Nathan separate edit time entry permissions#924
Conversation
one-community
added
the
High Priority - Please Review First
|
Hello, I tested the code and I have not seen any issues or warning related to the functionality itself. |
mSharifHub
left a comment
mSharifHub
left a comment
There was a problem hiding this comment.
I would suggest a middleware approach to check for permissions to keep code more organized and easy to understand
I would suggest the following:
`const { hasPermission } = require('./permissions');
function requirePermission(permission) {
return async function(req, res, next) {
const hasPerm = await hasPermission(req.body.requestor, permission);
if (!hasPerm) {
return res.status(403).send({ error: 'You do not have the required permission' });
}
next();
};
}
module.exports = {
requirePermission
};`
besides this. the code functionality works as expected. I took a screen shot in the comments sections and have not noticed any issues.
nathcarnevalli
left a comment
nathcarnevalli
left a comment
There was a problem hiding this comment.
I tested every permission and all of them worked for me without any issues. Great job! However, I've found some problems with the frontend that I'll review on PR #2221.
hbodgal
left a comment
hbodgal
left a comment
There was a problem hiding this comment.
I was able to give permission and access it from volunteer account. I did not face any difficulties.
|
I've left a detailed review in the front-end PR: OneCommunityGlobal/HighestGoodNetworkApp#2221 (review) |
Wenboooooo
left a comment
Wenboooooo
left a comment
There was a problem hiding this comment.
Looks good to me, all functions can be edited.
|
I have tested it and the #2221 frontend. It works well when I try to edit the time entries. But if I got it right, this change is to make this feature divided into different parts. I only add the 'edit Timelog description', but it seems that I can edit all the parts... |
Sandhya1236
left a comment
Sandhya1236
left a comment
There was a problem hiding this comment.
I checked out the current branch, ran npm install and necessary commands to set up the PR locally, and cleared the site data/cache. As the owner user, I navigated to Dashboard → Other Links → Permissions Management → Manage User Permissions. I granted a volunteer account each of the listed permissions (editTimeEntryTime, editTimeEntryDescription, editTimeEntryDate, editTimeEntryToggleTangible, and toggleTangibleTime) individually. I logged into the volunteer account in an incognito window and tested each granted permission successfully. After logging out of the volunteer account, I repeated this process for each permission. All tests were successful, confirming that the permission management functionality works as intended.
Parth-tech
left a comment
Parth-tech
left a comment
There was a problem hiding this comment.
Hey Nathan,
The codebase looks great and the required functionality works as intended. Great job! I have left a detailed review on the front-end repo, review link.
|
Hi Nathan, I left a detailed review for the frontend PR. |
There was a problem hiding this comment.
This looks good to me.
Here's my frontend review
|
Thank you all, merging! |
13 participants
Description
This PR divides the
editTimeEntrypermission into several subpermissions controlling each part which can be edited (date, isTangible, time, and description).Related PRS (if any):
To test this backend PR you need to checkout the #2221 frontend PR.
Main changes explained:
PermissionsConst.jseditTimeEntrywitheditTimeEntryTime,editTimeEntryDescription,editTimeEntryDate,editTimeEntryToggleTangible(change tangibility for other users' time entries), andtoggleTangibleTime(change tangibility for own time entries)How to test:
npm installand...to run this PR locallyeditTimeEntryTime,editTimeEntryDescription,editTimeEntryDate,editTimeEntryToggleTangible, andtoggleTangibleTime)Notes
Check the Permissions Management spreadsheet or the descriptions in the Permissions Management Page for desired behaviors of permissions
https://docs.google.com/spreadsheets/d/1TfiJY9OLDZuyP2UgF0C1wI9tOSLKbS9MiJFH6n1Dsao/edit#gid=0