Merge branch 'feature-DASH-29_issue-with-dashboard-exported-data-irre…

…levant-data-and-incorrect-permission-status' into release-3.1.0
pixl8 · Jun 24, 2024 · e6a43c5 · e6a43c5
2 parents a7d7118 + c2c01bc
commit e6a43c5
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## v3.0.6
+
+* [DASH-26](https://projects.pixl8.london/browse/DASH-26) - (p1) There is no Granular permissions for Admin Dashboards
+* [DASH-27](https://projects.pixl8.london/browse/DASH-27) - (p1) Infinite load on keyword search on admin dashboard list
+
 ## v3.0.5
 
 * Update build version generator

diff --git a/handlers/admin/datamanager/admin_dashboard.cfc b/handlers/admin/datamanager/admin_dashboard.cfc
@@ -57,6 +57,12 @@ component extends="preside.system.base.AdminHandler" {
 					, adminUserGroups = { type="varchar", value=adminUserGroups, list=true }
 				  }
 			} );
+
+			ArrayAppend( args.selectFields, "owner_id"         );
+			ArrayAppend( args.selectFields, "view_groups_list" );
+			ArrayAppend( args.selectFields, "view_users_list"  );
+			ArrayAppend( args.selectFields, "edit_groups_list" );
+			ArrayAppend( args.selectFields, "edit_users_list"  );
 		}
 	}
 
@@ -74,22 +80,27 @@ component extends="preside.system.base.AdminHandler" {
 		var canEditThis     = false;
 		var hasFullAccess   = dashboardService.hasFullAccess( adminUserId );
 
-
-		for( var r in records ){
-			canEditThis = prc.canEdit && ( r.owner_id == adminUserId || ( r.edit_access == "specific" && ( listFind( r.edit_users_list, adminUserId ) || _listFindOneOf( r.edit_groups_list, adminUserGroups ) ) ) );
+		for ( var r in records ) {
+			canEditThis = ( prc.canEdit ?: false ) && ( r.owner_id == adminUserId || ( r.edit_access == "specific" && ( listFind( r.edit_users_list, adminUserId ) || _listFindOneOf( r.edit_groups_list, adminUserGroups ) ) ) );
 			canViewThis = canEditThis || r.view_access == "public" || ( r.view_access == "specific" && ( listFind( r.view_users_list, adminUserId ) || _listFindOneOf( r.view_groups_list, adminUserGroups ) ) )
 			ArrayAppend( canEdit  , hasFullAccess || canEditThis );
 			ArrayAppend( canView  , hasFullAccess || canViewThis );
 			ArrayAppend( canShare , hasFullAccess || r.owner_id == adminUserId );
-			ArrayAppend( canDelete, hasFullAccess || ( prc.canDelete && r.owner_id == adminUserId ) );
-			ArrayAppend( canClone , hasFullAccess || ( prc.canClone && canViewThis ) );
+			ArrayAppend( canDelete, hasFullAccess || ( ( prc.canDelete ?: false ) && r.owner_id == adminUserId ) );
+			ArrayAppend( canClone , hasFullAccess || ( ( prc.canClone  ?: false ) && canViewThis ) );
 		}
 
-		QueryAddColumn( records, "canView", canView );
-		QueryAddColumn( records, "canEdit", canEdit );
-		QueryAddColumn( records, "canShare", canShare );
+		QueryAddColumn( records, "canView"  , canView   );
+		QueryAddColumn( records, "canEdit"  , canEdit   );
+		QueryAddColumn( records, "canShare" , canShare  );
 		QueryAddColumn( records, "canDelete", canDelete );
-		QueryAddColumn( records, "canClone", canClone );
+		QueryAddColumn( records, "canClone" , canClone  );
+
+		QueryDeleteColumn( records, "owner_id"         );
+		QueryDeleteColumn( records, "view_groups_list" );
+		QueryDeleteColumn( records, "view_users_list"  );
+		QueryDeleteColumn( records, "edit_groups_list" );
+		QueryDeleteColumn( records, "edit_users_list"  );
 	}
 
 	private array function getRecordActionsForGridListing( event, rc, prc, args={} ) {

diff --git a/preside-objects/admin_dashboard.cfc b/preside-objects/admin_dashboard.cfc
@@ -25,9 +25,9 @@ component  {
 	property name="edit_groups" adminRenderer="ObjectRelatedRecordsList" relationship="many-to-many" relatedTo="security_group" relatedVia="admin_dashboard_edit_group" cloneable=false;
 	property name="edit_users"  adminRenderer="ObjectRelatedRecordsList" relationship="many-to-many" relatedTo="security_user"  relatedVia="admin_dashboard_edit_user"  cloneable=false;
 
-	property name="owner_id"         adminRenderer="none" type="string" formula="${prefix}owner.id";
-	property name="view_groups_list" adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}view_groups.id )";
-	property name="view_users_list"  adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}view_users.id )";
-	property name="edit_groups_list" adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}edit_groups.id )";
-	property name="edit_users_list"  adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}edit_users.id )";
+	property name="owner_id"         adminRenderer="none" type="string" formula="${prefix}owner.id"                                excludeDataExport=true;
+	property name="view_groups_list" adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}view_groups.id )" excludeDataExport=true;
+	property name="view_users_list"  adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}view_users.id )"  excludeDataExport=true;
+	property name="edit_groups_list" adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}edit_groups.id )" excludeDataExport=true;
+	property name="edit_users_list"  adminRenderer="none" type="string" formula="group_concat( distinct ${prefix}edit_users.id )"  excludeDataExport=true;
 }