fix(permissions): agents not allowed to update tickets correctly

polonel · Jul 10, 2022 · dba6679 · dba6679
1 parent 6d14741
commit dba6679
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 23 deletions.
diff --git a/src/client/containers/Settings/Permissions/index.jsx b/src/client/containers/Settings/Permissions/index.jsx
@@ -40,7 +40,7 @@ class PermissionsSettingsContainer extends React.Component {
 
   onRoleOrderChanged (e) {
     const children = $(e.target).children('li')
-    let arr = []
+    const arr = []
     for (let i = 0; i < children.length; i++) arr.push($(children[i]).attr('data-key'))
 
     this.props.updateRoleOrder({ roleOrder: arr })
@@ -142,7 +142,6 @@ const mapStateToProps = state => ({
   settings: state.settings.settings
 })
 
-export default connect(
-  mapStateToProps,
-  { fetchRoles, updateRoleOrder, showModal, updateSetting }
-)(PermissionsSettingsContainer)
+export default connect(mapStateToProps, { fetchRoles, updateRoleOrder, showModal, updateSetting })(
+  PermissionsSettingsContainer
+)
diff --git a/src/client/containers/Settings/Permissions/permissionBody.jsx b/src/client/containers/Settings/Permissions/permissionBody.jsx
@@ -129,7 +129,7 @@ class PermissionBody extends React.Component {
 
   onSubmit (e) {
     e.preventDefault()
-    let obj = {}
+    const obj = {}
     obj._id = this.props.role.get('_id')
     if (this.isAdmin) {
       obj.admin = ['*']

diff --git a/src/client/containers/Tickets/SingleTicketContainer.jsx b/src/client/containers/Tickets/SingleTicketContainer.jsx
@@ -273,10 +273,7 @@ class SingleTicketContainer extends React.Component {
       : []
 
     // Perms
-    const hasTicketUpdate =
-      this.ticket &&
-      this.ticket.status !== 3 &&
-      helpers.hasPermOverRole(this.ticket.owner.role, null, 'tickets:update', true)
+    const hasTicketUpdate = this.ticket && this.ticket.status !== 3 && helpers.canUser('tickets:update')
 
     return (
       <div className={'uk-clearfix uk-position-relative'} style={{ width: '100%', height: '100vh' }}>
@@ -295,7 +292,7 @@ class SingleTicketContainer extends React.Component {
                     status={this.ticket.status}
                     socket={this.props.socket}
                     onStatusChange={status => (this.ticket.status = status)}
-                    hasPerm={helpers.hasPermOverRole(this.ticket.owner.role, null, 'tickets:update', true)}
+                    hasPerm={hasTicketUpdate}
                   />
                 </div>
                 {/*  Left Side */}
@@ -859,6 +856,7 @@ SingleTicketContainer.propTypes = {
   ticketId: PropTypes.string.isRequired,
   ticketUid: PropTypes.string.isRequired,
   shared: PropTypes.object.isRequired,
+  sessionUser: PropTypes.object,
   socket: PropTypes.object.isRequired,
   common: PropTypes.object.isRequired,
   ticketTypes: PropTypes.object.isRequired,
@@ -873,6 +871,7 @@ SingleTicketContainer.propTypes = {
 const mapStateToProps = state => ({
   common: state.common.viewdata,
   shared: state.shared,
+  sessionUser: state.shared.sessionUser,
   socket: state.shared.socket,
   ticketTypes: state.ticketsState.types,
   groupsState: state.groupsState

diff --git a/src/controllers/api/v1/roles.js b/src/controllers/api/v1/roles.js
@@ -16,6 +16,7 @@ var _ = require('lodash')
 var async = require('async')
 var userSchema = require('../../../models/user')
 var permissions = require('../../../permissions')
+const socketEventConsts = require('../../../socketio/socketEventConsts')
 
 var rolesV1 = {}
 
@@ -110,7 +111,7 @@ rolesV1.update = function (req, res) {
     role.updateGrantsAndHierarchy(k, hierarchy, function (err) {
       if (err) return res.status(400).json({ success: false, error: err })
 
-      emitter.emit('$trudesk:flushRoles')
+      emitter.emit(socketEventConsts.ROLES_FLUSH)
 
       return res.send('OK')
     })

diff --git a/src/controllers/api/v1/settings.js b/src/controllers/api/v1/settings.js
@@ -19,6 +19,7 @@ var winston = require('winston')
 var sanitizeHtml = require('sanitize-html')
 var SettingsSchema = require('../../../models/setting')
 var settingsUtil = require('../../../settings/settingsUtil')
+const socketEventConsts = require('../../../socketio/socketEventConsts')
 
 var apiSettings = {}
 
@@ -195,15 +196,15 @@ apiSettings.updateRoleOrder = function (req, res) {
       order.save(function (err, order) {
         if (err) return res.status(500).json({ success: false, error: err.message })
 
-        emitter.emit('$trudesk:flushRoles')
+        emitter.emit(socketEventConsts.ROLES_FLUSH)
 
         return res.json({ success: true, roleOrder: order })
       })
     } else {
       order.updateOrder(req.body.roleOrder, function (err, order) {
         if (err) return res.status(400).json({ success: false, error: err.message })
 
-        emitter.emit('$trudesk:flushRoles')
+        emitter.emit(socketEventConsts.ROLES_FLUSH)
 
         return res.json({ success: true, roleOrder: order })
       })

diff --git a/src/public/js/modules/helpers.js b/src/public/js/modules/helpers.js
@@ -1641,8 +1641,8 @@ define([
   }
 
   helpers.canUser = function (a, adminOverride) {
-    var role = window.trudeskSessionService.getUser().role
-    var roles = window.trudeskSessionService.getRoles()
+    let role = window.trudeskSessionService.getUser().role
+    const roles = window.trudeskSessionService.getRoles()
 
     if (adminOverride === true && role.isAdmin) return true
 
@@ -1677,8 +1677,8 @@ define([
   }
 
   helpers.hasHierarchyEnabled = function (roleId) {
-    var roles = window.trudeskSessionService.getRoles()
-    var role = _.find(roles, function (o) {
+    const roles = window.trudeskSessionService.getRoles()
+    const role = _.find(roles, function (o) {
       return o._id.toString() === roleId.toString()
     })
     if (_.isUndefined(role) || _.isUndefined(role.hierarchy)) throw new Error('Invalid Role: ' + roleId)
@@ -1755,6 +1755,7 @@ define([
   helpers.hasPermOverRole = function (ownerRole, extRole, action, adminOverride) {
     if (action && !helpers.canUser(action, adminOverride)) return false
     if (!extRole) extRole = window.trudeskSessionService.getUser().role
+
     if (!_.isObject(ownerRole) || !_.isObject(extRole)) {
       console.log('Invalid Role Sent to helpers.hasPermOverRole. [Must be role obj]')
       console.log('Owner: ' + ownerRole)
@@ -1775,20 +1776,27 @@ define([
       if (extRole && extRole.isAdmin) {
         return true
       } else {
-        var r = window.trudeskSessionService.getRoles()
-        var role = _.find(r, function (_role) {
+        const r = window.trudeskSessionService.getRoles()
+        const role = _.find(r, function (_role) {
           return _role._id.toString() === extRole._id.toString()
         })
         if (!_.isUndefined(role) && role.isAdmin) return true
       }
     }
 
-    var roles = helpers.parseRoleHierarchy(extRole._id)
+    if (!helpers.hasHierarchyEnabled(extRole._id)) {
+      return ownerRole._id === extRole._id
+    }
 
-    var i = _.find(roles, function (o) {
-      return o.toString() === ownerRole.toString()
+    const roles = helpers.parseRoleHierarchy(extRole._id)
+    // console.log('My Role ID: ', extRole._id)
+    // console.log('Hierarchy: ', roles)
+    const i = _.find(roles, function (o) {
+      return o.toString() === ownerRole._id.toString()
     })
 
+    // console.log('Found in Hierarchy: ', i)
+
     return !_.isUndefined(i)
   }