Apply view org perm limits in the admin page org selector.
Apply view/update/create org perm limits to org-selector's inside of
fm-editor panes.
Signed-off-by: Bill Erickson <berickxx@gmail.com>
<eg-org-select *ngIf="field.datatype == 'org_unit'"
placeholder="{{field.label}}..."
i18n-placeholder
+ [limitPerms]="modePerms[mode]"
[applyDefault]="field.orgDefaultAllowed"
[initialOrgId]="record[field.name]()"
(onChange)="record[field.name]($event)">
// TODO: allow this to be update in real time by the caller?
record: IdlObject;
+ // Permissions extracted from the permacrud defs in the IDL
+ // for the current IDL class
+ modePerms: {[mode: string]: string};
+
@Input() customFieldTemplates:
{[fieldName: string]: CustomFieldTemplate} = {};
});
}
+ const pc = this.idlDef.permacrud || {};
+ this.modePerms = {
+ view: pc.retrieve ? pc.retrieve.perms : [],
+ create: pc.create ? pc.create.perms : [],
+ update: pc.update ? pc.update.perms : [],
+ };
+
// create a new record from scratch
this.pkeyIsEditable = !('pkey_sequence' in this.idlDef);
this.record = this.idl.create(this.idlClass);
private store: StoreService,
private org: OrgService,
private perm: PermService
- ) {
- this.permLimitOrgs = [];
- }
+ ) { }
ngOnInit() {
//
applyPermLimitOrgs(perms: string[]) {
- if (!perms || perms.length === 0) {
- this.permLimitOrgs = [];
+ if (!perms) {
+ return;
+ }
+
+ // handle lazy clients that pass null perm names
+ perms = perms.filter(p => p !== null && p !== undefined);
+
+ if (perms.length === 0) {
return;
}
this.hidden.filter(id => org.id() === id).length === 0
);
- if (this.permLimitOrgs && this.permLimitOrgs.length) {
+ if (this.permLimitOrgs) {
// Avoid showing org units where the user does
// not have the requested permission.
orgs = orgs.filter(org =>
<span class="input-group-text">{{orgFieldLabel}}</span>
</div>
<eg-org-select
+ [limitPerms]="viewPerms"
[initialOrg]="contextOrg"
(onChange)="orgOnChange($event)">
</eg-org-select>
contextOrg: IdlObject;
orgFieldLabel: string;
+ viewPerms: string;
constructor(
private idl: IdlService,
this.idlClassDef = this.idl.classes[this.idlClass];
this.pkeyField = this.idlClassDef.pkey || 'id';
this.persistKey = 'admin.' + this.idlClassDef.table;
+
+ // Limit the view org selector to orgs where the user has
+ // permacrud-encoded view permissions.
+ const pc = this.idlClassDef.permacrud;
+ if (pc && pc.retrieve) {
+ this.viewPerms = pc.retrieve.perms;
+ }
+
this.applyOrgValues();
// If the caller provides not data source, create a generic one.
projects / working / Evergreen.git / commitdiff