From 14583a1ddaca57b18a5b8cf5eeaa22624b69dccb Mon Sep 17 00:00:00 2001 From: SodhiA1 <38086281+SodhiA1@users.noreply.github.com> Date: Fri, 20 Oct 2023 11:47:43 -0700 Subject: [PATCH 1/2] EDX-1897: Adjust Ministry Permissions --- backend/src/routes/auth.js | 2 +- backend/src/routes/edx-router.js | 17 +++++++++-------- .../components/institute/authority/Details.vue | 2 +- .../components/institute/district/Details.vue | 2 +- frontend/src/components/util/NavBar.vue | 10 +++++----- frontend/src/store/modules/auth.js | 3 ++- 6 files changed, 19 insertions(+), 17 deletions(-) diff --git a/backend/src/routes/auth.js b/backend/src/routes/auth.js index 5a51d6acc..52cf790c9 100644 --- a/backend/src/routes/auth.js +++ b/backend/src/routes/auth.js @@ -14,7 +14,7 @@ const { validationResult } = require('express-validator'); -const isValidStaffUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & StudentSearch & StaffAdministration & NominalRoll & NominalRollReadOnly & GUMPAnalytics & PenRequestBatchAnalytics & Exchange', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.StudentSearch, ...roles.User.StaffAdministration, ...roles.User.NominalRoll , ...roles.User.NominalRollReadOnly, ...roles.User.GUMPAnalytics, ...roles.User.PenRequestBatchAnalytics, ...roles.User.Exchange]); +const isValidStaffUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & StudentSearch & StaffAdministration & NominalRoll & NominalRollReadOnly & GUMPAnalytics & PenRequestBatchAnalytics & Exchange & EDX', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.StudentSearch, ...roles.User.StaffAdministration, ...roles.User.NominalRoll , ...roles.User.NominalRollReadOnly, ...roles.User.GUMPAnalytics, ...roles.User.PenRequestBatchAnalytics, ...roles.User.Exchange, ...roles.User.EDX]); const isValidWebSocketUserWithRoles = auth.isValidUserWithRoles('GMP & UMP & PenRequestBatch & Exchange & School', [...roles.User.GMP, ...roles.User.UMP, ...roles.User.PenRequestBatch, ...roles.User.Exchange, ...roles.User.School]); const router = express.Router(); diff --git a/backend/src/routes/edx-router.js b/backend/src/routes/edx-router.js index 6f0d3b0e4..10ce334b1 100644 --- a/backend/src/routes/edx-router.js +++ b/backend/src/routes/edx-router.js @@ -15,15 +15,16 @@ router.get('/users/ministryTeams', passport.authenticate('jwt', {session: false} router.get('/valid-schools-for-messaging', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, utils.forwardGet('getUserSchools', 'server:edx:rootURL', '/users/user-schools')); router.get('/valid-districts-for-messaging', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, utils.forwardGet('getUserDistricts', 'server:edx:rootURL', '/users/user-districts')); -router.get('/users/roles', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, utils.forwardGet('getUserRoles', 'server:edx:rootURL', '/users/roles')); -router.get('/users', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, getEdxUsers); -router.post('/users/roles/school', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, updateEdxUserSchoolRoles); -router.post('/users/roles/district', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, updateEdxUserDistrictRoles); -router.post('/users/remove', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, removeUserSchoolOrDistrictAccess); -router.post('/users/relink', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, relinkUserSchoolOrDistrictAccess); -router.get('/users/activation-code/primary/:instituteType/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, findPrimaryEdxActivationCode); -router.post('/users/activation-code/primary/:instituteType/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, generateOrRegeneratePrimaryEdxActivationCode); +router.get('/users/roles', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, utils.forwardGet('getUserRoles', 'server:edx:rootURL', '/users/roles')); +router.get('/users', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, getEdxUsers); +router.post('/users/roles/school', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, updateEdxUserSchoolRoles); +router.post('/users/roles/district', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, updateEdxUserDistrictRoles); +router.post('/users/remove', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, removeUserSchoolOrDistrictAccess); +router.post('/users/relink', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, relinkUserSchoolOrDistrictAccess); + +router.get('/users/activation-code/primary/:instituteType/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, findPrimaryEdxActivationCode); +router.post('/users/activation-code/primary/:instituteType/:instituteIdentifier', passport.authenticate('jwt', {session: false}, undefined), auth.isValidEDXUserToken, extendSession, generateOrRegeneratePrimaryEdxActivationCode); //edx exchange routes router.get('/exchange', passport.authenticate('jwt', {session: false}, undefined), auth.isValidExchangeUserToken, extendSession, getExchanges); diff --git a/frontend/src/components/institute/authority/Details.vue b/frontend/src/components/institute/authority/Details.vue index 44c474880..b7f62db2f 100644 --- a/frontend/src/components/institute/authority/Details.vue +++ b/frontend/src/components/institute/authority/Details.vue @@ -452,7 +452,7 @@
diff --git a/frontend/src/components/institute/district/Details.vue b/frontend/src/components/institute/district/Details.vue index 4977deb75..5d0189c1a 100644 --- a/frontend/src/components/institute/district/Details.vue +++ b/frontend/src/components/institute/district/Details.vue @@ -301,7 +301,7 @@
diff --git a/frontend/src/components/util/NavBar.vue b/frontend/src/components/util/NavBar.vue index 778351123..c802d74ea 100644 --- a/frontend/src/components/util/NavBar.vue +++ b/frontend/src/components/util/NavBar.vue @@ -170,7 +170,7 @@ export default { }, computed: { ...mapState(appStore, ['config']), - ...mapState(authStore, ['isAuthorizedUser', 'ADVANCED_SEARCH_ROLE', 'VIEW_EDIT_PEN_REQUEST_BATCH_FILES_ROLE', 'EDIT_MACROS_ROLE', 'VIEW_GMP_REQUESTS_ROLE', 'VIEW_UMP_REQUESTS_ROLE', 'PROCESS_STUDENT_ROLE', 'VIEW_PEN_COORDINATOR_INFO_ROLE', 'NOMINAL_ROLL_ROLE', 'STAFF_ADMINISTRATION_ADMIN', 'HAS_STATS_ROLE', 'STUDENT_ANALYTICS_STUDENT_PROFILE', 'STUDENT_ANALYTICS_BATCH', 'EXCHANGE_ROLE', 'EXCHANGE_ACCESS_ROLE', 'PEN_TEAM_ROLE']), + ...mapState(authStore, ['isAuthorizedUser', 'ADVANCED_SEARCH_ROLE', 'VIEW_EDIT_PEN_REQUEST_BATCH_FILES_ROLE', 'EDIT_MACROS_ROLE', 'VIEW_GMP_REQUESTS_ROLE', 'VIEW_UMP_REQUESTS_ROLE', 'PROCESS_STUDENT_ROLE', 'VIEW_PEN_COORDINATOR_INFO_ROLE', 'NOMINAL_ROLL_ROLE', 'STAFF_ADMINISTRATION_ADMIN', 'HAS_STATS_ROLE', 'STUDENT_ANALYTICS_STUDENT_PROFILE', 'STUDENT_ANALYTICS_BATCH', 'EXCHANGE_ROLE', 'EXCHANGE_ACCESS_ROLE', 'PEN_TEAM_ROLE', 'INSTITUTIONS_ADMINISTRATION_ADMIN']), items() { return [ { @@ -254,22 +254,22 @@ export default { }, { title: 'Institutions', - authorized: this.isAuthorizedUser, + authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN, items: [ { title: 'Schools', link: 'instituteSchoolList', - authorized: this.isAuthorizedUser + authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN }, { title: 'Districts', link: 'instituteDistrict', - authorized: this.isAuthorizedUser + authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN }, { title: 'Authorities', link: 'instituteAuthoritiesList', - authorized: this.isAuthorizedUser + authorized: this.INSTITUTIONS_ADMINISTRATION_ADMIN } ], }, diff --git a/frontend/src/store/modules/auth.js b/frontend/src/store/modules/auth.js index a51b5c77f..cf44d00b5 100644 --- a/frontend/src/store/modules/auth.js +++ b/frontend/src/store/modules/auth.js @@ -69,7 +69,8 @@ export const authStore = defineStore('auth', { SCHOOL_ADMIN_ROLE: state => state.isValidSchoolAdmin, INDEPENDENT_SCHOOLS_ADMIN_ROLE: state => state.isValidSchoolIndependentAdmin, OFFSHORE_SCHOOLS_ADMIN_ROLE: state => state.isValidSchoolOffshoreAdmin, - INDEPENDENT_AUTHORITY_ADMIN_ROLE: state => state.isValidIndependentAuthorityAdmin + INDEPENDENT_AUTHORITY_ADMIN_ROLE: state => state.isValidIndependentAuthorityAdmin, + INSTITUTIONS_ADMINISTRATION_ADMIN: state => state.isValidSchoolAdmin || state.isValidDistrictAdmin || state.isValidSchoolIndependentAdmin || state.isValidSchoolOffshoreAdmin || state.isValidIndependentAuthorityAdmin, }, actions: { //sets Json web token and determines whether user is authenticated From fc1f8e83fb4e41bcae949963724458685c8ec98b Mon Sep 17 00:00:00 2001 From: SodhiA1 <38086281+SodhiA1@users.noreply.github.com> Date: Fri, 20 Oct 2023 11:52:20 -0700 Subject: [PATCH 2/2] Update roles.js --- backend/src/components/roles.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/components/roles.js b/backend/src/components/roles.js index 21fa68157..bdb9284eb 100644 --- a/backend/src/components/roles.js +++ b/backend/src/components/roles.js @@ -25,7 +25,8 @@ const roles = { //Help functions created in auth module: isValidPenTeamRoleUserToken, isValidPenTeamRoleUser PenTeamRole: config.get('server:edx:teamRoles:pen'), //Help functions created in auth module: isValidSchoolMoveUserToken, isValidSchoolMoveUser - School: ['SCHOOL_ADMIN'] + School: ['SCHOOL_ADMIN'], + EDX: [config.get('server:edx:roleAdmin')] }, Admin: { //Help functions created in auth module: isValidGMPAdmin