dashpresshq · thrownullexception · Oct 20, 2023 · Sep 29, 2023 · Oct 20, 2023 · Oct 20, 2023
@@ -296,4 +296,6 @@ describe("pages/roles/[roleId]/index", () => {
       })
     ).toBeChecked();
   });
+
+  // todo test heirachy
 });
@@ -94,39 +94,6 @@ export function RolesDocumentation(props: IDocumentationRootProps) {
         </b>
         : enables users to reset passwords.
       </p>
-
-      <h4>Permissions Dependencies </h4>
-      <p>
-        Enabling some permissions will automatically grant some other
-        permission. For example, giving someone permission to reset a user&apos;
-        password without giving them permission to manage users doesn&apos;t
-        make sense as they need to be able to access users first to get to where
-        they will be able to reset the password. This is what we call
-        permissions dependencies.
-      </p>
-      <p>
-        These are the permission dependencies.
-        <ul>
-          <li>
-            <code>{userFriendlyCase(USER_PERMISSIONS.CAN_RESET_PASSWORD)}</code>{" "}
-            - <code>{userFriendlyCase(USER_PERMISSIONS.CAN_MANAGE_USERS)}</code>
-          </li>
-          <li>
-            <code>
-              {userFriendlyCase(USER_PERMISSIONS.CAN_MANAGE_INTEGRATIONS)}
-            </code>{" "}
-            -{" "}
-            <code>{userFriendlyCase(USER_PERMISSIONS.CAN_CONFIGURE_APP)}</code>
-          </li>
-          <li>
-            <code>{userFriendlyCase(USER_PERMISSIONS.CAN_CONFIGURE_APP)}</code>{" "}
-            -{" "}
-            <code>
-              {userFriendlyCase(USER_PERMISSIONS.CAN_MANAGE_ALL_ENTITIES)}
-            </code>
-          </li>
-        </ul>
-      </p>
     </DocumentationRoot>
   );
 }
@@ -118,10 +118,13 @@ function useEntityCrudView() {
 
     if (field === "details" && !newState.details) {
       newState.update = false;
+      newState.delete = false;
     } else if (field === "update" && newState.update) {
       newState.details = true;
+    } else if (field === "delete" && newState.delete) {
+      newState.details = true;
     }
-
+    
     setEntityCrudSettingsState(newState);
     upsertCrudSettingsMutation.mutateAsync(
       newState as unknown as Record<string, string>

@@ -10,13 +10,50 @@ import {
   useRolePermissionDeletionMutation,
   useRolePermissions,
 } from "../permissions.store";
+import { USER_PERMISSIONS } from "shared/constants/user";
+import { PORTAL_PERMISSION_HEIRACHIES } from "shared/logic/permissions/portal";
 
 interface IProps {
   permissionList: ILabelValue[];
   overAchingPermission?: string;
   singular: string;
 }
 
+/*
+  IMPORTANT NOTE:
+  LESSER PERMISSION FIRST
+*/
+const PERMISSION_HEIRACHIES = {
+  [USER_PERMISSIONS.CAN_MANAGE_USERS]: USER_PERMISSIONS.CAN_RESET_PASSWORD,
+  [USER_PERMISSIONS.CAN_CONFIGURE_APP]:
+    USER_PERMISSIONS.CAN_MANAGE_INTEGRATIONS,
+  [USER_PERMISSIONS.CAN_MANAGE_ALL_ENTITIES]:
+    USER_PERMISSIONS.CAN_CONFIGURE_APP,
+  ...PORTAL_PERMISSION_HEIRACHIES,
+};
+
+export const getPermissionChildren = (
+  permission: string,
+  mainKey: 1 | 0,
+  permissions: string[] = []
+): string[] => {
+  permissions.push(permission);
+
+  const permissionHeirachy = Object.entries<string>(PERMISSION_HEIRACHIES).find(
+    (value) => value[mainKey === 1 ? 0 : 1] === permission
+  );
+
+  if (!permissionHeirachy) {
+    return permissions;
+  }
+
+  return getPermissionChildren(
+    permissionHeirachy[mainKey],
+    mainKey,
+    permissions
+  );
+};
+
 export function MutatePermission({
   permissionList,
   singular,
@@ -79,13 +116,13 @@ export function MutatePermission({
                       selected: isPermissionSelected,
                       onChange: () => {
                         if (isPermissionSelected) {
-                          rolePermissionDeletionMutation.mutate([
-                            menuItem.value,
-                          ]);
+                          rolePermissionDeletionMutation.mutate(
+                            getPermissionChildren(menuItem.value, 1)
+                          );
                         } else {
-                          rolePermissionCreationMutation.mutate([
-                            menuItem.value,
-                          ]);
+                          rolePermissionCreationMutation.mutate(
+                            getPermissionChildren(menuItem.value, 0)
+                          );
                         }
                       },
                     }

@@ -29,6 +29,7 @@ const mapPermissionStringToLabelValue = (permissionStringList: string[]) => {
   }));
 };
 
+// TODO sort by heirachy
 const adminPermissionList: ILabelValue[] = mapPermissionStringToLabelValue(
   Object.values(BASE_USER_PERMISSIONS)
 );

@@ -122,27 +122,7 @@ describe("user role checks", () => {
         ).toBe(false);
       });
     });
-    describe("Heirachy", () => {
-      it("should return true for PERMISSION_HEIRACHIES down", () => {
-        expect(
-          doesPermissionAllowPermission(
-            ["CAN_RESET_PASSWORD", "PERMISSION_2"],
-            "CAN_MANAGE_USERS",
-            false
-          )
-        ).toBe(true);
-      });
-      it("should return false for PERMISSION_HEIRACHIES down", () => {
-        expect(
-          doesPermissionAllowPermission(
-            ["CAN_MANAGE_USERS", "PERMISSION_2"],
-            "CAN_RESET_PASSWORD",
-            false
-          )
-        ).toBe(false);
-      });
-    });
-    describe.only("Check Granular", () => {
+    describe("Check Granular", () => {
       it("should pass check granular when granular is true", () => {
         expect(
           doesPermissionAllowPermission(

@@ -5,24 +5,7 @@ import {
 } from "shared/constants/user";
 import { GranularEntityPermissions, SystemRoles } from "shared/types/user";
 import { replaceGranular } from "shared/constants/user/shared";
-import {
-  portalMetaPermissionCheck,
-  PORTAL_PERMISSION_HEIRACHIES,
-} from "./portal";
-
-/*
-  IMPORTANT NOTE:
-  LESSER PERMISSION FIRST
-*/
-// TODO move this logic to the FE for more visibility (For contributors)
-const PERMISSION_HEIRACHIES = {
-  [USER_PERMISSIONS.CAN_MANAGE_USERS]: USER_PERMISSIONS.CAN_RESET_PASSWORD,
-  [USER_PERMISSIONS.CAN_CONFIGURE_APP]:
-    USER_PERMISSIONS.CAN_MANAGE_INTEGRATIONS,
-  [USER_PERMISSIONS.CAN_MANAGE_ALL_ENTITIES]:
-    USER_PERMISSIONS.CAN_CONFIGURE_APP,
-  ...PORTAL_PERMISSION_HEIRACHIES,
-};
+import { portalMetaPermissionCheck } from "./portal";
 
 const doMetaPermissionCheck =
   (permissions: string[], requiredPermission: string) =>
@@ -77,21 +60,7 @@ export const doesPermissionAllowPermission = (
     );
   }
 
-  const can = permissions.includes(requiredPermission);
-
-  if (can) {
-    return true;
-  }
-
-  if (!PERMISSION_HEIRACHIES[requiredPermission]) {
-    return false;
-  }
-
-  return doesPermissionAllowPermission(
-    permissions,
-    PERMISSION_HEIRACHIES[requiredPermission],
-    checkGranular
-  );
+  return permissions.includes(requiredPermission);
 };
 
 const doSystemRoleCheck = (
-Original file line number
+Diff line change
@@ Expand Up / @@ -296,4 +296,6 @@ describe("pages/roles/[roleId]/index", () => { @@
           })
         ).toBeChecked();
       });
+      // todo test heirachy
     });