KumiSystems/Chatwoot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: Use role permissions from accounts instead of role attribute (#3445)

Browse source 
Use role permissions from accounts instead of the role attribute

Fixes: #2557
This commit is contained in:
Pranav Raj S 2021-11-23 17:37:01 +05:30 committed by GitHub
parent 11cd7fd6c5
commit 0530e9491c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 31 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
app/javascript/dashboard/routes/index.js
View file

@ -21,6 +21,11 @@ window.roleWiseRoutes = {
administrator: [], administrator: [],
}; };
const getUserRole = ({ accounts } = {}, accountId) => {
const currentAccount = accounts.find(account => account.id === accountId);
return currentAccount ? currentAccount.role : null;
};
// generateRoleWiseRoute - updates window object with agent/admin route // generateRoleWiseRoute - updates window object with agent/admin route
const generateRoleWiseRoute = route => { const generateRoleWiseRoute = route => {
route.forEach(element => { route.forEach(element => {
@ -57,7 +62,10 @@ const routeValidators = [
{ {
protected: false, protected: false,
loggedIn: true, loggedIn: true,
handler: () => 'dashboard', handler: () => {
const user = auth.getCurrentUser();
return `accounts/${user.account_id}/dashboard`;
},
}, },
{ {
protected: true, protected: true,
@ -69,8 +77,9 @@ const routeValidators = [
loggedIn: true, loggedIn: true,
handler: to => { handler: to => {
const user = auth.getCurrentUser(); const user = auth.getCurrentUser();
const isAccessible = routeIsAccessibleFor(to, user.role); const userRole = getUserRole(user, Number(to.params.accountId));
return isAccessible ? null : 'dashboard'; const isAccessible = routeIsAccessibleFor(to.name, userRole);
return isAccessible ? null : `accounts/${to.params.accountId}/dashboard`;
}, },
}, },
{ {
@ -88,7 +97,7 @@ export const validateAuthenticateRoutePermission = (to, from, next) => {
validator.protected === isProtectedRoute && validator.protected === isProtectedRoute &&
validator.loggedIn === isLoggedIn validator.loggedIn === isLoggedIn
); );
const nextRoute = strategy.handler(to.name); const nextRoute = strategy.handler(to);
return nextRoute ? next(frontendURL(nextRoute)) : next(); return nextRoute ? next(frontendURL(nextRoute)) : next();
}; };

33
app/javascript/dashboard/routes/index.spec.js
View file

@ -37,17 +37,16 @@ describe(`behavior`, () => {
// Arrange // Arrange
spyOn(auth, 'isLoggedIn').and.returnValue(true); spyOn(auth, 'isLoggedIn').and.returnValue(true);
spyOn(auth, 'getCurrentUser').and.returnValue({ spyOn(auth, 'getCurrentUser').and.returnValue({
role: 'user', account_id: 1,
accounts: [{ id: 1, role: 'agent' }],
}); });
const to = { const to = { name: 'login' };
name: 'login', const from = { name: '', params: { accountId: 1 } };
};
const from = { name: '' };
const next = jest.fn(); const next = jest.fn();
// Act // Act
validateAuthenticateRoutePermission(to, from, next); validateAuthenticateRoutePermission(to, from, next);
// Assert // Assert
expect(next).toHaveBeenCalledWith('/app/dashboard'); expect(next).toHaveBeenCalledWith('/app/accounts/1/dashboard');
}); });
}); });
describe(`when route is protected`, () => { describe(`when route is protected`, () => {
@ -56,9 +55,7 @@ describe(`behavior`, () => {
// Arrange // Arrange
spyOn(auth, 'isLoggedIn').and.returnValue(false); spyOn(auth, 'isLoggedIn').and.returnValue(false);
spyOn(auth, 'getCurrentUser').and.returnValue(null); spyOn(auth, 'getCurrentUser').and.returnValue(null);
const to = { const to = { name: 'some-protected-route', params: { accountId: 1 } };
name: 'some-protected-route',
};
const from = { name: '' }; const from = { name: '' };
const next = jest.fn(); const next = jest.fn();
// Act // Act
@ -73,18 +70,16 @@ describe(`behavior`, () => {
// Arrange // Arrange
spyOn(auth, 'isLoggedIn').and.returnValue(true); spyOn(auth, 'isLoggedIn').and.returnValue(true);
spyOn(auth, 'getCurrentUser').and.returnValue({ spyOn(auth, 'getCurrentUser').and.returnValue({
role: 'user', accounts: [{ id: 1, role: 'agent' }],
}); });
window.roleWiseRoutes.user = ['dashboard']; window.roleWiseRoutes.agent = ['dashboard'];
const to = { const to = { name: 'admin', params: { accountId: 1 } };
name: 'admin',
};
const from = { name: '' }; const from = { name: '' };
const next = jest.fn(); const next = jest.fn();
// Act // Act
validateAuthenticateRoutePermission(to, from, next); validateAuthenticateRoutePermission(to, from, next);
// Assert // Assert
expect(next).toHaveBeenCalledWith('/app/dashboard'); expect(next).toHaveBeenCalledWith('/app/accounts/1/dashboard');
}); });
}); });
describe(`when route is accessible to current user`, () => { describe(`when route is accessible to current user`, () => {
@ -92,12 +87,10 @@ describe(`behavior`, () => {
// Arrange // Arrange
spyOn(auth, 'isLoggedIn').and.returnValue(true); spyOn(auth, 'isLoggedIn').and.returnValue(true);
spyOn(auth, 'getCurrentUser').and.returnValue({ spyOn(auth, 'getCurrentUser').and.returnValue({
role: 'user', accounts: [{ id: 1, role: 'agent' }],
}); });
window.roleWiseRoutes.user = ['dashboard', 'admin']; window.roleWiseRoutes.agent = ['dashboard', 'admin'];
const to = { const to = { name: 'admin', params: { accountId: 1 } };
name: 'admin',
};
const from = { name: '' }; const from = { name: '' };
const next = jest.fn(); const next = jest.fn();
// Act // Act

7
app/javascript/dashboard/store/modules/auth.js
View file

@ -47,8 +47,11 @@ export const getters = {
return currentAccount.availability; return currentAccount.availability;
}, },
getCurrentAccountId(_state) { getCurrentAccountId(_, __, rootState) {
return _state.currentAccountId; if (rootState.route.params && rootState.route.params.accountId) {
return Number(rootState.route.params.accountId);
}
return null;
}, },
getCurrentRole(_state) { getCurrentRole(_state) {