fix: issue with summary permissions

joshunrau · joshunrau · commit 6d3d608226b1 · 2024-11-01T10:36:16.000-04:00
diff --git a/apps/api/prisma/schema.prisma b/apps/api/prisma/schema.prisma
@@ -168,7 +168,6 @@ enum AppSubject {
   InstrumentRecord
   Session
   Subject
-  Summary
   User
 }
 
diff --git a/apps/api/src/ability/ability.factory.ts b/apps/api/src/ability/ability.factory.ts
@@ -27,18 +27,17 @@ export class AbilityFactory {
         ability.can('read', 'Session', { groupId: { in: user.groupIds } });
         ability.can('create', 'Subject');
         ability.can('read', 'Subject', { groupIds: { hasSome: user.groupIds } });
-        ability.can('read', 'Summary');
         ability.can('read', 'User', { groupIds: { hasSome: user.groupIds } });
-
         break;
       case 'STANDARD':
         ability.can('read', 'Group', { id: { in: user.groupIds } });
         ability.can('read', 'Instrument');
         ability.can('create', 'InstrumentRecord');
-        ability.can('read', 'Session');
+        ability.can('read', 'Session', { groupId: { in: user.groupIds } });
         ability.can('create', 'Session');
         ability.can('create', 'Subject');
         ability.can('read', 'Subject', { groupIds: { hasSome: user.groupIds } });
+        break;
     }
     user.additionalPermissions.forEach(({ action, subject }) => {
       ability.can(action, subject);
diff --git a/apps/api/src/summary/summary.controller.ts b/apps/api/src/summary/summary.controller.ts
@@ -12,7 +12,12 @@ export class SummaryController {
   constructor(private readonly summaryService: SummaryService) {}
 
   @Get()
-  @RouteAccess([{ action: 'read', subject: 'Instrument' }])
+  @RouteAccess([
+    { action: 'read', subject: 'Instrument' },
+    { action: 'read', subject: 'InstrumentRecord' },
+    { action: 'read', subject: 'Subject' },
+    { action: 'read', subject: 'User' }
+  ])
   async getSummary(@CurrentUser('ability') ability: AppAbility, @Query('groupId') groupId?: string): Promise<Summary> {
     return this.summaryService.getSummary(groupId, { ability });
   }
diff --git a/apps/web/src/features/admin/pages/ManageUsersPage.tsx b/apps/web/src/features/admin/pages/ManageUsersPage.tsx
@@ -178,10 +178,6 @@ export const ManageUsersPage = () => {
                           en: 'Subject',
                           fr: 'Client'
                         }),
-                        Summary: t({
-                          en: 'Summary',
-                          fr: 'Résumé'
-                        }),
                         User: t({
                           en: 'User',
                           fr: 'Utilisateur'
diff --git a/apps/web/src/features/dashboard/pages/DashboardPage.tsx b/apps/web/src/features/dashboard/pages/DashboardPage.tsx
@@ -1,5 +1,6 @@
 import { Heading } from '@douglasneuroinformatics/libui/components';
 import { useTranslation } from '@douglasneuroinformatics/libui/hooks';
+import type { AppSubjectName } from '@opendatacapture/schemas/core';
 import { Navigate } from 'react-router-dom';
 
 import { PageHeader } from '@/components/PageHeader';
@@ -13,7 +14,11 @@ export const DashboardPage = () => {
   const currentUser = useAppStore((store) => store.currentUser);
   const { t } = useTranslation();
 
-  if (!currentUser?.ability.can('read', 'Summary')) {
+  const ability = currentUser?.ability;
+  const subjects: AppSubjectName[] = ['Instrument', 'InstrumentRecord', 'Subject', 'User'];
+  const isAuthorized = subjects.every((subject) => ability?.can('read', subject));
+
+  if (!isAuthorized) {
     return <Navigate to="/session/start-session" />;
   }
 
diff --git a/apps/web/src/hooks/useNavItems.ts b/apps/web/src/hooks/useNavItems.ts
@@ -39,24 +39,30 @@ export function useNavItems() {
   const setupState = useSetupState();
 
   useEffect(() => {
+    const ability = currentUser?.ability;
     const globalItems: NavItem[] = [];
-    if (currentUser?.ability.can('read', 'Summary')) {
+    if (
+      ability?.can('read', 'Instrument') &&
+      ability.can('read', 'InstrumentRecord') &&
+      ability.can('read', 'Subject') &&
+      ability.can('read', 'User')
+    ) {
       globalItems.push({
         icon: BarChartBigIcon,
         label: t('layout.navLinks.dashboard'),
         url: '/dashboard'
       });
     }
-    if (currentUser?.ability.can('read', 'Subject') && currentUser.ability.can('read', 'InstrumentRecord')) {
+    if (ability?.can('read', 'Subject') && ability.can('read', 'InstrumentRecord')) {
       globalItems.push({
         icon: DatabaseIcon,
         label: t('layout.navLinks.datahub'),
         url: '/datahub'
       });
     }
     if (
-      currentUser?.ability.can('read', 'Subject') &&
-      currentUser.ability.can('create', 'InstrumentRecord') &&
+      ability?.can('read', 'Subject') &&
+      ability.can('create', 'InstrumentRecord') &&
       setupState.data?.isExperimentalFeaturesEnabled
     ) {
       globalItems.push({
@@ -65,7 +71,7 @@ export function useNavItems() {
         url: '/upload'
       });
     }
-    if (currentGroup && currentUser?.ability.can('manage', 'Group')) {
+    if (currentGroup && ability?.can('manage', 'Group')) {
       globalItems.push({
         icon: UsersIcon,
         label: t('layout.navLinks.manageGroup'),
@@ -74,7 +80,7 @@ export function useNavItems() {
     }
 
     const adminItems: NavItem[] = [];
-    if (currentUser?.ability.can('manage', 'all')) {
+    if (ability?.can('manage', 'all')) {
       adminItems.push({
         icon: CogIcon,
         label: t({
@@ -102,23 +108,23 @@ export function useNavItems() {
     }
 
     const sessionItems: NavItem[] = [];
-    if (currentUser?.ability.can('create', 'Session')) {
+    if (ability?.can('create', 'Session')) {
       sessionItems.push({
         disabled: currentSession !== null,
         icon: CirclePlayIcon,
         label: t('layout.navLinks.startSession'),
         url: '/session/start-session'
       });
     }
-    if (currentUser?.ability.can('create', 'InstrumentRecord')) {
+    if (ability?.can('create', 'InstrumentRecord')) {
       sessionItems.push({
         disabled: currentSession === null,
         icon: ComputerIcon,
         label: t('layout.navLinks.accessibleInstruments'),
         url: '/instruments/accessible-instruments'
       });
     }
-    if (currentUser?.ability.can('read', 'Subject') && currentUser.ability.can('read', 'InstrumentRecord')) {
+    if (ability?.can('read', 'Subject') && ability.can('read', 'InstrumentRecord')) {
       sessionItems.push({
         disabled: currentSession === null,
         icon: EyeIcon,
diff --git a/packages/schemas/src/core/core.ts b/packages/schemas/src/core/core.ts
@@ -17,7 +17,6 @@ export const $AppSubjectName = z.enum([
   'InstrumentRecord',
   'Session',
   'Subject',
-  'Summary',
   'User'
 ]);
 

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,6 @@ enum AppSubject {`
`168`	`168`	`InstrumentRecord`
`169`	`169`	`Session`
`170`	`170`	`Subject`
`171`		`- Summary`
`172`	`171`	`User`
`173`	`172`	`}`
`174`	`173`