sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use the 403 response to tell if a user has access to task data on the task show page w/ burnettk

This commit is contained in:
jasquat 2023-01-26 11:21:09 -05:00
parent 108c39c1cf
commit 89e2e80da1
2 changed files with 31 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
spiffworkflow-frontend/src/routes/TaskShow.tsx
View File

@ -19,9 +19,7 @@ import Form from '../themes/carbon';
import HttpService from '../services/HttpService';
import useAPIError from '../hooks/UseApiError';
import { modifyProcessIdentifierForPathParam } from '../helpers';
import { useUriListForPermissions } from '../hooks/UriListForPermissions';
import { PermissionsToCheck, ProcessInstanceTask } from '../interfaces';
import { usePermissionFetcher } from '../hooks/PermissionService';
import { ProcessInstanceTask } from '../interfaces';
export default function TaskShow() {
const [task, setTask] = useState<ProcessInstanceTask | null>(null);
@ -31,40 +29,32 @@ export default function TaskShow() {
const { addError, removeError } = useAPIError();
const { targetUris } = useUriListForPermissions();
const permissionRequestData: PermissionsToCheck = {
[targetUris.processInstanceTaskListDataPath]: ['GET'],
};
const { ability, permissionsLoaded } = usePermissionFetcher(
permissionRequestData
);
useEffect(() => {
if (permissionsLoaded) {
const processResult = (result: ProcessInstanceTask) => {
setTask(result);
const url = `/task-data/${modifyProcessIdentifierForPathParam(
result.process_model_identifier
)}/${params.process_instance_id}`;
if (ability.can('GET', url)) {
HttpService.makeCallToBackend({
path: url,
successCallback: setUserTasks,
failureCallback: (error: any) => {
addError(error);
},
});
}
};
const processResult = (result: ProcessInstanceTask) => {
setTask(result);
const url = `/task-data/${modifyProcessIdentifierForPathParam(
result.process_model_identifier
)}/${params.process_instance_id}`;
// if user is unauthorized to get task-data then don't do anything
// Checking like this so we can dynamically create the url with the correct process model
// instead of passing the process model identifier in through the params
HttpService.makeCallToBackend({
path: `/tasks/${params.process_instance_id}/${params.task_id}`,
successCallback: processResult,
failureCallback: addError,
path: url,
successCallback: setUserTasks,
onUnauthorized: () => {},
failureCallback: (error: any) => {
addError(error);
},
});
}
};
HttpService.makeCallToBackend({
path: `/tasks/${params.process_instance_id}/${params.task_id}`,
successCallback: processResult,
failureCallback: addError,
});
// FIXME: not sure what to do about addError. adding it to this array causes the page to endlessly reload
// eslint-disable-next-line react-hooks/exhaustive-deps
}, [permissionsLoaded, ability, params, targetUris]);
}, [params]);
const processSubmitResult = (result: any) => {
removeError();

12
spiffworkflow-frontend/src/services/HttpService.ts
View File

@ -21,6 +21,7 @@ type backendCallProps = {
path: string;
successCallback: Function;
failureCallback?: Function;
onUnauthorized?: Function;
httpMethod?: string;
extraHeaders?: object;
postBody?: any;
@ -37,6 +38,7 @@ const makeCallToBackend = ({
path,
successCallback,
failureCallback,
onUnauthorized,
httpMethod = 'GET',
extraHeaders = {},
postBody = {},
@ -88,9 +90,13 @@ backendCallProps) => {
if (isSuccessful) {
successCallback(result);
} else if (is403) {
// Hopefully we can make this service a hook and use the error message context directly
// eslint-disable-next-line no-alert
alert(result.message);
if (onUnauthorized) {
onUnauthorized(result);
} else {
// Hopefully we can make this service a hook and use the error message context directly
// eslint-disable-next-line no-alert
alert(result.message);
}
} else {
let message = 'A server error occurred.';
if (result.message) {