Skip to content

Commit

Permalink
added the configurable ability to restrict generation of a given coho…
Browse files Browse the repository at this point in the history
…rt to only persons who have been granted permission to change the same cohort.
  • Loading branch information
rkboyce committed May 9, 2024
1 parent 8396b4d commit 0493316
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 11 deletions.
15 changes: 8 additions & 7 deletions js/components/security/access/configure-access-modal.html
Original file line number Diff line number Diff line change
Expand Up @@ -92,19 +92,20 @@
<label data-bind="css: classes('new-access-label'), text: ko.i18n('common.configureAccessModal.globalReadStatus', 'Status of global READ access:')"></label>
<div/>
<div class="btn-group" data-toggle="buttons">
<label data-bind="css: { active: shareFlag() },
click: function () { shareFlag(true); revokeGlobalReadAccess();},
<label data-bind="css: { active: !shareFlag()},
click: function () { shareFlag(false); grantGlobalReadAccess();},
clickBubble: false,
text: ko.i18n('common.configureAccessModal.globalReadStatusNotGranted', 'Not Granted')
text: ko.i18n('common.configureAccessModal.globalReadStatusNotGranted', 'Granted')
"
class="btn btn-primary",
/>
<label data-bind="css: { active: !shareFlag() },
click: function () { shareFlag(false); grantGlobalReadAccess();},
<label data-bind="css: {
active: shareFlag()},
click: function () { shareFlag(true); revokeGlobalReadAccess();},
clickBubble: false,
text: ko.i18n('common.configureAccessModal.globalReadStatusIsGranted', 'Granted')
text: ko.i18n('common.configureAccessModal.globalReadStatusIsGranted', 'Not Granted')
"
class="btn btn-primary",
class="btn btn-primary",
/>
</div>
</div>
Expand Down
4 changes: 2 additions & 2 deletions js/components/security/access/configure-access-modal.js
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ define([
this.isLoading(true);
try {
console.log('grantGlobalReadAccess function called to grant read permissions!! shareflag: ' + this.shareFlag());
await this.grantAccessFn('1','READ'); // 16 is the 'public' role, a SYSTEM role every user should have
await this.grantAccessFn('1','READ'); // 1 is the 'public' role, a SYSTEM role every user should have
await this.loadAccessList();
} catch (ex) {
console.log(ex);
Expand All @@ -168,7 +168,7 @@ define([
this.isLoading(true);
try {
console.log('revokeGlobalReadAccess function called to REVOKE read permissions!! shareflag: ' + this.shareFlag());
await this.revokeAccessFn('1','READ'); // 16 is the 'public' role, a SYSTEM role every user should have
await this.revokeAccessFn('1','READ'); // 1 is the 'public' role, a SYSTEM role every user should have
await this.loadAccessList();
} catch (ex) {
console.log(ex);
Expand Down
14 changes: 12 additions & 2 deletions js/services/AuthAPI.js
Original file line number Diff line number Diff line change
Expand Up @@ -407,8 +407,18 @@ define(function(require, exports) {
}

var isPermittedGenerateCohort = function(cohortId, sourceKey) {
return isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') &&
isPermitted('cohortdefinition:' + cohortId + ':info:get');
var v = isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') &&
isPermitted('cohortdefinition:' + cohortId + ':info:get');

// By default, everyone can generate any artifact they have
// permission to read. If a permissionManagementRoleId has
// been assigned, (non- empty string assignment), the default
// generate functionality is not desired. Rather, users will have to
// have a role that allows them to update the specific cohort definition.
if (config.permissionManagementRoleId !== ""){
v = v && isPermitted('cohortdefinition:' + cohortId + ':put')
}

This comment has been minimized.

Copy link
@pieterlukasse

pieterlukasse May 10, 2024

👍

return v
}

var isPermittedReadCohortReport = function(cohortId, sourceKey) {
Expand Down

0 comments on commit 0493316

Please sign in to comment.