N21-1505 Prevent deletion of global systems (#3353)

config/default.schema.json

@@ -607,6 +607,11 @@
 			"type": "boolean",
 			"default": false,
 			"description": "Enables to get groups of type class in courses"
+		},
+		"FEATURE_NEST_SYSTEMS_API_ENABLED": {
+			"type": "boolean",
+			"default": true,
+			"description": "Uses the v3 api over the v1 api for systems"
 		}
 	},
 	"allOf": [

config/global.js

@@ -41,6 +41,7 @@ const {
 	FEATURE_BUTTONS_ON_LOGINPAGE_ENABLED,
 	FEATURE_SHOW_NEW_CLASS_VIEW_ENABLED,
 	FEATURE_GROUPS_IN_COURSE_ENABLED,
+	FEATURE_NEST_SYSTEMS_API_ENABLED,
 } = process.env;
 
 const exp = {
@@ -84,6 +85,7 @@ const exp = {
 	FEATURE_BUTTONS_ON_LOGINPAGE_ENABLED,
 	FEATURE_SHOW_NEW_CLASS_VIEW_ENABLED,
 	FEATURE_GROUPS_IN_COURSE_ENABLED,
+	FEATURE_NEST_SYSTEMS_API_ENABLED,
 };
 
 // eslint-disable-next-line no-console

controllers/administration.js

@@ -21,7 +21,7 @@ const timesHelper = require('../helpers/timesHelper');
 const router = express.Router();
 const upload = multer({ storage: multer.memoryStorage() });
 
-const { HOST, CONSENT_WITHOUT_PARENTS_MIN_AGE_YEARS } = require('../config/global');
+const { HOST, CONSENT_WITHOUT_PARENTS_MIN_AGE_YEARS, FEATURE_NEST_SYSTEMS_API_ENABLED } = require('../config/global');
 const { isUserHidden } = require('../helpers/users');
 
 // eslint-disable-next-line no-unused-vars
@@ -466,8 +466,8 @@ const getDetailHandler = (service) => function detailHandler(req, res, next) {
 		.catch(next);
 };
 
-const getDeleteHandler = (service, redirectUrl) => function deleteHandler(req, res, next) {
-	api(req)
+const getDeleteHandler = (service, redirectUrl, apiVersion = 'v1') => function deleteHandler(req, res, next) {
+	api(req, { version: apiVersion })
 		.delete(`/${service}/${req.params.id}`)
 		.then(() => {
 			if (redirectUrl) {
@@ -2766,7 +2766,7 @@ router.get('/systems/:id', getDetailHandler('systems'));
 router.delete(
 	'/systems/:id',
 	removeSystemFromSchoolHandler,
-	getDeleteHandler('systems'),
+	getDeleteHandler('systems', undefined, FEATURE_NEST_SYSTEMS_API_ENABLED === 'true' ? 'v3' : 'v1'),
 );
 
 router.get('/rss/:id', async (req, res) => {
@@ -2880,27 +2880,34 @@ router.use(
 		const getSystemsBody = (systems) => systems.map((item) => {
 			const name = getSSOTypes().filter((type) => item.type === type.value);
 			let tableActions = [];
-			const editable = (item.type === 'ldap' && item.ldapConfig.provider === 'general')
-					|| item.type === 'moodle' || item.type === 'iserv';
-			const hasSystemPermission = permissionsHelper.userHasPermission(res.locals.currentUser, 'SYSTEM_EDIT');
+			const editable = item.ldapConfig?.provider === 'general';
+			const hasSystemEditPermission = permissionsHelper.userHasPermission(res.locals.currentUser, 'SYSTEM_EDIT');
+			const hasSystemCreatePermission = permissionsHelper.userHasPermission(res.locals.currentUser, 'SYSTEM_CREATE');
 
-			if (editable && hasSystemPermission) {
-				tableActions = tableActions.concat([
-					{
-						link: item.type === 'ldap' ? `/administration/ldap/config?id=${item._id}`
-							: `/administration/systems/${item._id}`,
-						class: item.type === 'ldap' ? 'btn-edit-ldap' : 'btn-edit',
-						icon: 'edit',
-						title: res.$t('administration.controller.link.editEntry'),
-					},
-					{
-						link: `/administration/systems/${item._id}`,
-						class: 'btn-delete--systems',
-						icon: 'trash-o',
-						method: 'delete',
-						title: res.$t('administration.controller.link.deleteEntry'),
-					},
-				]);
+			if (editable) {
+				if (hasSystemEditPermission) {
+					tableActions = tableActions.concat([
+						{
+							link: item.type === 'ldap' ? `/administration/ldap/config?id=${item._id}`
+								: `/administration/systems/${item._id}`,
+							class: item.type === 'ldap' ? 'btn-edit-ldap' : 'btn-edit',
+							icon: 'edit',
+							title: res.$t('administration.controller.link.editEntry'),
+						},
+					]);
+				}
+
+				if (hasSystemCreatePermission) {
+					tableActions = tableActions.concat([
+						{
+							link: `/administration/systems/${item._id}`,
+							class: 'btn-delete--systems',
+							icon: 'trash-o',
+							method: 'delete',
+							title: res.$t('administration.controller.link.deleteEntry'),
+						},
+					]);
+				}
 			}
 			return [
 				item.type === 'ldap' && item.ldapConfig.active === false