devops/encoach_frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added permissions to filter out the user update

Browse Source
This commit is contained in:
Joao Ramos
2024-07-25 11:23:11 +01:00
parent 923319051c
commit 45df9837e7
4 changed files with 104 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/components/UserCard.tsx
View File

@@ -4,6 +4,7 @@ import {
CorporateUser, CorporateUser,
EMPLOYMENT_STATUS, EMPLOYMENT_STATUS,
User, User,
Type,
} from "@/interfaces/user"; } from "@/interfaces/user";
import { groupBySession, averageScore } from "@/utils/stats"; import { groupBySession, averageScore } from "@/utils/stats";
import { RadioGroup } from "@headlessui/react"; import { RadioGroup } from "@headlessui/react";
@@ -32,6 +33,8 @@ import { USER_TYPE_LABELS } from "@/resources/user";
import { CURRENCIES } from "@/resources/paypal"; import { CURRENCIES } from "@/resources/paypal";
import useCodes from "@/hooks/useCodes"; import useCodes from "@/hooks/useCodes";
import { checkAccess, getTypesOfUser } from "@/utils/permissions"; import { checkAccess, getTypesOfUser } from "@/utils/permissions";
import { PERMISSIONS } from "@/constants/userPermissions";
import { PermissionType } from "@/interfaces/permissions";
const expirationDateColor = (date: Date) => { const expirationDateColor = (date: Date) => {
const momentDate = moment(date); const momentDate = moment(date);
@@ -261,6 +264,10 @@ const UserCard = ({
] ]
: []; : [];
const updateUserPermission = PERMISSIONS.updateUser[user.type] as {
list: Type[];
perm: PermissionType;
};
return ( return (
<> <>
<ProfileSummary <ProfileSummary
@@ -817,7 +824,14 @@ const UserCard = ({
Close Close
</Button> </Button>
<Button <Button
disabled={disabled} disabled={
disabled ||
!checkAccess(
loggedInUser,
updateUserPermission.list,
updateUserPermission.perm
)
}
onClick={updateUser} onClick={updateUser}
className="w-full max-w-[200px]" className="w-full max-w-[200px]"
> >

71
src/constants/userPermissions.ts
View File

@@ -12,25 +12,68 @@ export const PERMISSIONS = {
developer: ["developer"], developer: ["developer"],
}, },
deleteUser: { deleteUser: {
student: ["corporate", "developer", "admin", "mastercorporate"], student: {
teacher: ["corporate", "developer", "admin", "mastercorporate"], perm: "deleteStudent",
corporate: ["admin", "developer"], list: ["corporate", "developer", "admin", "mastercorporate"],
mastercorporate: ["admin", "developer"], },
teacher: {
perm: "deleteTeacher",
list: ["corporate", "developer", "admin", "mastercorporate"],
},
corporate: {
perm: "deleteCorporate",
list: ["admin", "developer"],
},
mastercorporate: {
perm: undefined,
list: ["admin", "developer"],
},
admin: ["developer", "admin"], admin: {
agent: ["developer", "admin"], perm: "deleteAdmin",
developer: ["developer"], list: ["developer", "admin"],
},
agent: {
perm: "deleteCountryManager",
list: ["developer", "admin"],
},
developer: {
perm: undefined,
list: ["developer"],
},
}, },
updateUser: { updateUser: {
student: ["developer", "admin"], student: {
teacher: ["developer", "admin"], perm: "editStudent",
list: ["developer", "admin"],
},
teacher: {
perm: "editTeacher",
list: ["developer", "admin"],
},
corporate: ["admin", "developer"], corporate: {
mastercorporate: ["admin", "developer"], perm: "editCorporate",
list: ["admin", "developer"],
},
mastercorporate: {
perm: undefined,
list: ["admin", "developer"],
},
admin: ["developer", "admin"], admin: {
agent: ["developer", "admin"], perm: "editAdmin",
developer: ["developer"], list: ["developer", "admin"],
},
agent: {
perm: "editCountryManager",
list: ["developer", "admin"],
},
developer: {
perm: undefined,
list: ["developer"],
},
}, },
updateExpiryDate: { updateExpiryDate: {
student: ["developer", "admin"], student: ["developer", "admin"],

37
src/pages/(admin)/Lists/UserList.tsx
View File

@@ -43,7 +43,8 @@ import { useListSearch } from "@/hooks/useListSearch";
import { getUserCorporate } from "@/utils/groups"; import { getUserCorporate } from "@/utils/groups";
import { asyncSorter } from "@/utils"; import { asyncSorter } from "@/utils";
import { exportListToExcel, UserListRow } from "@/utils/users"; import { exportListToExcel, UserListRow } from "@/utils/users";
import { checkAccess } from "@/utils/permissions";
import { PermissionType } from "@/interfaces/permissions";
const columnHelper = createColumnHelper<User>(); const columnHelper = createColumnHelper<User>();
const searchFields = [ const searchFields = [
["name"], ["name"],
@@ -92,7 +93,7 @@ export default function UserList({
const { users, reload } = useUsers(); const { users, reload } = useUsers();
const { groups } = useGroups( const { groups } = useGroups(
user && (['corporate', 'teacher', 'mastercorporate'].includes(user?.type)) user && ["corporate", "teacher", "mastercorporate"].includes(user?.type)
? user.id ? user.id
: undefined : undefined
); );
@@ -231,9 +232,21 @@ export default function UserList({
}; };
const actionColumn = ({ row }: { row: { original: User } }) => { const actionColumn = ({ row }: { row: { original: User } }) => {
const updateUserPermission = PERMISSIONS.updateUser[row.original.type] as {
list: Type[];
perm: PermissionType;
};
const deleteUserPermission = PERMISSIONS.deleteUser[row.original.type] as {
list: Type[];
perm: PermissionType;
};
return ( return (
<div className="flex gap-4"> <div className="flex gap-4">
{PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && ( {checkAccess(
user,
updateUserPermission.list,
updateUserPermission.perm
) && (
<Popover className="relative"> <Popover className="relative">
<Popover.Button> <Popover.Button>
<div data-tip="Change Type" className="cursor-pointer tooltip"> <div data-tip="Change Type" className="cursor-pointer tooltip">
@@ -297,7 +310,11 @@ export default function UserList({
</Popover> </Popover>
)} )}
{!row.original.isVerified && {!row.original.isVerified &&
PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && ( checkAccess(
user,
updateUserPermission.list,
updateUserPermission.perm
) && (
<div <div
data-tip="Verify User" data-tip="Verify User"
className="cursor-pointer tooltip" className="cursor-pointer tooltip"
@@ -306,7 +323,11 @@ export default function UserList({
<BsCheck className="hover:text-mti-purple-light transition ease-in-out duration-300" /> <BsCheck className="hover:text-mti-purple-light transition ease-in-out duration-300" />
</div> </div>
)} )}
{PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && ( {checkAccess(
user,
updateUserPermission.list,
updateUserPermission.perm
) && (
<div <div
data-tip={ data-tip={
row.original.status === "disabled" row.original.status === "disabled"
@@ -323,7 +344,11 @@ export default function UserList({
)} )}
</div> </div>
)} )}
{PERMISSIONS.deleteUser[row.original.type]?.includes(user.type) && ( {checkAccess(
user,
deleteUserPermission.list,
deleteUserPermission.perm
) && (
<div <div
data-tip="Delete" data-tip="Delete"
className="cursor-pointer tooltip" className="cursor-pointer tooltip"

2
src/pages/api/user.ts
View File

@@ -87,7 +87,7 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
} }
const permission = PERMISSIONS.deleteUser[targetUser.type]; const permission = PERMISSIONS.deleteUser[targetUser.type];
if (!permission.includes(user.type)) { if (!permission.list.includes(user.type)) {
res.status(403).json({ ok: false }); res.status(403).json({ ok: false });
return; return;
} }