Check granular role permissions for specific resources (#2899)

closes #2811 closes #2812
zesty-io · Aug 14, 2024 · 247ac75 · 247ac75
1 parent bf53d0f
commit 247ac75
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 12 deletions.
diff --git a/src/apps/content-editor/src/app/views/ItemEdit/Content/Actions/Actions.js b/src/apps/content-editor/src/app/views/ItemEdit/Content/Actions/Actions.js
@@ -20,9 +20,9 @@ export function Actions(props) {
     return <Fragment />;
   }
 
-  const canPublish = usePermission("PUBLISH");
-  const canDelete = usePermission("DELETE");
-  const canUpdate = usePermission("UPDATE");
+  const canPublish = usePermission("PUBLISH", props.itemZUID);
+  const canDelete = usePermission("DELETE", props.itemZUID);
+  const canUpdate = usePermission("UPDATE", props.itemZUID);
   const domain = useDomain();
 
   const { publishing } = props.item;

diff --git a/...content-editor/src/app/views/ItemEdit/components/ItemEditHeader/ItemEditHeaderActions.tsx b/...content-editor/src/app/views/ItemEdit/components/ItemEditHeader/ItemEditHeaderActions.tsx
@@ -64,8 +64,8 @@ export const ItemEditHeaderActions = ({
     itemZUID: string;
   }>();
   const dispatch = useDispatch();
-  const canPublish = usePermission("PUBLISH");
-  const canUpdate = usePermission("UPDATE");
+  const canPublish = usePermission("PUBLISH", itemZUID);
+  const canUpdate = usePermission("UPDATE", itemZUID);
   const [publishMenu, setPublishMenu] = useState<null | HTMLElement>(null);
   const [publishAfterSave, setPublishAfterSave] = useState(false);
   const [unpublishDialogOpen, setUnpublishDialogOpen] = useState(false);

diff --git a/src/apps/content-editor/src/app/views/ItemEdit/components/ItemEditHeader/MoreMenu.tsx b/src/apps/content-editor/src/app/views/ItemEdit/components/ItemEditHeader/MoreMenu.tsx
@@ -41,7 +41,7 @@ export const MoreMenu = () => {
   const { data: contentModels } = useGetContentModelsQuery();
   const type =
     contentModels?.find((model) => model.ZUID === modelZUID)?.type ?? "";
-  const canDelete = usePermission("DELETE");
+  const canDelete = usePermission("DELETE", itemZUID);
 
   const handleCopyClick = (data: string) => {
     navigator?.clipboard

diff --git a/src/apps/content-editor/src/app/views/ItemList/UpdateListActions.tsx b/src/apps/content-editor/src/app/views/ItemList/UpdateListActions.tsx
@@ -46,9 +46,9 @@ type UpdateListActionsProps = {
 
 export const UpdateListActions = ({ items }: UpdateListActionsProps) => {
   const { modelZUID } = useRouterParams<{ modelZUID: string }>();
-  const canPublish = usePermission("PUBLISH");
-  const canDelete = usePermission("DELETE");
-  const canUpdate = usePermission("UPDATE");
+  const canPublish = usePermission("PUBLISH", modelZUID);
+  const canDelete = usePermission("DELETE", modelZUID);
+  const canUpdate = usePermission("UPDATE", modelZUID);
   const dispatch = useDispatch();
   const [anchorEl, setAnchorEl] = useState<HTMLButtonElement>(null);
   const [itemsToPublish, setItemsToPublish] = useState<string[]>([]);

diff --git a/src/shell/hooks/use-permissions.js b/src/shell/hooks/use-permissions.js
@@ -33,9 +33,14 @@ export function usePermission(action, zuid = instanceZUID) {
       return true;
     }
 
-    const granularRole = role?.granularRoles?.find(
-      (r) => r.resourceZUID === zuid
-    );
+    /*
+      If the user is not a super user, check granular roles.
+      First check specific resource, if not found check instance level.
+      TODO: Check additional granular roles for parent resources depending on resource type (e.g. content model when checking content item)
+    */
+    const granularRole =
+      role?.granularRoles?.find((r) => r.resourceZUID === zuid) ||
+      role?.granularRoles?.find((r) => r.resourceZUID === instanceZUID);
 
     // Check system
     switch (action) {