Skip to content

Commit dba6679

Browse files
polonelpolonel
committed
fix(permissions): agents not allowed to update tickets correctly
1 parent 6d14741 commit dba6679

File tree

6 files changed

+31
-23
lines changed

6 files changed

+31
-23
lines changed

src/client/containers/Settings/Permissions/index.jsx

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ class PermissionsSettingsContainer extends React.Component {
4040

4141
onRoleOrderChanged (e) {
4242
const children = $(e.target).children('li')
43-
let arr = []
43+
const arr = []
4444
for (let i = 0; i < children.length; i++) arr.push($(children[i]).attr('data-key'))
4545

4646
this.props.updateRoleOrder({ roleOrder: arr })
@@ -142,7 +142,6 @@ const mapStateToProps = state => ({
142142
settings: state.settings.settings
143143
})
144144

145-
export default connect(
146-
mapStateToProps,
147-
{ fetchRoles, updateRoleOrder, showModal, updateSetting }
148-
)(PermissionsSettingsContainer)
145+
export default connect(mapStateToProps, { fetchRoles, updateRoleOrder, showModal, updateSetting })(
146+
PermissionsSettingsContainer
147+
)

src/client/containers/Settings/Permissions/permissionBody.jsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,7 +129,7 @@ class PermissionBody extends React.Component {
129129

130130
onSubmit (e) {
131131
e.preventDefault()
132-
let obj = {}
132+
const obj = {}
133133
obj._id = this.props.role.get('_id')
134134
if (this.isAdmin) {
135135
obj.admin = ['*']

src/client/containers/Tickets/SingleTicketContainer.jsx

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -273,10 +273,7 @@ class SingleTicketContainer extends React.Component {
273273
: []
274274

275275
// Perms
276-
const hasTicketUpdate =
277-
this.ticket &&
278-
this.ticket.status !== 3 &&
279-
helpers.hasPermOverRole(this.ticket.owner.role, null, 'tickets:update', true)
276+
const hasTicketUpdate = this.ticket && this.ticket.status !== 3 && helpers.canUser('tickets:update')
280277

281278
return (
282279
<div className={'uk-clearfix uk-position-relative'} style={{ width: '100%', height: '100vh' }}>
@@ -295,7 +292,7 @@ class SingleTicketContainer extends React.Component {
295292
status={this.ticket.status}
296293
socket={this.props.socket}
297294
onStatusChange={status => (this.ticket.status = status)}
298-
hasPerm={helpers.hasPermOverRole(this.ticket.owner.role, null, 'tickets:update', true)}
295+
hasPerm={hasTicketUpdate}
299296
/>
300297
</div>
301298
{/* Left Side */}
@@ -859,6 +856,7 @@ SingleTicketContainer.propTypes = {
859856
ticketId: PropTypes.string.isRequired,
860857
ticketUid: PropTypes.string.isRequired,
861858
shared: PropTypes.object.isRequired,
859+
sessionUser: PropTypes.object,
862860
socket: PropTypes.object.isRequired,
863861
common: PropTypes.object.isRequired,
864862
ticketTypes: PropTypes.object.isRequired,
@@ -873,6 +871,7 @@ SingleTicketContainer.propTypes = {
873871
const mapStateToProps = state => ({
874872
common: state.common.viewdata,
875873
shared: state.shared,
874+
sessionUser: state.shared.sessionUser,
876875
socket: state.shared.socket,
877876
ticketTypes: state.ticketsState.types,
878877
groupsState: state.groupsState

src/controllers/api/v1/roles.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ var _ = require('lodash')
1616
var async = require('async')
1717
var userSchema = require('../../../models/user')
1818
var permissions = require('../../../permissions')
19+
const socketEventConsts = require('../../../socketio/socketEventConsts')
1920

2021
var rolesV1 = {}
2122

@@ -110,7 +111,7 @@ rolesV1.update = function (req, res) {
110111
role.updateGrantsAndHierarchy(k, hierarchy, function (err) {
111112
if (err) return res.status(400).json({ success: false, error: err })
112113

113-
emitter.emit('$trudesk:flushRoles')
114+
emitter.emit(socketEventConsts.ROLES_FLUSH)
114115

115116
return res.send('OK')
116117
})

src/controllers/api/v1/settings.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ var winston = require('winston')
1919
var sanitizeHtml = require('sanitize-html')
2020
var SettingsSchema = require('../../../models/setting')
2121
var settingsUtil = require('../../../settings/settingsUtil')
22+
const socketEventConsts = require('../../../socketio/socketEventConsts')
2223

2324
var apiSettings = {}
2425

@@ -195,15 +196,15 @@ apiSettings.updateRoleOrder = function (req, res) {
195196
order.save(function (err, order) {
196197
if (err) return res.status(500).json({ success: false, error: err.message })
197198

198-
emitter.emit('$trudesk:flushRoles')
199+
emitter.emit(socketEventConsts.ROLES_FLUSH)
199200

200201
return res.json({ success: true, roleOrder: order })
201202
})
202203
} else {
203204
order.updateOrder(req.body.roleOrder, function (err, order) {
204205
if (err) return res.status(400).json({ success: false, error: err.message })
205206

206-
emitter.emit('$trudesk:flushRoles')
207+
emitter.emit(socketEventConsts.ROLES_FLUSH)
207208

208209
return res.json({ success: true, roleOrder: order })
209210
})

src/public/js/modules/helpers.js

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1641,8 +1641,8 @@ define([
16411641
}
16421642

16431643
helpers.canUser = function (a, adminOverride) {
1644-
var role = window.trudeskSessionService.getUser().role
1645-
var roles = window.trudeskSessionService.getRoles()
1644+
let role = window.trudeskSessionService.getUser().role
1645+
const roles = window.trudeskSessionService.getRoles()
16461646

16471647
if (adminOverride === true && role.isAdmin) return true
16481648

@@ -1677,8 +1677,8 @@ define([
16771677
}
16781678

16791679
helpers.hasHierarchyEnabled = function (roleId) {
1680-
var roles = window.trudeskSessionService.getRoles()
1681-
var role = _.find(roles, function (o) {
1680+
const roles = window.trudeskSessionService.getRoles()
1681+
const role = _.find(roles, function (o) {
16821682
return o._id.toString() === roleId.toString()
16831683
})
16841684
if (_.isUndefined(role) || _.isUndefined(role.hierarchy)) throw new Error('Invalid Role: ' + roleId)
@@ -1755,6 +1755,7 @@ define([
17551755
helpers.hasPermOverRole = function (ownerRole, extRole, action, adminOverride) {
17561756
if (action && !helpers.canUser(action, adminOverride)) return false
17571757
if (!extRole) extRole = window.trudeskSessionService.getUser().role
1758+
17581759
if (!_.isObject(ownerRole) || !_.isObject(extRole)) {
17591760
console.log('Invalid Role Sent to helpers.hasPermOverRole. [Must be role obj]')
17601761
console.log('Owner: ' + ownerRole)
@@ -1775,20 +1776,27 @@ define([
17751776
if (extRole && extRole.isAdmin) {
17761777
return true
17771778
} else {
1778-
var r = window.trudeskSessionService.getRoles()
1779-
var role = _.find(r, function (_role) {
1779+
const r = window.trudeskSessionService.getRoles()
1780+
const role = _.find(r, function (_role) {
17801781
return _role._id.toString() === extRole._id.toString()
17811782
})
17821783
if (!_.isUndefined(role) && role.isAdmin) return true
17831784
}
17841785
}
17851786

1786-
var roles = helpers.parseRoleHierarchy(extRole._id)
1787+
if (!helpers.hasHierarchyEnabled(extRole._id)) {
1788+
return ownerRole._id === extRole._id
1789+
}
17871790

1788-
var i = _.find(roles, function (o) {
1789-
return o.toString() === ownerRole.toString()
1791+
const roles = helpers.parseRoleHierarchy(extRole._id)
1792+
// console.log('My Role ID: ', extRole._id)
1793+
// console.log('Hierarchy: ', roles)
1794+
const i = _.find(roles, function (o) {
1795+
return o.toString() === ownerRole._id.toString()
17901796
})
17911797

1798+
// console.log('Found in Hierarchy: ', i)
1799+
17921800
return !_.isUndefined(i)
17931801
}
17941802

0 commit comments

Comments
 (0)