Skip to content

fix(Users Page): Prevents errors when users without "manage roles" scope expand users. (LL-143) #1451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ryasmi merged 3 commits into from
Sep 20, 2019
Merged

fix(Users Page): Prevents errors when users without "manage roles" scope expand users. (LL-143) #1451

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
da99cba
Change viewAllScope and editAllScope to array viewAllScopes and editA…
h-kanazawa Sep 11, 2019
80e401a
Change viewPublicScope and editPublicScope to array viewPublicScopes …
h-kanazawa Sep 11, 2019
f54f05f
Merge branch 'master' into LL-143-user/manage-scope-can-not-get-roles
ryasmi Sep 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 10 additions & 6 deletions lib/services/auth/filters/getAdminModelFilter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
import includes from 'lodash/includes';
import intersection from 'lodash/intersection';
import getScopesFromAuthInfo from 'lib/services/auth/authInfoSelectors/getScopesFromAuthInfo';
import getOrgFilter from 'lib/services/auth/filters/getOrgFilter';
import NoAccessError from 'lib/errors/NoAccessError';
Expand All @@ -10,18 +8,24 @@ import getModelsFilter,
checkAllScope
} from 'lib/services/auth/filters/utils/getModelsFilter';

const adminModelFilter = ({ viewAllScope, editAllScope }) =>
/**
* @param {string[]} _.viewAllScopes
* @param {string[]} _.editAllScopes
* @return {({ actionName, authInfo }) => Promise}
*/
const adminModelFilter = ({ viewAllScopes, editAllScopes }) =>
async ({ actionName, authInfo }) => {
const scopes = getScopesFromAuthInfo(authInfo);

switch (actionName) {
case 'view': {
const validScopes = intersection(scopes, [viewAllScope, editAllScope]);
if (validScopes.length > 0) return getOrgFilter(authInfo);
const hasValidViewScopes = [...viewAllScopes, ...editAllScopes].some(s => scopes.includes(s));
Copy link
Contributor Author

@h-kanazawa h-kanazawa Sep 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The type of viewAllScope was string. viewAllScopes is string[].

if (hasValidViewScopes) return getOrgFilter(authInfo);
throw new NoAccessError();
}
default: {
if (includes(scopes, editAllScope)) return getOrgFilter(authInfo);
const hasValidEditScopes = editAllScopes.some(s => scopes.includes(s));
if (hasValidEditScopes) return getOrgFilter(authInfo);
throw new NoAccessError();
}
}
Expand Down
9 changes: 5 additions & 4 deletions lib/services/auth/filters/getGlobalModelFilter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import includes from 'lodash/includes';
import getScopesFromAuthInfo from 'lib/services/auth/authInfoSelectors/getScopesFromAuthInfo';
import getOrgFilter from 'lib/services/auth/filters/getOrgFilter';
import NoAccessError from 'lib/errors/NoAccessError';
Expand All @@ -9,7 +8,7 @@ import getModelsFilter,
checkAllScope
} from 'lib/services/auth/filters/utils/getModelsFilter';

const globalModelFilter = ({ editAllScope }) =>
const globalModelFilter = ({ editAllScopes }) =>
async ({ actionName, authInfo }) => {
const scopes = getScopesFromAuthInfo(authInfo);

Expand All @@ -20,13 +19,15 @@ const globalModelFilter = ({ editAllScope }) =>
case 'organisation':
return getOrgFilter(authInfo);
default: {
if (includes(scopes, editAllScope)) return getOrgFilter(authInfo);
const isValid = editAllScopes.some(s => scopes.includes(s));
if (isValid) return getOrgFilter(authInfo);
throw new NoAccessError();
}
}
}
default: {
if (includes(scopes, editAllScope)) return getOrgFilter(authInfo);
const isValid = editAllScopes.some(s => scopes.includes(s));
if (isValid) return getOrgFilter(authInfo);
throw new NoAccessError();
}
}
Expand Down
22 changes: 10 additions & 12 deletions lib/services/auth/filters/getShareableModelFilter.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
import includes from 'lodash/includes';
import intersection from 'lodash/intersection';
import getScopesFromAuthInfo
from 'lib/services/auth/authInfoSelectors/getScopesFromAuthInfo';
import getPublicOrgFilter from 'lib/services/auth/filters/getPublicOrgFilter';
Expand All @@ -15,22 +13,22 @@ import getModelsFilter,


export const shareableModelFilter = ({
viewAllScope,
viewPublicScope,
editAllScope,
editPublicScope
viewAllScopes,
viewPublicScopes,
editAllScopes,
editPublicScopes,
}) => async ({ actionName, authInfo }) => {
const scopes = getScopesFromAuthInfo(authInfo);

switch (actionName) {
case 'view': {
const validAllScopes = intersection(scopes, [viewAllScope, editAllScope]);
if (validAllScopes.length > 0) {
const hasValidAllScopes = [...viewAllScopes, ...editAllScopes].some(s => scopes.includes(s));
if (hasValidAllScopes) {
return getOrgFilter(authInfo);
}

const validPublicScopes = intersection(scopes, [viewPublicScope, editPublicScope]);
if (validPublicScopes.length > 0) {
const hasValidPublicScopes = [...viewPublicScopes, ...editPublicScopes].some(s => scopes.includes(s));
if (hasValidPublicScopes) {
return getPublicOrgFilter(authInfo);
}

Expand All @@ -42,10 +40,10 @@ export const shareableModelFilter = ({
return privateFilter;
}
default: {
if (includes(scopes, editAllScope)) {
if (editAllScopes.some(s => scopes.includes(s))) {
return getOrgFilter(authInfo);
}
if (includes(scopes, editPublicScope)) {
if (editPublicScopes.some(s => scopes.includes(s))) {
return getPublicOrgFilter(authInfo);
}
const privateFilter = getPrivateOrgFilter(authInfo);
Expand Down
4 changes: 2 additions & 2 deletions lib/services/auth/modelFilters/client.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ import getAdminModelFilter
from 'lib/services/auth/filters/getAdminModelFilter';

export default getAdminModelFilter({
viewAllScope: MANAGE_ALL_CLIENTS,
editAllScope: MANAGE_ALL_CLIENTS,
viewAllScopes: [MANAGE_ALL_CLIENTS],
editAllScopes: [MANAGE_ALL_CLIENTS],
});
8 changes: 4 additions & 4 deletions lib/services/auth/modelFilters/dashboard.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@ export const filters = [
];

export default getModelsFilter({
viewAllScope: VIEW_ALL_DASHBOARDS,
editAllScope: EDIT_ALL_DASHBOARDS,
viewPublicScope: VIEW_PUBLIC_DASHBOARDS,
editPublicScope: EDIT_PUBLIC_DASHBOARDS,
viewAllScopes: [VIEW_ALL_DASHBOARDS],
editAllScopes: [EDIT_ALL_DASHBOARDS],
viewPublicScopes: [VIEW_PUBLIC_DASHBOARDS],
editPublicScopes: [EDIT_PUBLIC_DASHBOARDS],
allowedTokenTypes: ['organisation', 'dashboard', 'client'],
filters
});
8 changes: 4 additions & 4 deletions lib/services/auth/modelFilters/download.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ import getShareableModelFilter
from 'lib/services/auth/filters/getShareableModelFilter';

export default getShareableModelFilter({
viewAllScope: VIEW_ALL_DOWNLOADS,
editAllScope: EDIT_ALL_DOWNLOADS,
viewPublicScope: VIEW_PUBLIC_DOWNLOADS,
editPublicScope: EDIT_PUBLIC_DOWNLOADS
viewAllScopes: [VIEW_ALL_DOWNLOADS],
editAllScopes: [EDIT_ALL_DOWNLOADS],
viewPublicScopes: [VIEW_PUBLIC_DOWNLOADS],
editPublicScopes: [EDIT_PUBLIC_DOWNLOADS],
});
8 changes: 4 additions & 4 deletions lib/services/auth/modelFilters/export.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ import getShareableModelFilter
from 'lib/services/auth/filters/getShareableModelFilter';

export default getShareableModelFilter({
viewAllScope: VIEW_ALL_EXPORTS,
editAllScope: EDIT_ALL_EXPORTS,
viewPublicScope: VIEW_PUBLIC_EXPORTS,
editPublicScope: EDIT_PUBLIC_EXPORTS
viewAllScopes: [VIEW_ALL_EXPORTS],
editAllScopes: [EDIT_ALL_EXPORTS],
viewPublicScopes: [VIEW_PUBLIC_EXPORTS],
editPublicScopes: [EDIT_PUBLIC_EXPORTS],
});
2 changes: 1 addition & 1 deletion lib/services/auth/modelFilters/lrs.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ import getGlobalModelFilter
from 'lib/services/auth/filters/getGlobalModelFilter';

export default getGlobalModelFilter({
editAllScope: MANAGE_ALL_STORES,
editAllScopes: [MANAGE_ALL_STORES],
});
2 changes: 1 addition & 1 deletion lib/services/auth/modelFilters/persona.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ import getGlobalModelFilter
from 'lib/services/auth/filters/getGlobalModelFilter';

export default getGlobalModelFilter({
editAllScope: MANAGE_ALL_PERSONAS,
editAllScopes: [MANAGE_ALL_PERSONAS],
});
8 changes: 4 additions & 4 deletions lib/services/auth/modelFilters/query.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ import getShareableModelFilter
from 'lib/services/auth/filters/getShareableModelFilter';

export default getShareableModelFilter({
viewAllScope: VIEW_ALL_QUERIES,
editAllScope: EDIT_ALL_QUERIES,
viewPublicScope: VIEW_PUBLIC_QUERIES,
editPublicScope: EDIT_PUBLIC_QUERIES
viewAllScopes: [VIEW_ALL_QUERIES],
editAllScopes: [EDIT_ALL_QUERIES],
viewPublicScopes: [VIEW_PUBLIC_QUERIES],
editPublicScopes: [EDIT_PUBLIC_QUERIES],
});
2 changes: 1 addition & 1 deletion lib/services/auth/modelFilters/querybuildercache.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ import getGlobalModelFilter
from 'lib/services/auth/filters/getGlobalModelFilter';

export default getGlobalModelFilter({
editAllScope: ALL,
editAllScopes: [ALL],
});
6 changes: 3 additions & 3 deletions lib/services/auth/modelFilters/role.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import { MANAGE_ALL_ROLES } from 'lib/constants/orgScopes';
import { MANAGE_ALL_ROLES, MANAGE_ALL_USERS } from 'lib/constants/orgScopes';
import getAdminModelFilter
from 'lib/services/auth/filters/getAdminModelFilter';

export default getAdminModelFilter({
viewAllScope: MANAGE_ALL_ROLES,
editAllScope: MANAGE_ALL_ROLES,
viewAllScopes: [MANAGE_ALL_ROLES, MANAGE_ALL_USERS],
Copy link
Contributor Author

@h-kanazawa h-kanazawa Sep 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changing fixes the LL-143. MANAGE_ALL_USERS scope can view roles.

editAllScopes: [MANAGE_ALL_ROLES],
});
8 changes: 4 additions & 4 deletions lib/services/auth/modelFilters/statementForwarding.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ import {
import getShareableModelFilter from 'lib/services/auth/filters/getShareableModelFilter';

export default getShareableModelFilter({
viewAllScope: VIEW_ALL_STATEMENTFORWARDING,
editAllScope: EDIT_ALL_STATEMENTFORWARDING,
viewPublicScope: VIEW_PUBLIC_STATEMENTFORWARDING,
editPublicScope: EDIT_PUBLIC_STATEMENTFORWARDING,
viewAllScopes: [VIEW_ALL_STATEMENTFORWARDING],
editAllScopes: [EDIT_ALL_STATEMENTFORWARDING],
viewPublicScopes: [VIEW_PUBLIC_STATEMENTFORWARDING],
editPublicScopes: [EDIT_PUBLIC_STATEMENTFORWARDING],
});
8 changes: 4 additions & 4 deletions lib/services/auth/modelFilters/visualisation.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,10 @@ const filters = [
];

export default getModelsFilter({
viewAllScope: VIEW_ALL_VISUALISATIONS,
editAllScope: EDIT_ALL_VISUALISATIONS,
viewPublicScope: VIEW_PUBLIC_VISUALISATIONS,
editPublicScope: EDIT_PUBLIC_VISUALISATIONS,
viewAllScopes: [VIEW_ALL_VISUALISATIONS],
editAllScopes: [EDIT_ALL_VISUALISATIONS],
viewPublicScopes: [VIEW_PUBLIC_VISUALISATIONS],
editPublicScopes: [EDIT_PUBLIC_VISUALISATIONS],
allowedTokenTypes: ['organisation', 'dashboard', 'client'],
filters
});
4 changes: 2 additions & 2 deletions lib/services/auth/tests/modelFilters/client-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,6 @@ import { MANAGE_ALL_CLIENTS } from 'lib/constants/orgScopes';

testAdminModel({
modelName: 'client',
viewAllScope: MANAGE_ALL_CLIENTS,
editAllScope: MANAGE_ALL_CLIENTS,
viewAllScopes: [MANAGE_ALL_CLIENTS],
editAllScopes: [MANAGE_ALL_CLIENTS],
});
8 changes: 4 additions & 4 deletions lib/services/auth/tests/modelFilters/dashboard-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ import testDashScopeFilter
describe('dashboard-test', () => {
testShareableModel({
modelName: 'dashboard',
viewAllScope: VIEW_ALL_DASHBOARDS,
editAllScope: EDIT_ALL_DASHBOARDS,
viewPublicScope: VIEW_PUBLIC_DASHBOARDS,
editPublicScope: EDIT_PUBLIC_DASHBOARDS,
viewAllScopes: [VIEW_ALL_DASHBOARDS],
editAllScopes: [EDIT_ALL_DASHBOARDS],
viewPublicScopes: [VIEW_PUBLIC_DASHBOARDS],
editPublicScopes: [EDIT_PUBLIC_DASHBOARDS],
});

testDashScopeFilter('dashboard', 'view', [VIEW_SHAREABLE_DASHBOARD], TEST_DASH_DASHBOARD_FILTER);
Expand Down
8 changes: 4 additions & 4 deletions lib/services/auth/tests/modelFilters/download-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import {

testShareableModel({
modelName: 'download',
viewAllScope: VIEW_ALL_DOWNLOADS,
editAllScope: EDIT_ALL_DOWNLOADS,
viewPublicScope: VIEW_PUBLIC_DOWNLOADS,
editPublicScope: EDIT_PUBLIC_DOWNLOADS
viewAllScopes: [VIEW_ALL_DOWNLOADS],
editAllScopes: [EDIT_ALL_DOWNLOADS],
viewPublicScopes: [VIEW_PUBLIC_DOWNLOADS],
editPublicScopes: [EDIT_PUBLIC_DOWNLOADS],
});
8 changes: 4 additions & 4 deletions lib/services/auth/tests/modelFilters/export-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import {

testShareableModel({
modelName: 'export',
viewAllScope: VIEW_ALL_EXPORTS,
editAllScope: EDIT_ALL_EXPORTS,
viewPublicScope: VIEW_PUBLIC_EXPORTS,
editPublicScope: EDIT_PUBLIC_EXPORTS
viewAllScopes: [VIEW_ALL_EXPORTS],
editAllScopes: [EDIT_ALL_EXPORTS],
viewPublicScopes: [VIEW_PUBLIC_EXPORTS],
editPublicScopes: [EDIT_PUBLIC_EXPORTS],
});
2 changes: 1 addition & 1 deletion lib/services/auth/tests/modelFilters/lrs-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@ import { MANAGE_ALL_STORES } from 'lib/constants/orgScopes';

testGlobalModel({
modelName: 'lrs',
editAllScope: MANAGE_ALL_STORES,
editAllScopes: [MANAGE_ALL_STORES],
});
2 changes: 1 addition & 1 deletion lib/services/auth/tests/modelFilters/persona-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ import { MANAGE_ALL_PERSONAS } from 'lib/constants/orgScopes';

testGlobalModel({
modelName: 'persona',
editAllScope: MANAGE_ALL_PERSONAS,
editAllScopes: [MANAGE_ALL_PERSONAS],
});
8 changes: 4 additions & 4 deletions lib/services/auth/tests/modelFilters/query-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import {

testShareableModel({
modelName: 'query',
viewAllScope: VIEW_ALL_QUERIES,
editAllScope: EDIT_ALL_QUERIES,
viewPublicScope: VIEW_PUBLIC_QUERIES,
editPublicScope: EDIT_PUBLIC_QUERIES
viewAllScopes: [VIEW_ALL_QUERIES],
editAllScopes: [EDIT_ALL_QUERIES],
viewPublicScopes: [VIEW_PUBLIC_QUERIES],
editPublicScopes: [EDIT_PUBLIC_QUERIES],
});
6 changes: 3 additions & 3 deletions lib/services/auth/tests/modelFilters/role-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
import testAdminModel from 'lib/services/auth/tests/utils/testAdminModel';
import { MANAGE_ALL_ROLES } from 'lib/constants/orgScopes';
import { MANAGE_ALL_ROLES, MANAGE_ALL_USERS } from 'lib/constants/orgScopes';

testAdminModel({
modelName: 'role',
viewAllScope: MANAGE_ALL_ROLES,
editAllScope: MANAGE_ALL_ROLES,
viewAllScopes: [MANAGE_ALL_ROLES, MANAGE_ALL_USERS],
editAllScopes: [MANAGE_ALL_ROLES],
});
8 changes: 4 additions & 4 deletions lib/services/auth/tests/modelFilters/statementForwarding-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ import {

testShareableModel({
modelName: 'statementforwarding',
viewAllScope: VIEW_ALL_STATEMENTFORWARDING,
editAllScope: EDIT_ALL_STATEMENTFORWARDING,
viewPublicScope: VIEW_PUBLIC_STATEMENTFORWARDING,
editPublicScope: EDIT_PUBLIC_STATEMENTFORWARDING,
viewAllScopes: [VIEW_ALL_STATEMENTFORWARDING],
editAllScopes: [EDIT_ALL_STATEMENTFORWARDING],
viewPublicScopes: [VIEW_PUBLIC_STATEMENTFORWARDING],
editPublicScopes: [EDIT_PUBLIC_STATEMENTFORWARDING],
});
8 changes: 4 additions & 4 deletions lib/services/auth/tests/modelFilters/visualisation-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ import testDashScopeFilter
describe('test visualisation model', () => {
testShareableModel({
modelName: 'visualisation',
viewAllScope: VIEW_ALL_VISUALISATIONS,
editAllScope: EDIT_ALL_VISUALISATIONS,
viewPublicScope: VIEW_PUBLIC_VISUALISATIONS,
editPublicScope: EDIT_PUBLIC_VISUALISATIONS,
viewAllScopes: [VIEW_ALL_VISUALISATIONS],
editAllScopes: [EDIT_ALL_VISUALISATIONS],
viewPublicScopes: [VIEW_PUBLIC_VISUALISATIONS],
editPublicScopes: [EDIT_PUBLIC_VISUALISATIONS],
});

testDashScopeFilter('visualisation', 'view', [VIEW_SHAREABLE_DASHBOARD], TEST_DASH_FILTER);
Expand Down
Loading