diff --git a/app/controllers/client_api/permissions_controller.rb b/app/controllers/client_api/permissions_controller.rb index ecb13fd7a..78a56384c 100644 --- a/app/controllers/client_api/permissions_controller.rb +++ b/app/controllers/client_api/permissions_controller.rb @@ -1,16 +1,57 @@ module ClientApi class PermissionsController < ApplicationController + before_action :generate_permissions_object, only: :state + def state respond_to do |format| format.json do - render json: { - can_update_team?: false, - can_read_team?: true - }, status: :ok + render json: @permissions, status: :ok end end end + + private + + def generate_permissions_object + sanitize_permissions! + @permissions = {} + if @resource + @required_permissions.collect do |permission| + @permissions.merge!("#{permission}?" => @holder.eval(permission, + current_user, + @resource)) + end + else + @required_permissions.collect do |permission| + @permissions.merge!( + "#{permission}?" => @holder.eval_generic(permission, current_user) + ) + end + end + end + + def sanitize_permissions! + @required_permissions = params.fetch(:parsePermission) do + :permissions_array_missing + end + @holder = Canaid::PermissionsHolder.instance + @required_permissions.each do |permission| + next if @holder.has_permission?(permission) + # this error should happen only in development + raise ArgumentError, "Method #{permission} has no related " \ + "permission registered." + end + # sanitize resource, this error should happen only in development + raise ArgumentError, + "Resource #{@resource} does not exists" unless resource_valid? + end + + def resource_valid? + @resource = params[:resource] + return true unless @resource + return true if Object.const_get(@resource.classify) + rescue NameError + return false + end end end -# holder = Canaid::PermissionsHolder.instance -# https://github.com/biosistemika/canaid/blob/master/lib/canaid/helpers/permissions_helper.rb diff --git a/app/javascript/src/scenes/SettingsPage/scenes/profile/components/MyProfile.jsx b/app/javascript/src/scenes/SettingsPage/scenes/profile/components/MyProfile.jsx index 638d1e21a..41d601603 100644 --- a/app/javascript/src/scenes/SettingsPage/scenes/profile/components/MyProfile.jsx +++ b/app/javascript/src/scenes/SettingsPage/scenes/profile/components/MyProfile.jsx @@ -49,7 +49,6 @@ class MyProfile extends Component { } render() { - console.log(this.props.permissions); return (

@@ -106,5 +105,4 @@ MyProfile.propTypes = { addCurrentUser: func.isRequired }; -const ComponentWithPermissions = Permissions.connect(MyProfile, ["can_update_team?", "can_read_team?"], "user"); -export default connect(null, { addCurrentUser })(ComponentWithPermissions) +export default connect(null, { addCurrentUser })(MyProfile) diff --git a/app/javascript/src/services/permissions/index.js b/app/javascript/src/services/permissions/index.js index 6cfa5d1ae..27d60607d 100644 --- a/app/javascript/src/services/permissions/index.js +++ b/app/javascript/src/services/permissions/index.js @@ -13,6 +13,7 @@ Now you can access to your permissions through component params. The permissions you required have 3 states [true, false, null]. Null is when you are waiting for server response. + You can use methods params.can_uspdate_team? or whatever permissions you declare */ import * as React from "react"; import { getPermissionStatus } from "../api/permissions_api"; diff --git a/spec/controllers/client_api/permissions_controller_spec.rb b/spec/controllers/client_api/permissions_controller_spec.rb new file mode 100644 index 000000000..e487d94c2 --- /dev/null +++ b/spec/controllers/client_api/permissions_controller_spec.rb @@ -0,0 +1,13 @@ +require 'rails_helper' + +describe ClientApi::PermissionsController, type: :controller do + login_user + + describe '#state' do + let(:params) do + { parsePermission: ['can_view_team'], resource: 'UserTeam' } + end + let(:subject) { post :state, format: :json, params: params } + it { is_expected.to be_success } + end +end