Skip to content

Commit

Permalink
Holder roles when substitution is active #115
Browse files Browse the repository at this point in the history 
* Remove AbsenceAdministratorRole from specified items #115
* Use holder roles from token when substitution is active #115
  • Loading branch information
@hupf
hupf authored Dec 4, 2023
1 parent fc34b04 commit 2756479
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 30 deletions.
9 changes: 1 addition & 8 deletions cypress/e2e/navigationMenu.cy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,16 +246,9 @@ describe("Navigation Menu", () => {
cy.get("bkd-mobile-nav").within((mobileMenu) => {
cy.wrap(mobileMenu).should("be.visible");

expectGroups(["Unterricht", "Absenzen", "Angebote"]);

expectGroupItems("Unterricht", [
"Präsenzkontrolle",
"Aktuelle Fächer",
"Tests und Bewertung",
]);
expectGroups(["Absenzen", "Angebote"]);

expectGroupItems("Absenzen", [
"Offene Absenzen entschuldigen",
"Absenzen bearbeiten",
"Absenzen auswerten",
]);
Expand Down
14 changes: 5 additions & 9 deletions src/components/Header/SubstitutionsToggle.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,10 +156,7 @@ export class SubstitutionsToggle extends LitElement {

// Redirect to backend to get a new access token with the substitution's roles/permissions.
// Details see: https://clx-evento.bitbucket.io/master_eventodoc/Api/Autorisierung/Stellvertretung/Stellvertretung-Token/#stellvertretung-starten
const { oAuthServer, oAuthPrefix } = window.eventoPortal.settings;
this.redirect(
`${oAuthServer}/${oAuthPrefix}/Authorization/Substitutions/${substitution.Id}/start`,
);
this.redirect(substitution, "start");
}

private stopSubstitution(): void {
Expand All @@ -168,13 +165,12 @@ export class SubstitutionsToggle extends LitElement {
// Redirect to backend to get access token with the user's
// original roles/permissions, not the substitution's ones.
// Details see: https://clx-evento.bitbucket.io/master_eventodoc/Api/Autorisierung/Stellvertretung/Stellvertretung-Token/#stellvertretung-beenden
const { oAuthServer, oAuthPrefix } = window.eventoPortal.settings;
this.redirect(
`${oAuthServer}/${oAuthPrefix}/Authorization/Substitutions/${this.activeSubstitution.Id}/stop`,
);
this.redirect(this.activeSubstitution, "stop");
}

private redirect(url: string): void {
private redirect(substitution: Substitution, action: "start" | "stop"): void {
const { oAuthServer, oAuthPrefix } = window.eventoPortal.settings;
const url = `${oAuthServer}/${oAuthPrefix}/Authorization/Substitutions/${substitution.Id}/${action}`;
submit("POST", url, {
access_token: tokenState.accessToken ?? "",
redirect_uri: buildUrl("home"),
Expand Down
14 changes: 2 additions & 12 deletions src/settings.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,11 +200,7 @@ export const settings: Settings = {
{
key: "presenceControl",
label: msg("Präsenzkontrolle"),
allowedRolesOrPermissions: [
"TeacherRole",
"LessonTeacherRole",
"AbsenceAdministratorRole",
],
allowedRolesOrPermissions: ["TeacherRole", "LessonTeacherRole"],
deniedInstanceIds: null,
appKey: "schulverwaltung",
appPath: "#/presence-control",
Expand All @@ -216,7 +212,6 @@ export const settings: Settings = {
"TeacherRole",
"LessonTeacherRole",
"ClassTeacherRole",
"AbsenceAdministratorRole",
],
deniedInstanceIds: null,
appKey: "schulverwaltung",
Expand All @@ -225,11 +220,7 @@ export const settings: Settings = {
{
key: "tests",
label: msg("Tests und Bewertung"),
allowedRolesOrPermissions: [
"TeacherRole",
"LessonTeacherRole",
"AbsenceAdministratorRole",
],
allowedRolesOrPermissions: ["TeacherRole", "LessonTeacherRole"],
deniedInstanceIds: null,
appKey: "schulverwaltung",
appPath: "#/events",
Expand Down Expand Up @@ -262,7 +253,6 @@ export const settings: Settings = {
"TeacherRole",
"LessonTeacherRole",
"ClassTeacherRole",
"AbsenceAdministratorRole",
],
deniedInstanceIds: null,
appKey: "schulverwaltung",
Expand Down
10 changes: 9 additions & 1 deletion src/state/portal-state.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,9 @@ class PortalState extends State {
// Update on state change
this.subscribe(this.handleStateChange.bind(this));

// Update navigation on (substitution) token change
tokenState.onAccessTokenUpdate(() => this.updateNavigation());

await this.loadRolesAndPermissions();

this.setInitialized();
Expand Down Expand Up @@ -188,7 +191,12 @@ class PortalState extends State {
this.navigation = filterAllowed(
settings.navigation,
instanceId,
this.rolesAndPermissions,

// When a substitution is active, use the roles of the substituted user
// from the token, otherwise use the user's actual roles and
// permissions from the user settings/info request
tokenState.accessTokenPayload?.substitutionRoles ||
this.rolesAndPermissions,
);
}

Expand Down
13 changes: 13 additions & 0 deletions src/utils/token.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,17 @@ type RawTokenPayload = {
nbf: number;
exp: number;
substitution_id?: string;
holder_roles?: string;
};

export type TokenPayload = {

Check failure on line 15 in src/utils/token.ts

View workflow job for this annotation

GitHub Actions / build (18) 

Duplicate identifier 'TokenPayload'.

Check failure on line 15 in src/utils/token.ts

View workflow job for this annotation

GitHub Actions / test (18) 

Duplicate identifier 'TokenPayload'.

Check failure on line 15 in src/utils/token.ts

View workflow job for this annotation

GitHub Actions / build (18) 

Duplicate identifier 'TokenPayload'.
instanceId: string;
scope: string;
locale: string;
issueTime: number;
expirationTime: number;
substitutionId?: number;
substitutionRoles?: ReadonlyArray<string>;
};

export type TokenPayload = {

Check failure on line 25 in src/utils/token.ts

View workflow job for this annotation

GitHub Actions / build (18) 

Duplicate identifier 'TokenPayload'.

Check failure on line 25 in src/utils/token.ts

View workflow job for this annotation

GitHub Actions / test (18) 

Duplicate identifier 'TokenPayload'.

Check failure on line 25 in src/utils/token.ts

View workflow job for this annotation

GitHub Actions / build (18) 

Duplicate identifier 'TokenPayload'.
Expand All @@ -28,6 +39,7 @@ export function getTokenPayload(token: string): TokenPayload {
nbf: issueTime,
exp: expirationTime,
substitution_id: substitutionId,
holder_roles: holderRoles,
} = parseTokenPayload(token);
return {
instanceId,
Expand All @@ -36,6 +48,7 @@ export function getTokenPayload(token: string): TokenPayload {
issueTime,
expirationTime,
substitutionId: substitutionId ? parseInt(substitutionId, 10) : undefined,
substitutionRoles: holderRoles ? holderRoles.split(";") : undefined,
};
}

Expand Down

0 comments on commit 2756479

Please sign in to comment.