Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove canInviteToGroup helper on the client #214

Merged
merged 2 commits into from
Feb 12, 2020
Merged

fix: remove canInviteToGroup helper on the client #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e23e75
fix: remove helper on the client
kieckhafer Feb 11, 2020
04d06ad
style: lint fix
kieckhafer Feb 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 0 additions & 30 deletions client/modules/core/main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -445,36 +445,6 @@ export default {
return slug;
},

/**
* (similar to server/api canInviteToGroup)
* @name canInviteToGroup
* @method
* @memberof Core/Client
* @summary checks if the user making the request is allowed to make invitation to that group
* @param {Object} options -
* @param {Object} options.group - group to invite to
* @param {Object} options.user - user object making the invite (Meteor.user())
* @returns {Boolean} -
*/
canInviteToGroup(options) {
const { group } = options;
let { user } = options;
if (!user) {
user = Meteor.user();
}
const userPermissions = user.roles[group.shopId];
const groupPermissions = group.permissions;

// granting invitation right for user with `owner` role in a shop
if (this.hasPermission(["owner"], getUserId(), group.shopId)) {
return true;
}

// checks that userPermissions includes all elements from groupPermissions
// we are not using Reaction.hasPermission here because it returns true if the user has at least one
return _.difference(groupPermissions, userPermissions).length === 0;
},

/**
* @name showActionView
* @method
Expand Down
1 change: 0 additions & 1 deletion imports/plugins/core/accounts/client/components/adminInviteForm.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ const inviteShopMember = gql`

class AdminInviteForm extends Component {
static propTypes = {
canInviteToGroup: PropTypes.func,
groups: PropTypes.array
};

Expand Down
6 changes: 1 addition & 5 deletions imports/plugins/core/accounts/client/components/groupsTableCell.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ import React from "react";
import _ from "lodash";
import PropTypes from "prop-types";
import { Components, registerComponent, withMoment } from "@reactioncommerce/reaction-components";
import { Reaction } from "/client/api";
import { getUserAvatar } from "/imports/plugins/core/accounts/client/helpers/helpers";

const GroupsTableCell = (props) => {
Expand Down Expand Up @@ -54,13 +53,10 @@ const GroupsTableCell = (props) => {
const groupName = group.name && _.startCase(group.name);
const groupNameSpan = <span className="group-dropdown">{groupName}</span>;
const ownerGroup = groups.find((grp) => grp.slug === "owner") || {};
const hasOwnerAccess = Reaction.hasPermission("reaction:legacy:groups/read", Reaction.getUserId(), Reaction.getShopId());

// Permission check. Remove owner option, if user is not current owner.
// Also remove groups user does not have roles to manage. This is also checked on the server
const dropOptions = groups
.filter((grp) => !((grp.slug === "owner" && !hasOwnerAccess)))
.filter((grp) => Reaction.canInviteToGroup({ group: grp })) || [];
const dropOptions = groups || [];

if (dropOptions.length < 2) {
return groupNameSpan;
Expand Down
4 changes: 1 addition & 3 deletions imports/plugins/core/accounts/client/helpers/accountsHelper.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,7 @@ export function sortGroups(groups) {
* @returns {Array} - array of groups or empty object
*/
export function getInvitableGroups(groups) {
return groups
.filter((grp) => grp.slug !== "owner")
.filter((grp) => Reaction.canInviteToGroup({ group: grp }));
return groups || [];
}

/**
Expand Down
29 changes: 0 additions & 29 deletions imports/plugins/core/core/server/Reaction/core.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,35 +52,6 @@ export default {
defaultCustomerRoles: ["guest", "account/profile", "product", "tag", "index", "cart/completed"],
defaultVisitorRoles: ["anonymous", "guest", "product", "tag", "index", "cart/completed"],

/**
* @name canInviteToGroup
* @method
* @memberof Core
* @summary checks if the user making the request is allowed to make invitation to that group
* @param {Object} options -
* @param {Object} options.group - group to invite to
* @param {Object} options.user - user object making the invite (Meteor.user())
* @returns {Boolean} -
*/
canInviteToGroup(options) {
const { group } = options;
let { user } = options;
if (!user) {
user = Meteor.user();
}
const userPermissions = user.roles[group.shopId];
const groupPermissions = group.permissions;

// granting invitation right for user with `owner` role in a shop
if (this.hasPermission(["owner"], getUserId(), group.shopId)) {
return true;
}

// checks that userPermissions includes all elements from groupPermissions
// we are not using Reaction.hasPermission here because it returns true if the user has at least one
return _.difference(groupPermissions, userPermissions).length === 0;
},

/**
* @name hasPermission
* @method
Expand Down
34 changes: 9 additions & 25 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.