fix(Users Page): Prevents errors when users without "manage roles" scope expand users. (#1451 - [LL-143](https://learningpool.atlassian.net/browse/LL-143))

Author: h-kanazawa

lib/services/auth/filters/getAdminModelFilter.js

@@ -1,5 +1,3 @@
-import includes from 'lodash/includes';
-import intersection from 'lodash/intersection';
 import getScopesFromAuthInfo from 'lib/services/auth/authInfoSelectors/getScopesFromAuthInfo';
 import getOrgFilter from 'lib/services/auth/filters/getOrgFilter';
 import NoAccessError from 'lib/errors/NoAccessError';
@@ -10,18 +8,24 @@ import getModelsFilter,
     checkAllScope
   } from 'lib/services/auth/filters/utils/getModelsFilter';
 
-const adminModelFilter = ({ viewAllScope, editAllScope }) =>
+/**
+ * @param {string[]} _.viewAllScopes
+ * @param {string[]} _.editAllScopes
+ * @return {({ actionName, authInfo }) => Promise}
+ */
+const adminModelFilter = ({ viewAllScopes, editAllScopes }) =>
   async ({ actionName, authInfo }) => {
     const scopes = getScopesFromAuthInfo(authInfo);
 
     switch (actionName) {
       case 'view': {
-        const validScopes = intersection(scopes, [viewAllScope, editAllScope]);
-        if (validScopes.length > 0) return getOrgFilter(authInfo);
+        const hasValidViewScopes = [...viewAllScopes, ...editAllScopes].some(s => scopes.includes(s));
+        if (hasValidViewScopes) return getOrgFilter(authInfo);
         throw new NoAccessError();
       }
       default: {
-        if (includes(scopes, editAllScope)) return getOrgFilter(authInfo);
+        const hasValidEditScopes = editAllScopes.some(s => scopes.includes(s));
+        if (hasValidEditScopes) return getOrgFilter(authInfo);
         throw new NoAccessError();
       }
     }

lib/services/auth/filters/getGlobalModelFilter.js

@@ -1,4 +1,3 @@
-import includes from 'lodash/includes';
 import getScopesFromAuthInfo from 'lib/services/auth/authInfoSelectors/getScopesFromAuthInfo';
 import getOrgFilter from 'lib/services/auth/filters/getOrgFilter';
 import NoAccessError from 'lib/errors/NoAccessError';
@@ -9,7 +8,7 @@ import getModelsFilter,
     checkAllScope
   } from 'lib/services/auth/filters/utils/getModelsFilter';
 
-const globalModelFilter = ({ editAllScope }) =>
+const globalModelFilter = ({ editAllScopes }) =>
   async ({ actionName, authInfo }) => {
     const scopes = getScopesFromAuthInfo(authInfo);
 
@@ -20,13 +19,15 @@ const globalModelFilter = ({ editAllScope }) =>
           case 'organisation':
             return getOrgFilter(authInfo);
           default: {
-            if (includes(scopes, editAllScope)) return getOrgFilter(authInfo);
+            const isValid = editAllScopes.some(s => scopes.includes(s));
+            if (isValid) return getOrgFilter(authInfo);
             throw new NoAccessError();
           }
         }
       }
       default: {
-        if (includes(scopes, editAllScope)) return getOrgFilter(authInfo);
+        const isValid = editAllScopes.some(s => scopes.includes(s));
+        if (isValid) return getOrgFilter(authInfo);
         throw new NoAccessError();
       }
     }

lib/services/auth/filters/getShareableModelFilter.js

@@ -1,5 +1,3 @@
-import includes from 'lodash/includes';
-import intersection from 'lodash/intersection';
 import getScopesFromAuthInfo
   from 'lib/services/auth/authInfoSelectors/getScopesFromAuthInfo';
 import getPublicOrgFilter from 'lib/services/auth/filters/getPublicOrgFilter';
@@ -15,22 +13,22 @@ import getModelsFilter,
 
 
 export const shareableModelFilter = ({
-  viewAllScope,
-  viewPublicScope,
-  editAllScope,
-  editPublicScope
+  viewAllScopes,
+  viewPublicScopes,
+  editAllScopes,
+  editPublicScopes,
 }) => async ({ actionName, authInfo }) => {
   const scopes = getScopesFromAuthInfo(authInfo);
 
   switch (actionName) {
     case 'view': {
-      const validAllScopes = intersection(scopes, [viewAllScope, editAllScope]);
-      if (validAllScopes.length > 0) {
+      const hasValidAllScopes = [...viewAllScopes, ...editAllScopes].some(s => scopes.includes(s));
+      if (hasValidAllScopes) {
         return getOrgFilter(authInfo);
       }
 
-      const validPublicScopes = intersection(scopes, [viewPublicScope, editPublicScope]);
-      if (validPublicScopes.length > 0) {
+      const hasValidPublicScopes = [...viewPublicScopes, ...editPublicScopes].some(s => scopes.includes(s));
+      if (hasValidPublicScopes) {
         return getPublicOrgFilter(authInfo);
       }
 
@@ -42,10 +40,10 @@ export const shareableModelFilter = ({
       return privateFilter;
     }
     default: {
-      if (includes(scopes, editAllScope)) {
+      if (editAllScopes.some(s => scopes.includes(s))) {
         return getOrgFilter(authInfo);
       }
-      if (includes(scopes, editPublicScope)) {
+      if (editPublicScopes.some(s => scopes.includes(s))) {
         return getPublicOrgFilter(authInfo);
       }
       const privateFilter = getPrivateOrgFilter(authInfo);

lib/services/auth/modelFilters/client.js

@@ -3,6 +3,6 @@ import getAdminModelFilter
   from 'lib/services/auth/filters/getAdminModelFilter';
 
 export default getAdminModelFilter({
-  viewAllScope: MANAGE_ALL_CLIENTS,
-  editAllScope: MANAGE_ALL_CLIENTS,
+  viewAllScopes: [MANAGE_ALL_CLIENTS],
+  editAllScopes: [MANAGE_ALL_CLIENTS],
 });

lib/services/auth/modelFilters/dashboard.js

@@ -48,10 +48,10 @@ export const filters = [
 ];
 
 export default getModelsFilter({
-  viewAllScope: VIEW_ALL_DASHBOARDS,
-  editAllScope: EDIT_ALL_DASHBOARDS,
-  viewPublicScope: VIEW_PUBLIC_DASHBOARDS,
-  editPublicScope: EDIT_PUBLIC_DASHBOARDS,
+  viewAllScopes: [VIEW_ALL_DASHBOARDS],
+  editAllScopes: [EDIT_ALL_DASHBOARDS],
+  viewPublicScopes: [VIEW_PUBLIC_DASHBOARDS],
+  editPublicScopes: [EDIT_PUBLIC_DASHBOARDS],
   allowedTokenTypes: ['organisation', 'dashboard', 'client'],
   filters
 });

lib/services/auth/modelFilters/download.js

@@ -8,8 +8,8 @@ import getShareableModelFilter
   from 'lib/services/auth/filters/getShareableModelFilter';
 
 export default getShareableModelFilter({
-  viewAllScope: VIEW_ALL_DOWNLOADS,
-  editAllScope: EDIT_ALL_DOWNLOADS,
-  viewPublicScope: VIEW_PUBLIC_DOWNLOADS,
-  editPublicScope: EDIT_PUBLIC_DOWNLOADS
+  viewAllScopes: [VIEW_ALL_DOWNLOADS],
+  editAllScopes: [EDIT_ALL_DOWNLOADS],
+  viewPublicScopes: [VIEW_PUBLIC_DOWNLOADS],
+  editPublicScopes: [EDIT_PUBLIC_DOWNLOADS],
 });

lib/services/auth/modelFilters/export.js

@@ -8,8 +8,8 @@ import getShareableModelFilter
   from 'lib/services/auth/filters/getShareableModelFilter';
 
 export default getShareableModelFilter({
-  viewAllScope: VIEW_ALL_EXPORTS,
-  editAllScope: EDIT_ALL_EXPORTS,
-  viewPublicScope: VIEW_PUBLIC_EXPORTS,
-  editPublicScope: EDIT_PUBLIC_EXPORTS
+  viewAllScopes: [VIEW_ALL_EXPORTS],
+  editAllScopes: [EDIT_ALL_EXPORTS],
+  viewPublicScopes: [VIEW_PUBLIC_EXPORTS],
+  editPublicScopes: [EDIT_PUBLIC_EXPORTS],
 });

lib/services/auth/modelFilters/lrs.js

@@ -3,5 +3,5 @@ import getGlobalModelFilter
   from 'lib/services/auth/filters/getGlobalModelFilter';
 
 export default getGlobalModelFilter({
-  editAllScope: MANAGE_ALL_STORES,
+  editAllScopes: [MANAGE_ALL_STORES],
 });

lib/services/auth/modelFilters/persona.js

@@ -3,5 +3,5 @@ import getGlobalModelFilter
   from 'lib/services/auth/filters/getGlobalModelFilter';
 
 export default getGlobalModelFilter({
-  editAllScope: MANAGE_ALL_PERSONAS,
+  editAllScopes: [MANAGE_ALL_PERSONAS],
 });

lib/services/auth/modelFilters/query.js

@@ -8,8 +8,8 @@ import getShareableModelFilter
   from 'lib/services/auth/filters/getShareableModelFilter';
 
 export default getShareableModelFilter({
-  viewAllScope: VIEW_ALL_QUERIES,
-  editAllScope: EDIT_ALL_QUERIES,
-  viewPublicScope: VIEW_PUBLIC_QUERIES,
-  editPublicScope: EDIT_PUBLIC_QUERIES
+  viewAllScopes: [VIEW_ALL_QUERIES],
+  editAllScopes: [EDIT_ALL_QUERIES],
+  viewPublicScopes: [VIEW_PUBLIC_QUERIES],
+  editPublicScopes: [EDIT_PUBLIC_QUERIES],
 });