPluginCallback = async function (fastify, opts) {
)

fastify.get('/me/tags', async (req, reply) => {
req.check(Permissions.ManageProfile)
req.check(Permissions.ListProfiles)
if (
!req.permissions.hasAnyOf([
Permissions.ListProfiles,
Permissions.ManageProfile,
])
) {
return reply.throw.accessDenied()
}
// FIXME: missed types for sequelize lazy loading methods (many-to-many relation)
// @ts-ignore
const tags = (await req.user.getTags()) as Tag[]
Expand Down

0 comments on commit 94a83d8

Please sign in to comment.