No access role / public by default

This commit is contained in:
Rory Powell 2021-10-12 10:05:57 +01:00
parent c0d46262bf
commit 0d76f5ce22
5 changed files with 67 additions and 16 deletions

View File

@ -34,6 +34,12 @@
const publishedAppsOnly = app => app.status === AppStatus.DEPLOYED const publishedAppsOnly = app => app.status === AppStatus.DEPLOYED
$: publishedApps = $apps.filter(publishedAppsOnly) $: publishedApps = $apps.filter(publishedAppsOnly)
$: userApps = $auth.user?.builder?.global
? publishedApps
: publishedApps.filter(app =>
Object.keys($auth.user?.roles).includes(app.prodId)
)
</script> </script>
{#if $auth.user && loaded} {#if $auth.user && loaded}
@ -82,11 +88,11 @@
</Body> </Body>
</Layout> </Layout>
<Divider /> <Divider />
{#if publishedApps.length} {#if userApps.length}
<Heading>Apps</Heading> <Heading>Apps</Heading>
<div class="group"> <div class="group">
<Layout gap="S" noPadding> <Layout gap="S" noPadding>
{#each publishedApps as app, idx (app.appId)} {#each userApps as app, idx (app.appId)}
<a class="app" target="_blank" href={`/${app.prodId}`}> <a class="app" target="_blank" href={`/${app.prodId}`}>
<div class="preview" use:gradient={{ seed: app.name }} /> <div class="preview" use:gradient={{ seed: app.name }} />
<div class="app-info"> <div class="app-info">

View File

@ -34,9 +34,13 @@
role: {}, role: {},
} }
$: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : "BASIC" const noRoleSchema = {
name: { displayName: "App" },
}
$: defaultRoleId = $userFetch?.data?.builder?.global ? "ADMIN" : ""
// Merge the Apps list and the roles response to get something that makes sense for the table // Merge the Apps list and the roles response to get something that makes sense for the table
$: appList = Object.keys($apps?.data).map(id => { $: allAppList = Object.keys($apps?.data).map(id => {
const roleId = $userFetch?.data?.roles?.[id] || defaultRoleId const roleId = $userFetch?.data?.roles?.[id] || defaultRoleId
const role = $apps?.data?.[id].roles.find(role => role._id === roleId) const role = $apps?.data?.[id].roles.find(role => role._id === roleId)
return { return {
@ -45,6 +49,15 @@
role: [role], role: [role],
} }
}) })
$: appList = allAppList.filter(app => !!app.role[0])
$: noRoleAppList = allAppList
.filter(app => !app.role[0])
.map(app => {
delete app.role
return app
})
let selectedApp let selectedApp
const userFetch = fetchData(`/api/global/users/${userId}`) const userFetch = fetchData(`/api/global/users/${userId}`)
@ -173,6 +186,7 @@
<Divider size="S" /> <Divider size="S" />
<Layout gap="S" noPadding> <Layout gap="S" noPadding>
<Heading size="S">Configure roles</Heading> <Heading size="S">Configure roles</Heading>
<Body>Specify a role to grant access to an app.</Body>
<Table <Table
on:click={openUpdateRolesModal} on:click={openUpdateRolesModal}
schema={roleSchema} schema={roleSchema}
@ -183,6 +197,21 @@
customRenderers={[{ column: "role", component: TagsRenderer }]} customRenderers={[{ column: "role", component: TagsRenderer }]}
/> />
</Layout> </Layout>
<Layout gap="S" noPadding>
<Heading size="XS">No Access</Heading>
<Body
>Apps do not appear in the users portal. Public pages may still be viewed
if visited directly.</Body
>
<Table
on:click={openUpdateRolesModal}
schema={noRoleSchema}
data={noRoleAppList}
allowEditColumns={false}
allowEditRows={false}
allowSelectRows={false}
/>
</Layout>
<Divider size="S" /> <Divider size="S" />
<Layout gap="XS" noPadding> <Layout gap="XS" noPadding>
<Heading size="S">Delete user</Heading> <Heading size="S">Delete user</Heading>

View File

@ -6,22 +6,38 @@
export let app export let app
export let user export let user
const NO_ACCESS = "NO_ACCESS"
const dispatch = createEventDispatcher() const dispatch = createEventDispatcher()
const roles = app.roles const roles = app.roles
let options = roles let options = roles.map(role => ({ value: role._id, label: role.name }))
.filter(role => role._id !== "PUBLIC") options.push({ value: NO_ACCESS, label: "No Access" })
.map(role => ({ value: role._id, label: role.name }))
let selectedRole = user?.roles?.[app?._id] let selectedRole = user?.roles?.[app?._id]
async function updateUserRoles() { async function updateUserRoles() {
const res = await users.save({ let res
...user, if (selectedRole === NO_ACCESS) {
roles: { // remove the user role
...user.roles, const filteredRoles = { ...user.roles }
[app._id]: selectedRole, delete filteredRoles[app?._id]
}, res = await users.save({
}) ...user,
roles: {
...filteredRoles,
},
})
} else {
// add the user role
res = await users.save({
...user,
roles: {
...user.roles,
[app._id]: selectedRole,
},
})
}
if (res.status === 400) { if (res.status === 400) {
notifications.error("Failed to update role") notifications.error("Failed to update role")
} else { } else {

View File

@ -45,7 +45,7 @@ module.exports = async (ctx, next) => {
const globalUser = await getCachedSelf(ctx, requestAppId) const globalUser = await getCachedSelf(ctx, requestAppId)
appId = requestAppId appId = requestAppId
// retrieving global user gets the right role // retrieving global user gets the right role
roleId = globalUser.roleId || BUILTIN_ROLE_IDS.BASIC roleId = globalUser.roleId
} }
// nothing more to do // nothing more to do

View File

@ -26,7 +26,7 @@ exports.updateAppRole = (appId, user) => {
if (!user.roleId && user.builder && user.builder.global) { if (!user.roleId && user.builder && user.builder.global) {
user.roleId = BUILTIN_ROLE_IDS.ADMIN user.roleId = BUILTIN_ROLE_IDS.ADMIN
} else if (!user.roleId) { } else if (!user.roleId) {
user.roleId = BUILTIN_ROLE_IDS.BASIC user.roleId = BUILTIN_ROLE_IDS.PUBLIC
} }
delete user.roles delete user.roles
return user return user