Merge pull request #751 from Yelinz/feat-admin-edit

feat(ember): allow admins to always edit the form

Author: open-dynaMIX

caluma/extensions/permissions.py

@@ -17,9 +17,16 @@
 
 
 class MySAGWPermission(BasePermission):
-    def _is_admin_or_sagw(self, info):
+    def _is_admin(self, info):
+        groups = info.context.user.groups
+        return "admin" in groups
+
+    def _is_sagw(self, info):
         groups = info.context.user.groups
-        return "admin" in groups or "sagw" in groups
+        return "sagw" in groups
+
+    def _is_admin_or_sagw(self, info):
+        return self._is_admin(info) or self._is_sagw(info)
 
     def _can_access_case(self, info, case):
         case_ids = get_cases_for_user(info.context.user)
@@ -84,7 +91,10 @@ def has_permission_for_save_document_answer(self, mutation, info, answer):
 
         case = self._get_case_for_doc(answer.document)
 
-        if not self._is_admin_or_sagw(info) and not (
+        if self._is_admin(info):
+            return True
+
+        if not (
             self._can_access_case(info, case)
             or self._is_own(info, answer.document.family)
         ):

ember/app/abilities/case.js

@@ -11,7 +11,10 @@ export default class CaseAbility extends BaseAbility {
   }
 
   get canEdit() {
-    return this.hasAccess(this.model);
+    return (
+      this.isAdmin ||
+      (this.model.hasSubmitOrReviseWorkItem && this.hasAccess(this.model))
+    );
   }
 
   get canDelete() {

ember/app/ui/cases/detail/edit/controller.js

@@ -6,9 +6,6 @@ export default class CasesDetailEditController extends Controller {
   @service can;
 
   get disabled() {
-    return !(
-      this.model.hasSubmitOrReviseWorkItem &&
-      this.can.can("edit case", this.model)
-    );
+    return !this.can.can("edit case", this.model);
   }
 }

ember/tests/unit/ui/cases/detail/edit/controller-test.js

@@ -7,28 +7,67 @@ module("Unit | Controller | cases/detail/edit", function (hooks) {
   setupTest(hooks);
 
   hooks.beforeEach(function () {
+    ENV.APP.caluma = {};
+    ENV.APP.caluma.documentEditableTaskSlugs = ["test"];
+    this.controller = this.owner.lookup("controller:cases/detail/edit");
+    this.controller.model = {
+      hasEditableWorkItem: false,
+      accesses: [{ email: "test@test.com" }],
+    };
+  });
+
+  test("no access", function (assert) {
     this.owner.register(
       "service:session",
       {
         isAuthenticated: true,
         data: {
           authenticated: {
-            userinfo: { email: "lorem@ipsum.co", mysagw_groups: ["sagw"] },
+            userinfo: { email: "lorem@ipsum.co", mysagw_groups: [] },
           },
         },
       },
       { instantiate: false }
     );
+
+    assert.true(this.controller.disabled);
   });
 
-  test("it is setup properly", function (assert) {
-    ENV.APP.caluma = {};
-    ENV.APP.caluma.documentEditableTaskSlugs = ["test"];
-    const controller = this.owner.lookup("controller:cases/detail/edit");
-    controller.model = {
-      hasEditableWorkItem: false,
-      accesses: [{ email: "test@test.com" }],
+  test("admin access", function (assert) {
+    this.owner.register(
+      "service:session",
+      {
+        isAuthenticated: true,
+        data: {
+          authenticated: {
+            userinfo: { email: "lorem@ipsum.co", mysagw_groups: ["admin"] },
+          },
+        },
+      },
+      { instantiate: false }
+    );
+
+    assert.false(this.controller.disabled);
+  });
+
+  test("user access", function (assert) {
+    this.owner.register(
+      "service:session",
+      {
+        isAuthenticated: true,
+        data: {
+          authenticated: {
+            userinfo: { email: "lorem@ipsum.co", mysagw_groups: [] },
+          },
+        },
+      },
+      { instantiate: false }
+    );
+    this.controller.model = {
+      hasEditableWorkItem: true,
+      accesses: [{ email: "lorem@ipsum.co" }],
     };
-    assert.true(controller.disabled);
+
+    assert.true(this.controller.disabled);
   });
 });