devops/encoach_frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added permissions to filter out the user update

Browse Source
This commit is contained in:
Joao Ramos
2024-07-25 11:23:11 +01:00
parent 923319051c
commit 45df9837e7
4 changed files with 104 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/components/UserCard.tsx
View File

@@ -4,6 +4,7 @@ import {
CorporateUser,
EMPLOYMENT_STATUS,
User,
Type,
} from "@/interfaces/user";
import { groupBySession, averageScore } from "@/utils/stats";
import { RadioGroup } from "@headlessui/react";
@@ -32,6 +33,8 @@ import { USER_TYPE_LABELS } from "@/resources/user";
import { CURRENCIES } from "@/resources/paypal";
import useCodes from "@/hooks/useCodes";
import { checkAccess, getTypesOfUser } from "@/utils/permissions";
import { PERMISSIONS } from "@/constants/userPermissions";
import { PermissionType } from "@/interfaces/permissions";
const expirationDateColor = (date: Date) => {
const momentDate = moment(date);
@@ -261,6 +264,10 @@ const UserCard = ({
]
: [];
const updateUserPermission = PERMISSIONS.updateUser[user.type] as {
list: Type[];
perm: PermissionType;
};
return (
<>
<ProfileSummary
@@ -817,7 +824,14 @@ const UserCard = ({
Close
</Button>
<Button
disabled={disabled}
disabled={
disabled ||
!checkAccess(
loggedInUser,
updateUserPermission.list,
updateUserPermission.perm
)
}
onClick={updateUser}
className="w-full max-w-[200px]"
>

71
src/constants/userPermissions.ts
View File

@@ -12,25 +12,68 @@ export const PERMISSIONS = {
developer: ["developer"],
},
deleteUser: {
student: ["corporate", "developer", "admin", "mastercorporate"],
teacher: ["corporate", "developer", "admin", "mastercorporate"],
corporate: ["admin", "developer"],
mastercorporate: ["admin", "developer"],
student: {
perm: "deleteStudent",
list: ["corporate", "developer", "admin", "mastercorporate"],
},
teacher: {
perm: "deleteTeacher",
list: ["corporate", "developer", "admin", "mastercorporate"],
},
corporate: {
perm: "deleteCorporate",
list: ["admin", "developer"],
},
mastercorporate: {
perm: undefined,
list: ["admin", "developer"],
},
admin: ["developer", "admin"],
agent: ["developer", "admin"],
developer: ["developer"],
admin: {
perm: "deleteAdmin",
list: ["developer", "admin"],
},
agent: {
perm: "deleteCountryManager",
list: ["developer", "admin"],
},
developer: {
perm: undefined,
list: ["developer"],
},
},
updateUser: {
student: ["developer", "admin"],
teacher: ["developer", "admin"],
student: {
perm: "editStudent",
list: ["developer", "admin"],
},
teacher: {
perm: "editTeacher",
list: ["developer", "admin"],
},
corporate: ["admin", "developer"],
mastercorporate: ["admin", "developer"],
corporate: {
perm: "editCorporate",
list: ["admin", "developer"],
},
mastercorporate: {
perm: undefined,
list: ["admin", "developer"],
},
admin: ["developer", "admin"],
agent: ["developer", "admin"],
developer: ["developer"],
admin: {
perm: "editAdmin",
list: ["developer", "admin"],
},
agent: {
perm: "editCountryManager",
list: ["developer", "admin"],
},
developer: {
perm: undefined,
list: ["developer"],
},
},
updateExpiryDate: {
student: ["developer", "admin"],

37
src/pages/(admin)/Lists/UserList.tsx
View File

@@ -43,7 +43,8 @@ import { useListSearch } from "@/hooks/useListSearch";
import { getUserCorporate } from "@/utils/groups";
import { asyncSorter } from "@/utils";
import { exportListToExcel, UserListRow } from "@/utils/users";
import { checkAccess } from "@/utils/permissions";
import { PermissionType } from "@/interfaces/permissions";
const columnHelper = createColumnHelper<User>();
const searchFields = [
["name"],
@@ -92,7 +93,7 @@ export default function UserList({
const { users, reload } = useUsers();
const { groups } = useGroups(
user && (['corporate', 'teacher', 'mastercorporate'].includes(user?.type))
user && ["corporate", "teacher", "mastercorporate"].includes(user?.type)
? user.id
: undefined
);
@@ -231,9 +232,21 @@ export default function UserList({
};
const actionColumn = ({ row }: { row: { original: User } }) => {
const updateUserPermission = PERMISSIONS.updateUser[row.original.type] as {
list: Type[];
perm: PermissionType;
};
const deleteUserPermission = PERMISSIONS.deleteUser[row.original.type] as {
list: Type[];
perm: PermissionType;
};
return (
<div className="flex gap-4">
{PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && (
{checkAccess(
user,
updateUserPermission.list,
updateUserPermission.perm
) && (
<Popover className="relative">
<Popover.Button>
<div data-tip="Change Type" className="cursor-pointer tooltip">
@@ -297,7 +310,11 @@ export default function UserList({
</Popover>
)}
{!row.original.isVerified &&
PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && (
checkAccess(
user,
updateUserPermission.list,
updateUserPermission.perm
) && (
<div
data-tip="Verify User"
className="cursor-pointer tooltip"
@@ -306,7 +323,11 @@ export default function UserList({
<BsCheck className="hover:text-mti-purple-light transition ease-in-out duration-300" />
</div>
)}
{PERMISSIONS.updateUser[row.original.type]?.includes(user.type) && (
{checkAccess(
user,
updateUserPermission.list,
updateUserPermission.perm
) && (
<div
data-tip={
row.original.status === "disabled"
@@ -323,7 +344,11 @@ export default function UserList({
)}
</div>
)}
{PERMISSIONS.deleteUser[row.original.type]?.includes(user.type) && (
{checkAccess(
user,
deleteUserPermission.list,
deleteUserPermission.perm
) && (
<div
data-tip="Delete"
className="cursor-pointer tooltip"

2
src/pages/api/user.ts
View File

@@ -87,7 +87,7 @@ async function del(req: NextApiRequest, res: NextApiResponse) {
}
const permission = PERMISSIONS.deleteUser[targetUser.type];
if (!permission.includes(user.type)) {
if (!permission.list.includes(user.type)) {
res.status(403).json({ ok: false });
return;
}