Added permissions to filter out the user update

2024-07-25 11:23:11 +01:00
parent 923319051c
commit 45df9837e7
4 changed files with 104 additions and 22 deletions
--- a/src/pages/(admin)/Lists/UserList.tsx
+++ b/src/pages/(admin)/Lists/UserList.tsx
@@ -43,7 +43,8 @@ import { useListSearch } from "@/hooks/useListSearch";
 import { getUserCorporate } from "@/utils/groups";
 import { asyncSorter } from "@/utils";
 import { exportListToExcel, UserListRow } from "@/utils/users";
-
+import { checkAccess } from "@/utils/permissions";
+import { PermissionType } from "@/interfaces/permissions";
 const columnHelper = createColumnHelper<User>();
 const searchFields = [
  ["name"],
@@ -92,7 +93,7 @@ export default function UserList({

  const { users, reload } = useUsers();
  const { groups } = useGroups(
-    user && (['corporate', 'teacher', 'mastercorporate'].includes(user?.type))
+    user && ["corporate", "teacher", "mastercorporate"].includes(user?.type)
      ? user.id
      : undefined
  );
@@ -231,9 +232,21 @@ export default function UserList({
  };

  const actionColumn = ({ row }: { row: { original: User } }) => {
+    const updateUserPermission = PERMISSIONS.updateUser[row.original.type] as {
+      list: Type[];
+      perm: PermissionType;
+    };
+    const deleteUserPermission = PERMISSIONS.deleteUser[row.original.type] as {
+      list: Type[];
+      perm: PermissionType;
+    };
    return (
      <div className="flex gap-4">
-        {PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && (
+        {checkAccess(
+          user,
+          updateUserPermission.list,
+          updateUserPermission.perm
+        ) && (
          <Popover className="relative">
            <Popover.Button>
              <div data-tip="Change Type" className="cursor-pointer tooltip">
@@ -297,7 +310,11 @@ export default function UserList({
          </Popover>
        )}
        {!row.original.isVerified &&
-          PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && (
+          checkAccess(
+            user,
+            updateUserPermission.list,
+            updateUserPermission.perm
+          ) && (
            <div
              data-tip="Verify User"
              className="cursor-pointer tooltip"
@@ -306,7 +323,11 @@ export default function UserList({
              <BsCheck className="hover:text-mti-purple-light transition ease-in-out duration-300" />
            </div>
          )}
-        {PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && (
+        {checkAccess(
+          user,
+          updateUserPermission.list,
+          updateUserPermission.perm
+        ) && (
          <div
            data-tip={
              row.original.status === "disabled"
@@ -323,7 +344,11 @@ export default function UserList({
            )}
          </div>
        )}
-        {PERMISSIONS.deleteUser[row.original.type]?.includes(user.type) && (
+        {checkAccess(
+          user,
+          deleteUserPermission.list,
+          deleteUserPermission.perm
+        ) && (
          <div
            data-tip="Delete"
            className="cursor-pointer tooltip"
--- a/src/pages/api/user.ts
+++ b/src/pages/api/user.ts
@@ -87,7 +87,7 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
  }

  const permission = PERMISSIONS.deleteUser[targetUser.type];
-  if (!permission.includes(user.type)) {
+  if (!permission.list.includes(user.type)) {
    res.status(403).json({ ok: false });
    return;
  }