fix: Use role permissions from accounts instead of role attribute (#3445)

Use role permissions from accounts instead of the role attribute Fixes: #2557
2021-11-23 17:37:01 +05:30 · 2021-11-23 17:37:01 +05:30 · 0530e9491c
commit 0530e9491c
parent 11cd7fd6c5
3 changed files with 31 additions and 26 deletions
--- a/app/javascript/dashboard/routes/index.js
+++ b/app/javascript/dashboard/routes/index.js
@ -21,6 +21,11 @@ window.roleWiseRoutes = {
  administrator: [],
 };

+const getUserRole = ({ accounts } = {}, accountId) => {
+  const currentAccount = accounts.find(account => account.id === accountId);
+  return currentAccount ? currentAccount.role : null;
+};
+
 // generateRoleWiseRoute - updates window object with agent/admin route
 const generateRoleWiseRoute = route => {
  route.forEach(element => {
@ -57,7 +62,10 @@ const routeValidators = [
  {
    protected: false,
    loggedIn: true,
-    handler: () => 'dashboard',
+    handler: () => {
+      const user = auth.getCurrentUser();
+      return `accounts/${user.account_id}/dashboard`;
+    },
  },
  {
    protected: true,
@ -69,8 +77,9 @@ const routeValidators = [
    loggedIn: true,
    handler: to => {
      const user = auth.getCurrentUser();
-      const isAccessible = routeIsAccessibleFor(to, user.role);
-      return isAccessible ? null : 'dashboard';
+      const userRole = getUserRole(user, Number(to.params.accountId));
+      const isAccessible = routeIsAccessibleFor(to.name, userRole);
+      return isAccessible ? null : `accounts/${to.params.accountId}/dashboard`;
    },
  },
  {
@ -88,7 +97,7 @@ export const validateAuthenticateRoutePermission = (to, from, next) => {
      validator.protected === isProtectedRoute &&
      validator.loggedIn === isLoggedIn
  );
-  const nextRoute = strategy.handler(to.name);
+  const nextRoute = strategy.handler(to);
  return nextRoute ? next(frontendURL(nextRoute)) : next();
 };

--- a/app/javascript/dashboard/routes/index.spec.js
+++ b/app/javascript/dashboard/routes/index.spec.js
@ -37,17 +37,16 @@ describe(`behavior`, () => {
      // Arrange
      spyOn(auth, 'isLoggedIn').and.returnValue(true);
      spyOn(auth, 'getCurrentUser').and.returnValue({
-        role: 'user',
+        account_id: 1,
+        accounts: [{ id: 1, role: 'agent' }],
      });
-      const to = {
-        name: 'login',
-      };
-      const from = { name: '' };
+      const to = { name: 'login' };
+      const from = { name: '', params: { accountId: 1 } };
      const next = jest.fn();
      // Act
      validateAuthenticateRoutePermission(to, from, next);
      // Assert
-      expect(next).toHaveBeenCalledWith('/app/dashboard');
+      expect(next).toHaveBeenCalledWith('/app/accounts/1/dashboard');
    });
  });
  describe(`when route is protected`, () => {
@ -56,9 +55,7 @@ describe(`behavior`, () => {
        // Arrange
        spyOn(auth, 'isLoggedIn').and.returnValue(false);
        spyOn(auth, 'getCurrentUser').and.returnValue(null);
-        const to = {
-          name: 'some-protected-route',
-        };
+        const to = { name: 'some-protected-route', params: { accountId: 1 } };
        const from = { name: '' };
        const next = jest.fn();
        // Act
@ -73,18 +70,16 @@ describe(`behavior`, () => {
          // Arrange
          spyOn(auth, 'isLoggedIn').and.returnValue(true);
          spyOn(auth, 'getCurrentUser').and.returnValue({
-            role: 'user',
+            accounts: [{ id: 1, role: 'agent' }],
          });
-          window.roleWiseRoutes.user = ['dashboard'];
-          const to = {
-            name: 'admin',
-          };
+          window.roleWiseRoutes.agent = ['dashboard'];
+          const to = { name: 'admin', params: { accountId: 1 } };
          const from = { name: '' };
          const next = jest.fn();
          // Act
          validateAuthenticateRoutePermission(to, from, next);
          // Assert
-          expect(next).toHaveBeenCalledWith('/app/dashboard');
+          expect(next).toHaveBeenCalledWith('/app/accounts/1/dashboard');
        });
      });
      describe(`when route is accessible to current user`, () => {
@ -92,12 +87,10 @@ describe(`behavior`, () => {
          // Arrange
          spyOn(auth, 'isLoggedIn').and.returnValue(true);
          spyOn(auth, 'getCurrentUser').and.returnValue({
-            role: 'user',
+            accounts: [{ id: 1, role: 'agent' }],
          });
-          window.roleWiseRoutes.user = ['dashboard', 'admin'];
-          const to = {
-            name: 'admin',
-          };
+          window.roleWiseRoutes.agent = ['dashboard', 'admin'];
+          const to = { name: 'admin', params: { accountId: 1 } };
          const from = { name: '' };
          const next = jest.fn();
          // Act
--- a/app/javascript/dashboard/store/modules/auth.js
+++ b/app/javascript/dashboard/store/modules/auth.js
@ -47,8 +47,11 @@ export const getters = {
    return currentAccount.availability;
  },

-  getCurrentAccountId(_state) {
-    return _state.currentAccountId;
+  getCurrentAccountId(_, __, rootState) {
+    if (rootState.route.params && rootState.route.params.accountId) {
+      return Number(rootState.route.params.accountId);
+    }
+    return null;
  },

  getCurrentRole(_state) {