From aa2a525f75735f1d38cc5010fc918f928a1c811b Mon Sep 17 00:00:00 2001 From: Jessica McInchak Date: Wed, 27 Sep 2023 09:26:09 +0200 Subject: [PATCH 1/2] all users can edit Templates team --- editor.planx.uk/src/components/Header.tsx | 2 +- editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/editor.planx.uk/src/components/Header.tsx b/editor.planx.uk/src/components/Header.tsx index ebc2b00313..79bc3e8d6c 100644 --- a/editor.planx.uk/src/components/Header.tsx +++ b/editor.planx.uk/src/components/Header.tsx @@ -480,7 +480,7 @@ const EditorToolbar: React.FC<{ - {user.isPlatformAdmin ? `All teams` : user.teams.map((team) => team.team.name).join(", ")} + {user.isPlatformAdmin ? `All teams` : user.teams.map((team) => team.team.name).concat(["Templates"]).join(", ")} )} diff --git a/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts b/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts index 94afd1cbb1..d31cffd7ac 100644 --- a/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts +++ b/editor.planx.uk/src/pages/FlowEditor/lib/store/user.ts @@ -47,11 +47,9 @@ export const userStore: StateCreator = ( canUserEditTeam: (teamSlug) => { return ( - get().teams.filter( - (team) => - (team.role === "teamEditor" && team.team.slug === teamSlug) || - get().isPlatformAdmin, - ).length > 0 + get().isPlatformAdmin || + teamSlug === "templates" || + get().teams.filter((team) => team.role === "teamEditor" && team.team.slug === teamSlug).length > 0 ); }, }); From 8573595741e527ceef4b289452ff43fae63a2ffa Mon Sep 17 00:00:00 2001 From: Jessica McInchak Date: Wed, 27 Sep 2023 09:46:39 +0200 Subject: [PATCH 2/2] restrict moveFlow store method by user role --- editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts b/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts index f3c812a0ce..bd75ea0b84 100644 --- a/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts +++ b/editor.planx.uk/src/pages/FlowEditor/lib/store/editor.ts @@ -23,6 +23,7 @@ import { FlowLayout } from "../../components/Flow"; import { connectToDB, getConnection } from "./../sharedb"; import type { Store } from "."; import type { SharedStore } from "./shared"; +import { UserStore } from "./user"; let doc: any; @@ -82,7 +83,7 @@ export interface EditorStore extends Store.Store { } export const editorStore: StateCreator< - SharedStore & EditorStore, + SharedStore & EditorStore & UserStore, [], [], EditorStore @@ -333,6 +334,12 @@ export const editorStore: StateCreator< }, moveFlow(flowId: string, teamSlug: string) { + const valid = get().canUserEditTeam(teamSlug); + if (!valid) { + alert(`You do not have permission to move this flow into ${teamSlug}, try again`); + return Promise.resolve(); + } + const token = getCookie("jwt"); return axios