Implemented: user permissions and app access restrictions (#223)

hotwax · Jan 17, 2024 · e6d6b6b · e6d6b6b
1 parent cbfd353
commit e6d6b6b
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 10 deletions.
diff --git a/.env.example b/.env.example
@@ -5,7 +5,7 @@ VUE_APP_VIEW_SIZE=10
 VUE_APP_JOB_FREQUENCY_TYPE={"JOB_IMP_PROD_THRSHLD":"default","JOB_EXP_PROD_THRSHLD":"default"}
 VUE_APP_JOB_ENUMS=["JOB_IMP_PROD_THRSHLD","JOB_EXP_PROD_THRSHLD"]
 VUE_APP_BASE_URL=
-VUE_APP_PERMISSION_ID=
+VUE_APP_PERMISSION_ID="THRESHOLD_APP_VIEW"
 VUE_APP_ALIAS={}
 VUE_APP_DEFAULT_ALIAS=""
 VUE_APP_DEFAULT_LOG_LEVEL="error"

diff --git a/src/authorization/Rules.ts b/src/authorization/Rules.ts
@@ -1,8 +1,10 @@
 export default {
   "APP_SELECT_PRODUCT_VIEW": "",
   "APP_THRESHOLD_UPDATES_VIEW": "",
-  "APP_SAVE_THRESHOLD_VIEW": "COMMON_ADMIN",
+  "APP_SAVE_THRESHOLD_VIEW": "MERCHANDISING_ADMIN OR MERCHANDISING_VIEW",
   "APP_JOB_VIEW": "",
-  "APP_JOB_UPDATE": "COMMON_ADMIN",
-  "APP_THRESHOLD_RULE_UPDATE": "COMMON_ADMIN",
+  "APP_JOB_UPDATE": "MERCHANDISING_ADMIN OR MERCHANDISING_VIEW",
+  "APP_THRESHOLD_RULE_UPDATE": "MERCHANDISING_ADMIN OR MERCHANDISING_VIEW",
+  "MERCHANDISING_ADMIN": "MERCHANDISING_ADMIN",
+  "THRESHOLD_APP_VIEW": "THRESHOLD_APP_VIEW"
 } as any 
diff --git a/src/services/UserService.ts b/src/services/UserService.ts
@@ -46,19 +46,23 @@ const setUserTimeZone = async (payload: any): Promise <any>  => {
     data: payload
   });
 }
-const getEComStores = async (token: any, partyId: any): Promise<any> => {
+const getEComStores = async (token: any, partyId: any, isAdminUser = false): Promise<any> => {
   try {
     const params = {
       "inputFields": {
-        "storeName_op": "not-empty",
-        partyId
+        "storeName_op": "not-empty"
       },
       "fieldList": ["productStoreId", "storeName"],
       "entityName": "ProductStoreAndRole",
       "distinct": "Y",
       "noConditionFind": "Y",
       "filterByDate": 'Y',
+    } as any
+
+    if(!isAdminUser) {
+      params.inputFields['partyId'] = partyId
     }
+
     const baseURL = store.getters['user/getBaseUrl'];
     const resp = await client({
       url: "performFind",

diff --git a/src/store/modules/user/actions.ts b/src/store/modules/user/actions.ts
@@ -47,18 +47,20 @@ const actions: ActionTree<UserState, RootState> = {
       if (permissionId) {
         // As the token is not yet set in the state passing token headers explicitly
         // TODO Abstract this out, how token is handled should be part of the method not the callee
-        const hasPermission = appPermissions.some((appPermissionId: any) => appPermissionId === permissionId );
+        const hasPermission = appPermissions.some((appPermission: any) => appPermission.action === permissionId);
         // If there are any errors or permission check fails do not allow user to login
-        if (hasPermission) {
+        if (!hasPermission) {
           const permissionError = 'You do not have permission to access the app.';
           showToast(translate(permissionError));
           logger.error("error", permissionError);
           return Promise.reject(new Error(permissionError));
         }
       }
 
+      const isAdminUser = appPermissions.some((appPermission: any) => appPermission?.action === "MERCHANDISING_ADMIN");
+
       const userProfile = await UserService.getUserProfile(token);
-      userProfile.stores = await UserService.getEComStores(token, userProfile.partyId);
+      userProfile.stores = await UserService.getEComStores(token, userProfile.partyId, isAdminUser);
 
       let preferredStore = userProfile.stores.length ?  userProfile.stores[0] : {};