From 66f551edbb42434cb6b8e0c220fa488fe2c77605 Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Thu, 26 Jan 2023 11:21:09 -0500
Subject: [PATCH] use the 403 response to tell if a user has access to task
 data on the task show page w/ burnettk

---
 .../src/routes/TaskShow.tsx                   | 54 ++++++++-----------
 .../src/services/HttpService.ts               | 12 +++--
 2 files changed, 31 insertions(+), 35 deletions(-)

diff --git a/spiffworkflow-frontend/src/routes/TaskShow.tsx b/spiffworkflow-frontend/src/routes/TaskShow.tsx
index 57d60bdd..9c93ddb9 100644
--- a/spiffworkflow-frontend/src/routes/TaskShow.tsx
+++ b/spiffworkflow-frontend/src/routes/TaskShow.tsx
@@ -19,9 +19,7 @@ import Form from '../themes/carbon';
 import HttpService from '../services/HttpService';
 import useAPIError from '../hooks/UseApiError';
 import { modifyProcessIdentifierForPathParam } from '../helpers';
-import { useUriListForPermissions } from '../hooks/UriListForPermissions';
-import { PermissionsToCheck, ProcessInstanceTask } from '../interfaces';
-import { usePermissionFetcher } from '../hooks/PermissionService';
+import { ProcessInstanceTask } from '../interfaces';
 
 export default function TaskShow() {
   const [task, setTask] = useState<ProcessInstanceTask | null>(null);
@@ -31,40 +29,32 @@ export default function TaskShow() {
 
   const { addError, removeError } = useAPIError();
 
-  const { targetUris } = useUriListForPermissions();
-  const permissionRequestData: PermissionsToCheck = {
-    [targetUris.processInstanceTaskListDataPath]: ['GET'],
-  };
-  const { ability, permissionsLoaded } = usePermissionFetcher(
-    permissionRequestData
-  );
-
   useEffect(() => {
-    if (permissionsLoaded) {
-      const processResult = (result: ProcessInstanceTask) => {
-        setTask(result);
-        const url = `/task-data/${modifyProcessIdentifierForPathParam(
-          result.process_model_identifier
-        )}/${params.process_instance_id}`;
-        if (ability.can('GET', url)) {
-          HttpService.makeCallToBackend({
-            path: url,
-            successCallback: setUserTasks,
-            failureCallback: (error: any) => {
-              addError(error);
-            },
-          });
-        }
-      };
+    const processResult = (result: ProcessInstanceTask) => {
+      setTask(result);
+      const url = `/task-data/${modifyProcessIdentifierForPathParam(
+        result.process_model_identifier
+      )}/${params.process_instance_id}`;
+      // if user is unauthorized to get task-data then don't do anything
+      // Checking like this so we can dynamically create the url with the correct process model
+      //  instead of passing the process model identifier in through the params
       HttpService.makeCallToBackend({
-        path: `/tasks/${params.process_instance_id}/${params.task_id}`,
-        successCallback: processResult,
-        failureCallback: addError,
+        path: url,
+        successCallback: setUserTasks,
+        onUnauthorized: () => {},
+        failureCallback: (error: any) => {
+          addError(error);
+        },
       });
-    }
+    };
+    HttpService.makeCallToBackend({
+      path: `/tasks/${params.process_instance_id}/${params.task_id}`,
+      successCallback: processResult,
+      failureCallback: addError,
+    });
     // FIXME: not sure what to do about addError. adding it to this array causes the page to endlessly reload
     // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [permissionsLoaded, ability, params, targetUris]);
+  }, [params]);
 
   const processSubmitResult = (result: any) => {
     removeError();
diff --git a/spiffworkflow-frontend/src/services/HttpService.ts b/spiffworkflow-frontend/src/services/HttpService.ts
index b6080248..ed2e5149 100644
--- a/spiffworkflow-frontend/src/services/HttpService.ts
+++ b/spiffworkflow-frontend/src/services/HttpService.ts
@@ -21,6 +21,7 @@ type backendCallProps = {
   path: string;
   successCallback: Function;
   failureCallback?: Function;
+  onUnauthorized?: Function;
   httpMethod?: string;
   extraHeaders?: object;
   postBody?: any;
@@ -37,6 +38,7 @@ const makeCallToBackend = ({
   path,
   successCallback,
   failureCallback,
+  onUnauthorized,
   httpMethod = 'GET',
   extraHeaders = {},
   postBody = {},
@@ -88,9 +90,13 @@ backendCallProps) => {
       if (isSuccessful) {
         successCallback(result);
       } else if (is403) {
-        // Hopefully we can make this service a hook and use the error message context directly
-        // eslint-disable-next-line no-alert
-        alert(result.message);
+        if (onUnauthorized) {
+          onUnauthorized(result);
+        } else {
+          // Hopefully we can make this service a hook and use the error message context directly
+          // eslint-disable-next-line no-alert
+          alert(result.message);
+        }
       } else {
         let message = 'A server error occurred.';
         if (result.message) {