Skip to content

Commit

Permalink
ACQUI-120: Make settings permission dependent
Browse files Browse the repository at this point in the history
This commit adds permission guards to the settings page and also to the routes for the relevant settings pages. A user with no permissions for amending the settings will only be able to access the manual
  • Loading branch information
mblenk committed Mar 11, 2024
1 parent 3a9bced commit 5a3b86e
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 3 deletions.
1 change: 0 additions & 1 deletion src/components/Settings/SettingsCard.vue
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ export default {
props: {
item: Object
}
}
</script>

Expand Down
18 changes: 17 additions & 1 deletion src/components/Settings/SettingsHome.vue
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,15 @@ import { storeToRefs } from "pinia"
export default {
setup() {
const acquisitionsStore = inject("acquisitionsStore")
const { convertSettingsToObject } = acquisitionsStore
const { convertSettingsToObject, isUserPermitted } = acquisitionsStore
const {
settings,
} = storeToRefs(acquisitionsStore)
return {
settings,
convertSettingsToObject,
isUserPermitted,
settingsJSON
}
},
Expand Down Expand Up @@ -66,6 +67,20 @@ export default {
modulesEnabled.push('tasks')
const modules = Object.keys(settingsJSON)
if(!this.isUserPermitted('manage_settings')) {
const moduleData = settingsJSON.manual
this.navPanes = [
{
path: "/acquisitions/settings/manual",
icon: moduleData.icon,
title: moduleData.title,
module: 'Manual'
}
]
this.initialised = true
return
}
const navPanes = modules.map(moduleName => {
const moduleData = settingsJSON[moduleName]
return {
Expand All @@ -75,6 +90,7 @@ export default {
module: moduleName
}
}).filter(m => modulesEnabled.includes(m.module))
this.navPanes = navPanes
this.initialised = true
return navPanes
Expand Down
1 change: 1 addition & 0 deletions src/data/permissionsMatrix.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
export const permissionsMatrix = {
manage_settings: ['manage_sysprefs'],
add_task: [],
edit_task: [],
delete_task: [],
Expand Down
3 changes: 3 additions & 0 deletions src/routes/routes.js
Original file line number Diff line number Diff line change
Expand Up @@ -238,20 +238,23 @@ export const routes = [
name: "ModuleSettingsGeneral",
title: "General",
is_navigation_item: false,
permission: "manage_settings"
},
{
path: "tasks",
component: markRaw(ModuleSettings),
name: "ModuleSettingsTasks",
title: "Tasks",
is_navigation_item: false,
permission: "manage_settings"
},
{
path: "funds",
component: markRaw(ModuleSettings),
name: "ModuleSettingsFunds",
title: "Funds",
is_navigation_item: false,
permission: "manage_settings"
},
{
path: "manual",
Expand Down
12 changes: 11 additions & 1 deletion src/stores/acquisitions.js
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,17 @@ export const useAcquisitionsStore = defineStore("acquisitions", {
if(!operation) return true
if(this.permissions_matrix[operation].length === 0) return true

const { acquisition, superlibrarian } = userflags
const { acquisition, parameters, superlibrarian } = userflags
if(operation === 'manage_settings') {
let checkResult = false
if( superlibrarian || parameters === 1 || parameters.manage_sysprefs) {
checkResult = true
} else {
checkResult = false
}
return checkResult
}

if (acquisition === 1 || superlibrarian) {
return true
} else {
Expand Down

0 comments on commit 5a3b86e

Please sign in to comment.