From ad4133a77785e21a32ab8d100e2ebebac0d491fe Mon Sep 17 00:00:00 2001
From: Andrew Kingston <andrew@kingston.dev>
Date: Fri, 13 Jan 2023 08:29:18 +0000
Subject: [PATCH] Allow readonly access to users and groups for developer users

---
 .../pages/builder/portal/account/usage.svelte | 13 ++++--
 .../portal/users/groups/[groupId].svelte      | 31 ++++++++------
 .../RemoveUserTableRenderer.svelte            |  5 ++-
 .../builder/portal/users/groups/index.svelte  |  5 ++-
 .../portal/users/users/[userId].svelte        | 41 +++++++++++++------
 .../RemoveGroupTableRenderer.svelte           |  5 ++-
 .../builder/portal/users/users/index.svelte   | 14 +++++--
 7 files changed, 78 insertions(+), 36 deletions(-)

diff --git a/packages/builder/src/pages/builder/portal/account/usage.svelte b/packages/builder/src/pages/builder/portal/account/usage.svelte
index f75b6801fc..c541e66fb1 100644
--- a/packages/builder/src/pages/builder/portal/account/usage.svelte
+++ b/packages/builder/src/pages/builder/portal/account/usage.svelte
@@ -184,10 +184,15 @@
       </Body>
     </Layout>
     <Divider />
-    <Body>
-      To upgrade your plan and usage limits visit your
-      <Link size="L" on:click={goToAccountPortal}>account</Link>.
-    </Body>
+    {#if $auth?.user?.accountPortalAccess}
+      <Body>
+        To upgrade your plan and usage limits visit your
+        <Link size="L" on:click={goToAccountPortal}>account</Link>.
+      </Body>
+    {:else}
+      <Body>Contact your account holder to upgrade your plan.</Body>
+    {/if}
+
     <DashCard
       description="YOUR CURRENT PLAN"
       title={planTitle()}
diff --git a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
index 4846fdeeb3..5299e5469b 100644
--- a/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/[groupId].svelte
@@ -14,7 +14,7 @@
   } from "@budibase/bbui"
   import UserGroupPicker from "components/settings/UserGroupPicker.svelte"
   import { createPaginationStore } from "helpers/pagination"
-  import { users, apps, groups } from "stores/portal"
+  import { users, apps, groups, auth } from "stores/portal"
   import { onMount, setContext } from "svelte"
   import { roles } from "stores/backend"
   import ConfirmDialog from "components/common/ConfirmDialog.svelte"
@@ -70,6 +70,7 @@
   let loaded = false
   let editModal, deleteModal
 
+  $: readonly = !$auth.isAdmin
   $: page = $pageInfo.page
   $: fetchUsers(page, searchTerm)
   $: group = $groups.find(x => x._id === groupId)
@@ -164,24 +165,28 @@
     <div class="header">
       <GroupIcon {group} size="L" />
       <Heading>{group?.name}</Heading>
-      <ActionMenu align="right">
-        <span slot="control">
-          <Icon hoverable name="More" />
-        </span>
-        <MenuItem icon="Refresh" on:click={() => editModal.show()}>
-          Edit
-        </MenuItem>
-        <MenuItem icon="Delete" on:click={() => deleteModal.show()}>
-          Delete
-        </MenuItem>
-      </ActionMenu>
+      {#if !readonly}
+        <ActionMenu align="right">
+          <span slot="control">
+            <Icon hoverable name="More" />
+          </span>
+          <MenuItem icon="Refresh" on:click={() => editModal.show()}>
+            Edit
+          </MenuItem>
+          <MenuItem icon="Delete" on:click={() => deleteModal.show()}>
+            Delete
+          </MenuItem>
+        </ActionMenu>
+      {/if}
     </div>
 
     <Layout noPadding gap="S">
       <div class="header">
         <Heading size="S">Users</Heading>
         <div bind:this={popoverAnchor}>
-          <Button on:click={popover.show()} cta>Add user</Button>
+          <Button disabled={readonly} on:click={popover.show()} cta
+            >Add user</Button
+          >
         </div>
         <Popover align="right" bind:this={popover} anchor={popoverAnchor}>
           <UserGroupPicker
diff --git a/packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte b/packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
index dcf947d4fe..1efd60a50d 100644
--- a/packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/_components/RemoveUserTableRenderer.svelte
@@ -1,6 +1,7 @@
 <script>
   import { ActionButton } from "@budibase/bbui"
   import { getContext } from "svelte"
+  import { auth } from "stores/portal"
 
   export let value
 
@@ -12,4 +13,6 @@
   }
 </script>
 
-<ActionButton size="S" on:click={onClick}>Remove</ActionButton>
+<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
+  Remove
+</ActionButton>
diff --git a/packages/builder/src/pages/builder/portal/users/groups/index.svelte b/packages/builder/src/pages/builder/portal/users/groups/index.svelte
index 25c8702f6b..43561d2d30 100644
--- a/packages/builder/src/pages/builder/portal/users/groups/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/groups/index.svelte
@@ -39,6 +39,7 @@
     { column: "roles", component: GroupAppsTableRenderer },
   ]
 
+  $: readonly = !$auth.isAdmin
   $: schema = {
     name: { displayName: "Group", width: "2fr", minWidth: "200px" },
     users: { sortable: false, width: "1fr" },
@@ -108,7 +109,9 @@
     <ButtonGroup>
       {#if $licensing.groupsEnabled}
         <!--Show the group create button-->
-        <Button cta on:click={showCreateGroupModal}>Add group</Button>
+        <Button disabled={readonly} cta on:click={showCreateGroupModal}>
+          Add group
+        </Button>
       {:else}
         <Button
           primary
diff --git a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
index 4c21c03ebf..9498472f66 100644
--- a/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/[userId].svelte
@@ -81,6 +81,7 @@
   let user
   let loaded = false
 
+  $: readonly = !$auth.isAdmin
   $: fullName = user?.firstName ? user?.firstName + " " + user?.lastName : ""
   $: privileged = user?.admin?.global || user?.builder?.global
   $: nameLabel = getNameLabel(user)
@@ -235,18 +236,16 @@
     </Breadcrumbs>
 
     <div class="title">
-      <div>
-        <div style="display: flex;">
-          <Avatar size="XXL" {initials} />
-          <div class="subtitle">
-            <Heading size="M">{nameLabel}</Heading>
-            {#if nameLabel !== user?.email}
-              <Body size="S">{user?.email}</Body>
-            {/if}
-          </div>
+      <div class="user-info">
+        <Avatar size="XXL" {initials} />
+        <div class="subtitle">
+          <Heading size="M">{nameLabel}</Heading>
+          {#if nameLabel !== user?.email}
+            <Body size="S">{user?.email}</Body>
+          {/if}
         </div>
       </div>
-      {#if userId !== $auth.user?._id}
+      {#if userId !== $auth.user?._id && !readonly}
         <div>
           <ActionMenu align="right">
             <span slot="control">
@@ -271,17 +270,26 @@
         </div>
         <div class="field">
           <Label size="L">First name</Label>
-          <Input value={user?.firstName} on:blur={updateUserFirstName} />
+          <Input
+            disabled={readonly}
+            value={user?.firstName}
+            on:blur={updateUserFirstName}
+          />
         </div>
         <div class="field">
           <Label size="L">Last name</Label>
-          <Input value={user?.lastName} on:blur={updateUserLastName} />
+          <Input
+            disabled={readonly}
+            value={user?.lastName}
+            on:blur={updateUserLastName}
+          />
         </div>
         <!-- don't let a user remove the privileges that let them be here -->
         {#if userId !== $auth.user._id}
           <div class="field">
             <Label size="L">Role</Label>
             <Select
+              disabled={readonly}
               value={globalRole}
               options={Constants.BudibaseRoleOptions}
               on:change={updateUserRole}
@@ -297,7 +305,9 @@
         <div class="tableTitle">
           <Heading size="S">Groups</Heading>
           <div bind:this={popoverAnchor}>
-            <Button on:click={popover.show()} secondary>Add to group</Button>
+            <Button disabled={readonly} on:click={popover.show()} secondary>
+              Add to group
+            </Button>
           </div>
           <Popover align="right" bind:this={popover} anchor={popoverAnchor}>
             <UserGroupPicker
@@ -375,6 +385,11 @@
     align-items: center;
     justify-content: space-between;
   }
+  .user-info {
+    display: flex;
+    align-items: center;
+    justify-content: flex-start;
+  }
   .tableTitle {
     display: flex;
     justify-content: space-between;
diff --git a/packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte b/packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
index afff99da0f..06108f1fb1 100644
--- a/packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/_components/RemoveGroupTableRenderer.svelte
@@ -1,6 +1,7 @@
 <script>
   import { ActionButton } from "@budibase/bbui"
   import { getContext } from "svelte"
+  import { auth } from "stores/portal"
 
   export let value
 
@@ -12,4 +13,6 @@
   }
 </script>
 
-<ActionButton size="S" on:click={onClick}>Remove</ActionButton>
+<ActionButton disabled={!$auth.isAdmin} size="S" on:click={onClick}>
+  Remove
+</ActionButton>
diff --git a/packages/builder/src/pages/builder/portal/users/users/index.svelte b/packages/builder/src/pages/builder/portal/users/users/index.svelte
index ba49bb2946..c8f736e465 100644
--- a/packages/builder/src/pages/builder/portal/users/users/index.svelte
+++ b/packages/builder/src/pages/builder/portal/users/users/index.svelte
@@ -52,6 +52,7 @@
   ]
   let userData = []
 
+  $: readonly = !$auth.isAdmin
   $: debouncedUpdateFetch(searchEmail)
   $: schema = {
     email: {
@@ -223,10 +224,17 @@
     <Divider />
     <div class="controls">
       <ButtonGroup>
-        <Button dataCy="add-user" on:click={createUserModal.show} cta>
+        <Button
+          disabled={readonly}
+          dataCy="add-user"
+          on:click={createUserModal.show}
+          cta
+        >
           Add users
         </Button>
-        <Button on:click={importUsersModal.show} secondary>Import</Button>
+        <Button disabled={readonly} on:click={importUsersModal.show} secondary
+          >Import</Button
+        >
       </ButtonGroup>
       <div class="controls-right">
         <Search bind:value={searchEmail} placeholder="Search" />
@@ -247,7 +255,7 @@
       data={enrichedUsers}
       allowEditColumns={false}
       allowEditRows={false}
-      allowSelectRows={true}
+      allowSelectRows={!readonly}
       {customRenderers}
     />
     <div class="pagination">