[OGUI-1572] Add root check of user permissions before building UI page (

#2654) * updates the ECS pages to not be built if they do not have the permissions to use it * updates the other pages to remove check as parent check is now done * for locks, ensure buttons are displayed only if user is allowed to use them
AliceO2Group · Nov 14, 2024 · c6ff6d5 · c6ff6d5
1 parent 1319026
commit c6ff6d5
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 34 deletions.
diff --git a/Control/public/lock/lockPage.js b/Control/public/lock/lockPage.js
@@ -64,8 +64,10 @@ export const content = (model) => {
               detectorLockActionButton(lock, DETECTOR_ALL, {}, DetectorLockAction.RELEASE, true, 'Force Release ALL'),
               detectorLockActionButton(lock, DETECTOR_ALL, {}, DetectorLockAction.TAKE, true, 'Force Take ALL'),
             ],
-            detectorLockActionButton(lock, DETECTOR_ALL, {}, DetectorLockAction.RELEASE, false, 'Release ALL*'),
-            detectorLockActionButton(lock, DETECTOR_ALL, {}, DetectorLockAction.TAKE, false, 'Take ALL*'),
+            isUserAllowedRole(ROLES.Detector) && [
+              detectorLockActionButton(lock, DETECTOR_ALL, {}, DetectorLockAction.RELEASE, false, 'Release ALL*'),
+              detectorLockActionButton(lock, DETECTOR_ALL, {}, DetectorLockAction.TAKE, false, 'Take ALL*'),
+            ],
           ]),
           h('small.text-left.ph2',
             'Note: Release/Take all will only affect the detectors you have access to and detectors that are available.'

diff --git a/Control/public/view.js b/Control/public/view.js
@@ -18,6 +18,8 @@ import {h, switchCase, notification} from '/js/src/index.js';
 // Common app helpers
 import appHeader from './common/appHeader.js';
 import sidebar from './common/sidebar.js';
+import { ROLES } from './workflow/constants.js';
+import { isUserAllowedRole } from './common/userRole.js';
 
 // Page specific views (contents and headers)
 import {
@@ -108,17 +110,28 @@ const header = (model) => h('.bg-white flex-row p2 shadow-level2 level2', [
  * @param {object} model
  * @return {vnode}
  */
-const content = (model) => [
-  switchCase(model.router.params.page, {
-    newEnvironmentAdvanced: workflowsContent,
-    newEnvironment: EnvironmentCreationPage,
-    calibrationRuns: CalibrationRunsContent,
-    environments: environmentsContent,
-    environment: EnvironmentPageContent,
-    about: statusContent,
-    configuration: configurationContent,
-    taskList: taskContent,
-    hardware: hardwareContent,
-    locks: lockContent
-  })(model)
-];
+const content = (model) => {
+  const page = model?.router?.params?.page ?? 'environments' // Default page;
+  // Permissions check pages
+  const minimumDetectorRolePages = [
+    'about', 'calibrationRuns', 'configuration', 'environment', 'locks', 'newEnvironment', 'newEnvironmentAdvanced',
+    'taskList'
+  ];
+  if (minimumDetectorRolePages.includes(page) && !isUserAllowedRole(ROLES.Detector)) {
+    return h('h3.m4.warning.text-center', ['You do not own the permissions to use this page.'])
+  }
+  return [
+    switchCase(model.router.params.page, {
+      newEnvironmentAdvanced: workflowsContent,
+      newEnvironment: EnvironmentCreationPage,
+      calibrationRuns: CalibrationRunsContent,
+      environments: environmentsContent,
+      environment: EnvironmentPageContent,
+      about: statusContent,
+      configuration: configurationContent,
+      taskList: taskContent,
+      hardware: hardwareContent,
+      locks: lockContent
+    })(model)
+  ]
+};
diff --git a/Control/public/workflow/workflowsPage.js b/Control/public/workflow/workflowsPage.js
@@ -28,9 +28,6 @@ import errorPage from './../common/errorPage.js';
 import {DetectorState} from './../common/enums/DetectorState.enum.js';
 import {deployEnvironmentButton} from './../common/deployEnvironmentButton.component.js';
 
-import {ROLES} from './../workflow/constants.js';
-import {isUserAllowedRole} from './../common/userRole.js';
-
 /**
  * @file Page to show a form for creating a new environment
  * from existing templates
@@ -50,19 +47,18 @@ export const header = (model) => h('h4.w-100 text-center', 'New Environment');
  * @return {vnode}
  */
 export const content = (model) =>
-  !isUserAllowedRole(ROLES.Detector) ?
-    h('h3.m4.warning.text-center', ['You are not allowed to create environments.']) : h('', [
-      detectorHeader(model),
-      h('.scroll-y.absolute-fill.text-center.p2', {style: 'top:40px;'},
-        model.workflow.repoList.match({
-          NotAsked: () => null,
-          Loading: () => pageLoading(),
-          Success: (repoList) => (repoList.repos.length === 0)
-            ? h('h3.m4', ['No repositories found.']) : showNewEnvironmentForm(model, repoList.repos),
-          Failure: (error) => errorPage(error),
-        })
-      )
-    ]);
+  h('', [
+    detectorHeader(model),
+    h('.scroll-y.absolute-fill.text-center.p2', {style: 'top:40px;'},
+      model.workflow.repoList.match({
+        NotAsked: () => null,
+        Loading: () => pageLoading(),
+        Success: (repoList) => (repoList.repos.length === 0)
+          ? h('h3.m4', ['No repositories found.']) : showNewEnvironmentForm(model, repoList.repos),
+        Failure: (error) => errorPage(error),
+      })
+    )
+  ]);
 
 /**
 * Create a form for the user to select inputs for a new environment

diff --git a/Control/test/public/page-new-environment-mocha.js b/Control/test/public/page-new-environment-mocha.js
@@ -68,11 +68,11 @@ describe('`pageNewEnvironment` test-suite', async () => {
       window.model.notify();
     });
 
-    const text = await page.locator('.m4')
+    const text = await page.locator('h3.m4')
       .setTimeout(500)
       .map((div) => div.innerText)
       .wait();
-    assert.strictEqual(text, 'You are not allowed to create environments.');
+    assert.strictEqual(text, 'You do not own the permissions to use this page.');
 
     await page.evaluate(() => {
       window.model.session.role = 1;