Continued creating the permission system

2024-10-11 10:47:35 +01:00
parent 55204e2ce1
commit a53ee79c0a
12 changed files with 196 additions and 121 deletions
--- a/src/pages/assignments/creator/[id].tsx
+++ b/src/pages/assignments/creator/[id].tsx
@@ -19,7 +19,7 @@ import { requestUser } from "@/utils/api";
 import {getAssignment} from "@/utils/assignments.be";
 import {getEntitiesWithRoles} from "@/utils/entities.be";
 import {getGroups, getGroupsByEntities} from "@/utils/groups.be";
-import {checkAccess} from "@/utils/permissions";
+import {checkAccess, doesEntityAllow, findAllowedEntities} from "@/utils/permissions";
 import {calculateAverageLevel} from "@/utils/score";
 import {getEntitiesUsers, getUsers} from "@/utils/users.be";
 import axios from "axios";
@@ -40,42 +40,26 @@ export const getServerSideProps = withIronSessionSsr(async ({req, res, params})
 	const user = await requestUser(req, res)
 	if (!user) return redirect("/login")

-	if (!user) {
-		return {
-			redirect: {
-				destination: "/login",
-				permanent: false,
-			},
-		};
-	}
-
-	if (!checkAccess(user, ["admin", "developer", "corporate", "teacher", "mastercorporate"]))
-		return {
-			redirect: {
-				destination: "/dashboard",
-				permanent: false,
-			},
-		};
-
 	res.setHeader("Cache-Control", "public, s-maxage=10, stale-while-revalidate=59");

 	const {id} = params as {id: string};
 	const entityIDS = mapBy(user.entities, "id") || [];

 	const assignment = await getAssignment(id);
-	if (!assignment)
-		return {
-			redirect: {
-				destination: "/assignments",
-				permanent: false,
-			},
-		};
+	if (!assignment) return redirect("/assignments")

-	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(entityIDS));
 	const entities = await (checkAccess(user, ["developer", "admin"]) ? getEntitiesWithRoles() : getEntitiesWithRoles(entityIDS));
-	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(entityIDS));
+	const entity = entities.find((e) => assignment.entity === assignment.entity)

-	return {props: serialize({user, users, entities, assignment, groups})};
+	if (!entity) return redirect("/assignments")
+	if (!doesEntityAllow(user, entity, 'edit_assignment')) return redirect("/assignments")
+
+	const allowedEntities = findAllowedEntities(user, entities, 'edit_assignment')
+
+	const users = await (checkAccess(user, ["developer", "admin"]) ? getUsers() : getEntitiesUsers(mapBy(allowedEntities, 'id')));
+	const groups = await (checkAccess(user, ["developer", "admin"]) ? getGroups() : getGroupsByEntities(mapBy(allowedEntities, 'id')));
+
+	return {props: serialize({user, users, entities: allowedEntities, assignment, groups})};
 }, sessionOptions);

 interface Props {