From dba66797595f4b5ba4c5463ee8edc7f7d17a1261 Mon Sep 17 00:00:00 2001 From: Chris Brame Date: Sun, 10 Jul 2022 14:59:58 -0400 Subject: [PATCH] fix(permissions): agents not allowed to update tickets correctly --- .../containers/Settings/Permissions/index.jsx | 9 +++---- .../Settings/Permissions/permissionBody.jsx | 2 +- .../Tickets/SingleTicketContainer.jsx | 9 +++---- src/controllers/api/v1/roles.js | 3 ++- src/controllers/api/v1/settings.js | 5 ++-- src/public/js/modules/helpers.js | 26 ++++++++++++------- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/src/client/containers/Settings/Permissions/index.jsx b/src/client/containers/Settings/Permissions/index.jsx index 98bf9e1c5..4286d16a2 100644 --- a/src/client/containers/Settings/Permissions/index.jsx +++ b/src/client/containers/Settings/Permissions/index.jsx @@ -40,7 +40,7 @@ class PermissionsSettingsContainer extends React.Component { onRoleOrderChanged (e) { const children = $(e.target).children('li') - let arr = [] + const arr = [] for (let i = 0; i < children.length; i++) arr.push($(children[i]).attr('data-key')) this.props.updateRoleOrder({ roleOrder: arr }) @@ -142,7 +142,6 @@ const mapStateToProps = state => ({ settings: state.settings.settings }) -export default connect( - mapStateToProps, - { fetchRoles, updateRoleOrder, showModal, updateSetting } -)(PermissionsSettingsContainer) +export default connect(mapStateToProps, { fetchRoles, updateRoleOrder, showModal, updateSetting })( + PermissionsSettingsContainer +) diff --git a/src/client/containers/Settings/Permissions/permissionBody.jsx b/src/client/containers/Settings/Permissions/permissionBody.jsx index 18c49eb1e..dac233692 100644 --- a/src/client/containers/Settings/Permissions/permissionBody.jsx +++ b/src/client/containers/Settings/Permissions/permissionBody.jsx @@ -129,7 +129,7 @@ class PermissionBody extends React.Component { onSubmit (e) { e.preventDefault() - let obj = {} + const obj = {} obj._id = this.props.role.get('_id') if (this.isAdmin) { obj.admin = ['*'] diff --git a/src/client/containers/Tickets/SingleTicketContainer.jsx b/src/client/containers/Tickets/SingleTicketContainer.jsx index 7b432f335..6e3dde550 100644 --- a/src/client/containers/Tickets/SingleTicketContainer.jsx +++ b/src/client/containers/Tickets/SingleTicketContainer.jsx @@ -273,10 +273,7 @@ class SingleTicketContainer extends React.Component { : [] // Perms - const hasTicketUpdate = - this.ticket && - this.ticket.status !== 3 && - helpers.hasPermOverRole(this.ticket.owner.role, null, 'tickets:update', true) + const hasTicketUpdate = this.ticket && this.ticket.status !== 3 && helpers.canUser('tickets:update') return (
@@ -295,7 +292,7 @@ class SingleTicketContainer extends React.Component { status={this.ticket.status} socket={this.props.socket} onStatusChange={status => (this.ticket.status = status)} - hasPerm={helpers.hasPermOverRole(this.ticket.owner.role, null, 'tickets:update', true)} + hasPerm={hasTicketUpdate} />
{/* Left Side */} @@ -859,6 +856,7 @@ SingleTicketContainer.propTypes = { ticketId: PropTypes.string.isRequired, ticketUid: PropTypes.string.isRequired, shared: PropTypes.object.isRequired, + sessionUser: PropTypes.object, socket: PropTypes.object.isRequired, common: PropTypes.object.isRequired, ticketTypes: PropTypes.object.isRequired, @@ -873,6 +871,7 @@ SingleTicketContainer.propTypes = { const mapStateToProps = state => ({ common: state.common.viewdata, shared: state.shared, + sessionUser: state.shared.sessionUser, socket: state.shared.socket, ticketTypes: state.ticketsState.types, groupsState: state.groupsState diff --git a/src/controllers/api/v1/roles.js b/src/controllers/api/v1/roles.js index 1a10ca736..8e74281bc 100644 --- a/src/controllers/api/v1/roles.js +++ b/src/controllers/api/v1/roles.js @@ -16,6 +16,7 @@ var _ = require('lodash') var async = require('async') var userSchema = require('../../../models/user') var permissions = require('../../../permissions') +const socketEventConsts = require('../../../socketio/socketEventConsts') var rolesV1 = {} @@ -110,7 +111,7 @@ rolesV1.update = function (req, res) { role.updateGrantsAndHierarchy(k, hierarchy, function (err) { if (err) return res.status(400).json({ success: false, error: err }) - emitter.emit('$trudesk:flushRoles') + emitter.emit(socketEventConsts.ROLES_FLUSH) return res.send('OK') }) diff --git a/src/controllers/api/v1/settings.js b/src/controllers/api/v1/settings.js index d904a53df..ccc1c99a3 100644 --- a/src/controllers/api/v1/settings.js +++ b/src/controllers/api/v1/settings.js @@ -19,6 +19,7 @@ var winston = require('winston') var sanitizeHtml = require('sanitize-html') var SettingsSchema = require('../../../models/setting') var settingsUtil = require('../../../settings/settingsUtil') +const socketEventConsts = require('../../../socketio/socketEventConsts') var apiSettings = {} @@ -195,7 +196,7 @@ apiSettings.updateRoleOrder = function (req, res) { order.save(function (err, order) { if (err) return res.status(500).json({ success: false, error: err.message }) - emitter.emit('$trudesk:flushRoles') + emitter.emit(socketEventConsts.ROLES_FLUSH) return res.json({ success: true, roleOrder: order }) }) @@ -203,7 +204,7 @@ apiSettings.updateRoleOrder = function (req, res) { order.updateOrder(req.body.roleOrder, function (err, order) { if (err) return res.status(400).json({ success: false, error: err.message }) - emitter.emit('$trudesk:flushRoles') + emitter.emit(socketEventConsts.ROLES_FLUSH) return res.json({ success: true, roleOrder: order }) }) diff --git a/src/public/js/modules/helpers.js b/src/public/js/modules/helpers.js index 2ef4d2119..ac8b60072 100644 --- a/src/public/js/modules/helpers.js +++ b/src/public/js/modules/helpers.js @@ -1641,8 +1641,8 @@ define([ } helpers.canUser = function (a, adminOverride) { - var role = window.trudeskSessionService.getUser().role - var roles = window.trudeskSessionService.getRoles() + let role = window.trudeskSessionService.getUser().role + const roles = window.trudeskSessionService.getRoles() if (adminOverride === true && role.isAdmin) return true @@ -1677,8 +1677,8 @@ define([ } helpers.hasHierarchyEnabled = function (roleId) { - var roles = window.trudeskSessionService.getRoles() - var role = _.find(roles, function (o) { + const roles = window.trudeskSessionService.getRoles() + const role = _.find(roles, function (o) { return o._id.toString() === roleId.toString() }) if (_.isUndefined(role) || _.isUndefined(role.hierarchy)) throw new Error('Invalid Role: ' + roleId) @@ -1755,6 +1755,7 @@ define([ helpers.hasPermOverRole = function (ownerRole, extRole, action, adminOverride) { if (action && !helpers.canUser(action, adminOverride)) return false if (!extRole) extRole = window.trudeskSessionService.getUser().role + if (!_.isObject(ownerRole) || !_.isObject(extRole)) { console.log('Invalid Role Sent to helpers.hasPermOverRole. [Must be role obj]') console.log('Owner: ' + ownerRole) @@ -1775,20 +1776,27 @@ define([ if (extRole && extRole.isAdmin) { return true } else { - var r = window.trudeskSessionService.getRoles() - var role = _.find(r, function (_role) { + const r = window.trudeskSessionService.getRoles() + const role = _.find(r, function (_role) { return _role._id.toString() === extRole._id.toString() }) if (!_.isUndefined(role) && role.isAdmin) return true } } - var roles = helpers.parseRoleHierarchy(extRole._id) + if (!helpers.hasHierarchyEnabled(extRole._id)) { + return ownerRole._id === extRole._id + } - var i = _.find(roles, function (o) { - return o.toString() === ownerRole.toString() + const roles = helpers.parseRoleHierarchy(extRole._id) + // console.log('My Role ID: ', extRole._id) + // console.log('Hierarchy: ', roles) + const i = _.find(roles, function (o) { + return o.toString() === ownerRole._id.toString() }) + // console.log('Found in Hierarchy: ', i) + return !_.isUndefined(i) }