#1566 Update permissions for the data entry role

rfcx · Jun 18, 2024 · 84edf92 · 84edf92
1 parent 836663b
commit 84edf92
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 8 deletions.
diff --git a/app/model/users.js b/app/model/users.js
@@ -265,6 +265,14 @@ var Users = {
         ]).nodeify(callback);
     },
 
+    getProjectRole : async function(user_id, project_id) {
+        const q = `select r.name from roles r
+            join user_project_role upr on r.role_id = upr.role_id
+            where upr.user_id = ${user_id} and upr.project_id = ${project_id}`
+            console.log('qqqqq', q)
+        return dbpool.query(q).get(0).get('name');
+    },
+
     findOwnedProjects: function(user_id, query) {
         return dbpool.query(
             "SELECT p.* \n"+

diff --git a/app/routes/project.js b/app/routes/project.js
@@ -59,7 +59,7 @@ router.get('/:projecturl?/', function(req, res, next) {
         }).catch(next);
     }
 
-    model.projects.find({ url: project_url, publicTemplates: true}, function(err, rows) {
+    model.projects.find({ url: project_url, publicTemplates: true}, async function(err, rows) {
             if (err) return next(err);
             if (!rows.length)  {
                 console.log('\n\n---TEMP: /projects 62 string', rows)
@@ -74,7 +74,7 @@ router.get('/:projecturl?/', function(req, res, next) {
                     user: req.session.user
                 });
             }
-
+            const userRole = await model.users.getProjectRole(req.session.user.id, project.project_id)
             model.users.getPermissions(req.session.user.id, project.project_id, function(err, rows) {
                 var permissionsMap = rows.reduce(function(_, p) {
                     _[p.name] = true;
@@ -112,7 +112,7 @@ router.get('/:projecturl?/', function(req, res, next) {
 
                 req.session.user.permissions[project.project_id] = rows;
                 req.session.loggedIn = true
-                var perms = {
+                let perms = {
                     authorized: true,
                     public: !project.is_private,
                     features:{
@@ -131,6 +131,7 @@ router.get('/:projecturl?/', function(req, res, next) {
                     userImage: !!req.session.user && !!req.session.user.imageUrl ? req.session.user.imageUrl : '',
                     userFullName: !!req.session.user && !!req.session.user.firstname ? req.session.user.firstname + ' ' + req.session.user.lastname : '',
                     permissions: rows.map(function(perm) { return perm.name; }),
+                    userRole: userRole ? userRole : 'Guest'
                 };
 
                 req.project = {

diff --git a/assets/app/app/analysis/patternmatching/index.js b/assets/app/app/analysis/patternmatching/index.js
@@ -241,7 +241,7 @@ angular.module('a2.analysis.patternmatching', [
         if (a2UserPermit.isSuper()) {
             return $scope.openExportPopup(exportReport)
         }
-        if (!a2UserPermit.can('manage pattern matchings')) {
+        if (!a2UserPermit.can('manage pattern matchings') || (a2UserPermit.can('manage pattern matchings') && a2UserPermit.getUserRole() !== 'User')) {
             return notify.error('You do not have permission to export data');
         }
         $scope.openExportPopup(exportReport)
@@ -676,7 +676,7 @@ angular.module('a2.analysis.patternmatching', [
     exportPmReport: function ($event) {
         $event.stopPropagation();
         if (a2UserPermit.isSuper()) return this.setupExportUrl()
-        if ((a2UserPermit.all && !a2UserPermit.all.length) || !a2UserPermit.can('export report')) {
+        if (!a2UserPermit.can('manage pattern matchings') || (a2UserPermit.can('manage pattern matchings') && a2UserPermit.getUserRole() !== 'User')) {
             return notify.error('You do not have permission to export Pattern Matching data');
         } else return this.setupExportUrl()
     },

diff --git a/assets/app/app/audiodata/recordings/recordings.js b/assets/app/app/audiodata/recordings/recordings.js
@@ -94,7 +94,7 @@ angular.module('a2.audiodata.recordings', [
     };
 
     this.exportPermit = function() {
-        return a2UserPermit.can('export report')
+        return a2UserPermit.can('manage project recordings') || a2UserPermit.getUserRole() === 'User'
     };
 
     this.createPlaylist = function() {
@@ -319,7 +319,7 @@ angular.module('a2.audiodata.recordings', [
         if (a2UserPermit.isSuper()) {
             return this.openExportPopup(listParams)
         }
-        if ((a2UserPermit.all && !a2UserPermit.all.length) || !a2UserPermit.can('export report')) {
+        if (!a2UserPermit.can('manage project recordings') && a2UserPermit.getUserRole() !== 'User') {
             return notify.error('You do not have permission to export data');
         }
         this.openExportPopup(listParams)

diff --git a/assets/app/app/audiodata/sites.js b/assets/app/app/audiodata/sites.js
@@ -350,7 +350,10 @@ angular.module('a2.audiodata.sites', [
 
     $scope.exportSites = function() {
         if (a2UserPermit.isSuper()) return $downloadResource(Project.getSitesExportUrl());
-        if ((a2UserPermit.all && !a2UserPermit.all.length) || !a2UserPermit.can('export report')) {
+        if (a2UserPermit.getUserRole() === 'Data Entry') {
+            $downloadResource(Project.getSitesExportUrl());
+        }
+        else if (!a2UserPermit.can('manage project sites')) {
             return notify.error('You do not have permission to export sites')
         } else $downloadResource(Project.getSitesExportUrl());
     };

diff --git a/assets/app/services/a2permissions.js b/assets/app/services/a2permissions.js
@@ -28,6 +28,9 @@ angular.module('a2.permissions', [
         getUserImage: function() {
             return permit.userImage;
         },
+        getUserRole: function() {
+            return permit.userRole;
+        },
         getUserFullName: function() {
             return permit.userFullName;
         },