Skip to content

Commit 0c65fe3

Browse files
newmanwnewmanw
committed
Check for crud permissions for users, devices and layers
1 parent de6f6c8 commit 0c65fe3

File tree

13 files changed

+69
-21
lines changed

13 files changed

+69
-21
lines changed

public/app/admin/admin.tab.directive.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,10 @@ function adminTab() {
1919
AdminTabController.$inject = ['$scope', '$location', 'UserService', 'DeviceService'];
2020

2121
function AdminTabController($scope, $location, UserService, DeviceService) {
22+
$scope.hasPermission = function(permission) {
23+
return _.contains(UserService.myself.role.permisssions, permission);
24+
};
25+
2226
$scope.onTabChanged = function(tab) {
2327
$location.path('/admin/' + tab);
2428
};

public/app/admin/admin.tab.html

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,13 @@
22
<div class="admin-actions-content">
33

44
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'dashboard'}" ng-click="onTabChanged('')">
5+
<div ng-class="{'admin-action-arrow-left': tab === 'dashboard'}"></div>
56
<i class="fa fa-dashboard"></i>
67
<div>Dashboard</div>
78
</div>
89

910
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'users'}" ng-click="onTabChanged('users')">
11+
<div ng-class="{'admin-action-arrow-left': tab === 'users'}"></div>
1012
<div class="admin-badge">
1113
<i class="fa fa-user"></i>
1214
<span ng-if="inactiveUsers.length" class="badge badge-notif badge-accent">{{inactiveUsers.length}}</span>
@@ -15,16 +17,19 @@
1517
</div>
1618

1719
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'teams'}" ng-click="onTabChanged('teams')">
20+
<div ng-class="{'admin-action-arrow-left': tab === 'teams'}"></div>
1821
<i class="fa fa-users"></i>
1922
<div>Teams</div>
2023
</div>
2124

2225
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'events'}" ng-click="onTabChanged('events')">
26+
<div ng-class="{'admin-action-arrow-left': tab === 'events'}"></div>
2327
<i class="fa fa-calendar"></i>
2428
<div>Events</div>
2529
</div>
2630

2731
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'devices'}" ng-click="onTabChanged('devices')">
32+
<div ng-class="{'admin-action-arrow-left': tab === 'devices'}"></div>
2833
<div class="admin-badge">
2934
<i class="fa fa-mobile-phone"></i>
3035
<span ng-if="unregisteredDevices.length" class="badge badge-notif badge-accent">{{unregisteredDevices.length}}</span>
@@ -33,11 +38,13 @@
3338
</div>
3439

3540
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'layers'}" ng-click="onTabChanged('layers')">
41+
<div ng-class="{'admin-action-arrow-left': tab === 'layers'}"></div>
3642
<i class="fa fa-map"></i>
3743
<div>Layers</div>
3844
</div>
3945

40-
<div class="admin-action" ng-class="{'admin-action-selected': tab === 'settings'}" ng-click="onTabChanged('settings')">
46+
<div class="admin-action" ng-if="hasPermission('UPDATE_SETTINGS')" ng-class="{'admin-action-selected': tab === 'settings'}" ng-click="onTabChanged('settings')">
47+
<div ng-class="{'admin-action-arrow-left': tab === 'settings'}"></div>
4148
<i class="fa fa-wrench"></i>
4249
<div>Settings</div>
4350
</div>

public/app/admin/devices/device.controller.js

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,9 @@ AdminDeviceController.$inject = ['$scope', '$uibModal', '$filter', '$routeParams
77
function AdminDeviceController($scope, $uibModal, $filter, $routeParams, $location, LocalStorageService, DeviceService, UserService, LoginService) {
88
$scope.token = LocalStorageService.getToken();
99

10+
$scope.hasDeviceEditPermission = _.contains(UserService.myself.role.permissions, 'UPDATE_DEVICE');
11+
$scope.hasDeviceDeletePermission = _.contains(UserService.myself.role.permissions, 'DELETE_DEVICE');
12+
1013
var filter = {
1114
device: {id: $routeParams.deviceId}
1215
};

public/app/admin/devices/device.html

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
<div class="col-md-10">
2121
<h2><i class="fa" ng-class="iconClass(device)"></i> Device</h2>
2222
</div>
23-
<div class="col-md-2">
23+
<div class="col-md-2" ng-if="hasDeviceEditPermission">
2424
<h2>
2525
<button class="btn btn-default pull-right" ng-click="editDevice(device)"><i class="fa fa-edit"></i> Edit</button>
2626
</h2>
@@ -88,23 +88,23 @@ <h2>
8888
</div>
8989

9090
<div class="col-md-6">
91-
<div class="card" ng-if="!device.registered">
91+
<div class="card" ng-if="!device.registered && hasDeviceEditPermission">
9292
<div class="card-content">
9393
<strong class="text-success">Register device</strong>
9494
<p class="text-success">Registering will allow device to access MAGE data. The device can be deregistered at any time.</p>
9595
<button class="btn btn-success top-gap" ng-click="registerDevice(device)"> <i class="fa fa-check"></i> Register</button>
9696
</div>
9797
</div>
9898

99-
<div class="card" ng-if="device.registered">
99+
<div class="card" ng-if="device.registered && hasDeviceEditPermission">
100100
<div class="card-content">
101101
<strong class="text-warning">Unregister device</strong>
102102
<p class="text-warning">Unregistering will deny device from accessing MAGE data. All device information will be retained and the device can be registered again at any time.</p>
103103
<button class="btn btn-warning top-gap" ng-click="unregisterDevice(device)"> <i class="fa fa-ban"></i> Unregister</button>
104104
</div>
105105
</div>
106106

107-
<div class="card top-gap">
107+
<div class="card top-gap" ng-if="hasDeviceDeletePermission">
108108
<div class="card-content">
109109
<strong class="text-danger">Delete device</strong>
110110
<p class="text-danger">Deleting device will remove all device information. This cannot be undone, all device data will be unrecoverable.</p>

public/app/admin/devices/devices.controller.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,10 @@ function AdminDevicesController($scope, $uibModal, $filter, $location, LocalStor
1111
$scope.page = 0;
1212
$scope.itemsPerPage = 10;
1313

14+
$scope.hasDeviceCreatePermission = _.contains(UserService.myself.role.permissions, 'CREATE_DEVICE');
15+
$scope.hasDeviceEditPermission = _.contains(UserService.myself.role.permissions, 'UPDATE_DEVICE');
16+
$scope.hasDeviceDeletePermission = _.contains(UserService.myself.role.permissions, 'DELETE_DEVICE');
17+
1418
DeviceService.getAllDevices().then(function (devices) {
1519
$scope.devices = devices;
1620
});

public/app/admin/devices/devices.html

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@
4040
<a class="navbar-brand">Devices</a>
4141
</div>
4242

43-
<form class="navbar-form navbar-right" role="search">
43+
<form class="navbar-form navbar-right" role="search" ng-if="hasDeviceCreatePermission">
4444
<button type="submit" class="btn btn-default" ng-click="newDevice()">New Device</button>
4545
</form>
4646
</div>
@@ -67,9 +67,9 @@
6767
</div>
6868

6969
<div>
70-
<button class="btn btn-sm btn-danger pull-right admin-user-button" ng-click="deleteDevice($event, d)">Delete</button>
71-
<button class="btn btn-sm btn-success pull-right admin-user-button" ng-if="!d.registered" ng-click="registerDevice($event, d)">Register</button>
72-
<button class="btn btn-sm btn-default pull-right" ng-click="editDevice($event, d)">Edit</button>
70+
<button class="btn btn-sm btn-danger pull-right admin-user-button" ng-if="hasDeviceDeletePermission" ng-click="deleteDevice($event, d)">Delete</button>
71+
<button class="btn btn-sm btn-success pull-right admin-user-button" ng-if="!d.registered && hasDeviceEditPermission" ng-click="registerDevice($event, d)">Register</button>
72+
<button class="btn btn-sm btn-default pull-right" ng-if="hasDeviceEditPermission" ng-click="editDevice($event, d)">Edit</button>
7373
</div>
7474
</div>
7575
</div>

public/app/admin/layers/layer.controller.js

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,18 @@ angular
22
.module('mage')
33
.controller('AdminLayerController', AdminLayerController);
44

5-
AdminLayerController.$inject = ['$scope', '$uibModal', '$routeParams', '$location', '$filter', 'Layer', 'Event', 'LocalStorageService'];
5+
AdminLayerController.$inject = ['$scope', '$uibModal', '$routeParams', '$location', '$filter', 'Layer', 'Event', 'LocalStorageService', 'UserService'];
66

7-
function AdminLayerController($scope, $uibModal, $routeParams, $location, $filter, Layer, Event, LocalStorageService) {
7+
function AdminLayerController($scope, $uibModal, $routeParams, $location, $filter, Layer, Event, LocalStorageService, UserService) {
88

99
$scope.layerEvents = [];
1010
$scope.nonTeamEvents = [];
1111
$scope.eventsPage = 0;
1212
$scope.eventsPerPage = 10;
1313

14+
$scope.hasLayerEditPermission = _.contains(UserService.myself.role.permissions, 'UPDATE_LAYER');
15+
$scope.hasLayerDeletePermission = _.contains(UserService.myself.role.permissions, 'DELETE_LAYER');
16+
1417
$scope.fileUploadOptions = {
1518
acceptFileTypes: /(\.|\/)(kml)$/i,
1619
url: '/api/layers/' + $routeParams.layerId + '/kml?access_token=' + LocalStorageService.getToken()
@@ -29,12 +32,23 @@ function AdminLayerController($scope, $uibModal, $routeParams, $location, $filte
2932
return $scope.layer.id === layer.id;
3033
});
3134
});
35+
36+
var nonLayerEvents = _.chain(events);
37+
if (!_.contains(UserService.myself.role.permissions, 'UPDATE_EVENT')) {
38+
// filter teams based on acl
39+
nonLayerEvents = nonLayerEvents.filter(function(event) {
40+
var permissions = event.acl[UserService.myself.id] ? event.acl[UserService.myself.id].permissions : [];
41+
return _.contains(permissions, 'update');
42+
});
43+
}
3244

33-
$scope.nonLayerEvents = _.reject(events, function(event) {
45+
nonLayerEvents = nonLayerEvents.reject(function(event) {
3446
return _.some(event.layers, function(layer) {
3547
return $scope.layer.id === layer.id;
3648
});
3749
});
50+
51+
$scope.nonLayerEvents = nonLayerEvents.value();
3852
});
3953
});
4054

public/app/admin/layers/layer.html

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
<div class="col-md-10">
2121
<h2>Layer: {{layer.name}}</h2>
2222
</div>
23-
<div class="col-md-2">
23+
<div class="col-md-2" ng-if="hasLayerEditPermission">
2424
<h2>
2525
<button class="btn btn-default pull-right" ng-click="editLayer(layer)"><i class="fa fa-edit"></i> Edit</button>
2626
</h2>
@@ -132,7 +132,7 @@ <h2>
132132
</div>
133133

134134
<div class="col-md-6">
135-
<div class="card">
135+
<div class="card" ng-if="hasLayerDeletePermission">
136136
<div class="card-content">
137137
<strong class="text-danger">Delete layer</strong>
138138
<p class="text-danger">Deleting layer will remove all information. This cannot be undone, all layer data will be unrecoverable.</p>
@@ -239,7 +239,7 @@ <h2>
239239
</div>
240240
</div>
241241

242-
<div class="col-md-6 col-xs-12">
242+
<div class="col-md-6 col-xs-12" ng-if="layer.type === 'Feature' && hasLayerEditPermission">
243243
<div class="row">
244244
<div class="col-md-12">
245245
<nav class="navbar navbar-default admin-dashboard-navbar">

public/app/admin/layers/layers.controller.js

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,18 @@ angular
22
.module('mage')
33
.controller('AdminLayersController', AdminLayersController);
44

5-
AdminLayersController.$inject = ['$scope', '$filter', '$uibModal', '$location', 'Layer'];
5+
AdminLayersController.$inject = ['$scope', '$filter', '$uibModal', '$location', 'Layer', 'UserService'];
66

7-
function AdminLayersController($scope, $filter, $uibModal, $location, Layer) {
7+
function AdminLayersController($scope, $filter, $uibModal, $location, Layer, UserService) {
88
$scope.filter = "all";
99
$scope.layers = [];
1010
$scope.page = 0;
1111
$scope.itemsPerPage = 10;
1212

13+
$scope.hasLayerCreatePermission = _.contains(UserService.myself.role.permissions, 'CREATE_LAYER');
14+
$scope.hasLayerEditPermission = _.contains(UserService.myself.role.permissions, 'UPDATE_LAYER');
15+
$scope.hasLayerDeletePermission = _.contains(UserService.myself.role.permissions, 'DELETE_LAYER');
16+
1317
Layer.query(function(layers) {
1418
$scope.layers = layers;
1519
});

public/app/admin/layers/layers.html

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@
4141
<a class="navbar-brand">Layers</a>
4242
</div>
4343

44-
<form class="navbar-form navbar-right" role="search">
44+
<form class="navbar-form navbar-right" role="search" ng-if="hasLayerCreatePermission">
4545
<button type="submit" class="btn btn-default" ng-click="newLayer()">New Layer</button>
4646
</form>
4747
</div>
@@ -62,8 +62,8 @@
6262
<div class="muted"><span class="right-gap">{{l.type}}</span><span>{{l.url}}</span></div>
6363
</div>
6464
<div class="col-md-4">
65-
<button class="btn btn-sm btn-danger pull-right admin-user-button" ng-click="deleteLayer($event, l)">Delete</button>
66-
<button class="btn btn-sm btn-default pull-right" ng-click="editLayer($event, l)">Edit</button>
65+
<button class="btn btn-sm btn-danger pull-right admin-user-button" ng-if="hasLayerDeletePermission" ng-click="deleteLayer($event, l)">Delete</button>
66+
<button class="btn btn-sm btn-default pull-right" ng-if="hasLayerEditPermission" ng-click="editLayer($event, l)">Edit</button>
6767
</div>
6868
</div>
6969

0 commit comments

Comments
 (0)