Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(organizations): update page access permissions TASK-977 #5219

Merged
merged 3 commits into from
Nov 6, 2024
Merged

feat(organizations): update page access permissions TASK-977 #5219

merged 3 commits into from
Nov 6, 2024

Conversation

jamesrkiger
Copy link
Contributor

@jamesrkiger jamesrkiger commented Nov 1, 2024
edited
Loading

Checklist

  1. If you've added code that should be tested, add tests
  2. If you've changed APIs, update (or create!) the documentation
  3. Ensure the tests pass
  4. Run ./python-format.sh to make sure that your code lints and that you've followed our coding style
  5. Write a title and, if necessary, a description of your work suitable for publishing in our release notes
  6. Mention any related issues in this repository (as #ISSUE) and in other repositories (as kobotoolbox/other#ISSUE)
  7. Open an issue in the docs if there are UI/UX changes
  8. Create a testing plan for the reviewer and add it to the Testing section
  9. Add frontend or backend tag and any other appropriate tags to this pull request

Description

For various pages in account settings, we previously used a wrapper component to verify whether the user was the owner of their org before allowing them to access the page. With the organizations project, this permissions check needs to allow for checking multiple role options. We also need to be able to check whether an org is an mmo for the members page. This PR overhauls the old wrapper component to allow for these checks.

Testing

With Stripe enabled (and products synced), create a new user. Check the routes in the sidenav that were previously wrapped with RequireOrgOwner. There should be no difference with current behavior on main.

Then turn on mmo_override for the org. Create a second user and then add them to the org via django admin. Logged in as the second user, check the routes again. You will have to enter the url manually for members, usage and org settings. You should be redirected to the account settings page, because the second user only has the org role of member. Finally, open the organization in django admin and check "is_admin" for the second user. Check the routes again. The admin should be able to view the members, usage and settings pages but still not the plans page.

@jamesrkiger jamesrkiger changed the title feat(Organizations) Update org page access permissions Task-977 feat(organizations): update page access permissions TASK-977 Nov 4, 2024
@notion-workspace Notion Workspace
Copy link

Account Routing and Sidenav

@jamesrkiger jamesrkiger self-assigned this Nov 4, 2024
pauloamorimbr
pauloamorimbr approved these changes Nov 5, 2024
View reviewed changes
Copy link
Contributor

@pauloamorimbr pauloamorimbr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really nice! 💯

I was able to test after some issues with org creation and setting users! 🙌🏻

Left a nitpick comment.

jsapp/js/account/organizations/validateOrgPermissions.component.tsx Outdated Show resolved Hide resolved
@jamesrkiger jamesrkiger merged commit 70a8673 into main Nov 6, 2024
7 checks passed
@jamesrkiger jamesrkiger deleted the task-977-update-org-page-access-permissions branch November 6, 2024 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pauloamorimbr pauloamorimbr pauloamorimbr approved these changes

@duvld duvld Awaiting requested review from duvld

Assignees

@jamesrkiger jamesrkiger

Labels
Front end
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jamesrkiger @pauloamorimbr