3840 - Fix fetch external dependencies data auth (#3841)

* 3840 - Fix fetch external dependencies data auth * 3840 - Hide Links in admin page
openforis · Jun 17, 2024 · 3e1f86b · 3e1f86b
1 parent 6143de3
commit 3e1f86b
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 27 deletions.
diff --git a/src/client/pages/Admin/Admin.tsx b/src/client/pages/Admin/Admin.tsx
@@ -30,10 +30,10 @@ const sections: Array<Section> = [
     name: SectionNames.Admin.userManagement,
     labelKey: 'landing.sections.userManagement',
   },
-  {
-    name: SectionNames.Admin.links,
-    labelKey: 'landing.links.links',
-  },
+  // {
+  //   name: SectionNames.Admin.links,
+  //   labelKey: 'landing.links.links',
+  // },
   // { name: 'dataExport', labelKey: 'common.dataExport' },
 ]
 

diff --git a/src/client/pages/Section/hooks/useGetTableData/useGetTableData.ts b/src/client/pages/Section/hooks/useGetTableData/useGetTableData.ts
@@ -38,9 +38,10 @@ export const useGetTableData = (props: Props) => {
       }
 
       // fetch external dependencies
+      const auth = { assessmentName, cycleName }
       Object.entries(external).forEach(([assessmentName, cycleDependencies]) => {
         Object.entries(cycleDependencies).forEach(([cycleName, tableNames]) => {
-          const propsFetch = { assessmentName, cycleName, countryIso, mergeOdp: true }
+          const propsFetch = { assessmentName, cycleName, countryIso, mergeOdp: true, auth }
           dispatch(DataActions.getTableData({ ...propsFetch, tableNames: Array.from(tableNames) }))
 
           dispatch(AssessmentActions.getMetaCache({ assessmentName, cycleName }))

diff --git a/src/client/store/data/actions/getTableData.ts b/src/client/store/data/actions/getTableData.ts
@@ -3,17 +3,20 @@ import axios from 'axios'
 
 import { ApiEndPoint } from 'meta/api/endpoint'
 import { CycleParams } from 'meta/api/request'
+import { AssessmentName, CycleName } from 'meta/assessment'
 import { RecordAssessmentData } from 'meta/data'
 
 type Props = CycleParams & {
-  tableNames: Array<string>
+  auth?: { assessmentName: AssessmentName; cycleName: CycleName }
   mergeOdp?: boolean
+  tableNames: Array<string>
 }
 
 export const getTableData = createAsyncThunk<RecordAssessmentData, Props>('data/tableData/get', async (props) => {
-  const { countryIso, assessmentName, cycleName, tableNames, mergeOdp = false } = props
+  const { auth, countryIso, assessmentName, cycleName, tableNames, mergeOdp = false } = props
 
-  const params = { assessmentName, countryIso, cycleName, tableNames, countryISOs: [countryIso], mergeOdp }
+  const authContext = auth ? encodeURIComponent(JSON.stringify(auth)) : undefined
+  const params = { assessmentName, countryIso, cycleName, tableNames, countryISOs: [countryIso], mergeOdp, authContext }
   const { data } = await axios.get(ApiEndPoint.CycleData.Table.tableData(), { params })
 
   return data

diff --git a/src/meta/api/request/index.ts b/src/meta/api/request/index.ts
@@ -5,6 +5,7 @@ import { AssessmentName, CycleName, SectionName } from 'meta/assessment'
 
 // base params
 export type CycleParams = {
+  authContext?: string // authContext is a string created as encodeURIComponent(JSON.stringify({assessmentName, cycleName}))
   assessmentName: AssessmentName
   countryIso: CountryIso
   cycleName: CycleName

diff --git a/src/server/api/cycleData/table/getTableData.ts b/src/server/api/cycleData/table/getTableData.ts
@@ -34,16 +34,8 @@ export const getTableData = async (req: GetTableDataRequest, res: Response) => {
 
     const { assessment, cycle } = await AssessmentController.getOneWithCycle({ assessmentName, cycleName })
 
-    const table = await CycleDataController.getTableData({
-      assessment,
-      cycle,
-      countryISOs,
-      tableNames,
-      variables,
-      columns,
-      mergeOdp,
-      aggregate,
-    })
+    const props = { assessment, cycle, countryISOs, tableNames, variables, columns, mergeOdp, aggregate }
+    const table = await CycleDataController.getTableData(props)
 
     Requests.send(res, table)
   } catch (e) {

diff --git a/src/server/middleware/auth.ts b/src/server/middleware/auth.ts
@@ -1,9 +1,10 @@
 import { NextFunction, Request, Response } from 'express'
 
 import { CycleDataParams, CycleParams } from 'meta/api/request'
-import { CountryIso } from 'meta/area'
+import { AreaCode, Areas, Country, CountryIso } from 'meta/area'
+import { Assessment, Cycle } from 'meta/assessment'
 import { MessageTopicStatus } from 'meta/messageCenter'
-import { Authorizer, CollaboratorEditPropertyType, Users } from 'meta/user'
+import { Authorizer, CollaboratorEditPropertyType, User, Users } from 'meta/user'
 
 import { AreaController } from 'server/controller/area'
 import { AssessmentController } from 'server/controller/assessment'
@@ -17,6 +18,28 @@ const _next = (allowed: boolean, next: NextFunction): void => {
   if (allowed) return next()
   return next(new Error(`userNotAuthorized`))
 }
+
+// TODO (future task): refactor auth with subfiles and use _getAuthCycleProps where needed
+type AuthCycleProps = { assessment: Assessment; cycle: Cycle; country?: Country; countryIso: AreaCode; user: User }
+
+const _getAuthCycleProps = async (req: Request, next: NextFunction): Promise<AuthCycleProps> => {
+  const params = { ...req.params, ...req.query, ...req.body } as CycleParams & { authContext?: string }
+  const { authContext, countryIso } = params
+  const { assessmentName, cycleName } = authContext ? JSON.parse(decodeURIComponent(authContext)) : params
+
+  if (!countryIso || !assessmentName || !cycleName) {
+    next(new Error(`missingParam ${JSON.stringify({ countryIso, assessmentName, cycleName })}`))
+  }
+
+  const { assessment, cycle } = await AssessmentController.getOneWithCycle({ assessmentName, cycleName })
+  const country = Areas.isISOCountry(countryIso)
+    ? await AreaController.getCountry({ assessment, cycle, countryIso })
+    : undefined
+  const user = Requests.getUser(req)
+
+  return { assessment, cycle, country, countryIso, user }
+}
+
 const requireEditCountryProps = async (req: Request, _res: Response, next: NextFunction) => {
   const { assessmentName, countryIso, cycleName } = { ...req.params, ...req.query, ...req.body } as CycleParams
   const user = Requests.getUser(req)
@@ -55,13 +78,7 @@ const requireEditTableData = async (req: Request, _res: Response, next: NextFunc
 }
 
 const requireView = async (req: Request, _res: Response, next: NextFunction) => {
-  const { countryIso, assessmentName, cycleName } = { ...req.params, ...req.query } as CycleParams
-  if (!countryIso || !assessmentName || !cycleName) {
-    next(new Error(`missingParam ${JSON.stringify({ countryIso, assessmentName, cycleName })}`))
-  }
-  const user = Requests.getUser(req)
-
-  const { assessment, cycle } = await AssessmentController.getOneWithCycle({ assessmentName, cycleName })
+  const { assessment, cycle, countryIso, user } = await _getAuthCycleProps(req, next)
 
   _next(Authorizer.canView({ assessment, user, countryIso, cycle }), next)
 }