use the 403 response to tell if a user has access to task data on the task show page w/ burnettk
This commit is contained in:
jasquat
parent
108c39c1cf
commit
89e2e80da1
|
|
@ -19,9 +19,7 @@ import Form from '../themes/carbon';
|
||||||
import HttpService from '../services/HttpService';
|
import HttpService from '../services/HttpService';
|
||||||
import useAPIError from '../hooks/UseApiError';
|
import useAPIError from '../hooks/UseApiError';
|
||||||
import { modifyProcessIdentifierForPathParam } from '../helpers';
|
import { modifyProcessIdentifierForPathParam } from '../helpers';
|
||||||
import { useUriListForPermissions } from '../hooks/UriListForPermissions';
|
import { ProcessInstanceTask } from '../interfaces';
|
||||||
import { PermissionsToCheck, ProcessInstanceTask } from '../interfaces';
|
|
||||||
import { usePermissionFetcher } from '../hooks/PermissionService';
|
|
||||||
|
|
||||||
export default function TaskShow() {
|
export default function TaskShow() {
|
||||||
const [task, setTask] = useState<ProcessInstanceTask | null>(null);
|
const [task, setTask] = useState<ProcessInstanceTask | null>(null);
|
||||||
|
|
@ -31,40 +29,32 @@ export default function TaskShow() {
|
||||||
|
|
||||||
const { addError, removeError } = useAPIError();
|
const { addError, removeError } = useAPIError();
|
||||||
|
|
||||||
const { targetUris } = useUriListForPermissions();
|
|
||||||
const permissionRequestData: PermissionsToCheck = {
|
|
||||||
[targetUris.processInstanceTaskListDataPath]: ['GET'],
|
|
||||||
};
|
|
||||||
const { ability, permissionsLoaded } = usePermissionFetcher(
|
|
||||||
permissionRequestData
|
|
||||||
);
|
|
||||||
|
|
||||||
useEffect(() => {
|
useEffect(() => {
|
||||||
if (permissionsLoaded) {
|
const processResult = (result: ProcessInstanceTask) => {
|
||||||
const processResult = (result: ProcessInstanceTask) => {
|
setTask(result);
|
||||||
setTask(result);
|
const url = `/task-data/${modifyProcessIdentifierForPathParam(
|
||||||
const url = `/task-data/${modifyProcessIdentifierForPathParam(
|
result.process_model_identifier
|
||||||
result.process_model_identifier
|
)}/${params.process_instance_id}`;
|
||||||
)}/${params.process_instance_id}`;
|
// if user is unauthorized to get task-data then don't do anything
|
||||||
if (ability.can('GET', url)) {
|
// Checking like this so we can dynamically create the url with the correct process model
|
||||||
HttpService.makeCallToBackend({
|
// instead of passing the process model identifier in through the params
|
||||||
path: url,
|
|
||||||
successCallback: setUserTasks,
|
|
||||||
failureCallback: (error: any) => {
|
|
||||||
addError(error);
|
|
||||||
},
|
|
||||||
});
|
|
||||||
}
|
|
||||||
};
|
|
||||||
HttpService.makeCallToBackend({
|
HttpService.makeCallToBackend({
|
||||||
path: `/tasks/${params.process_instance_id}/${params.task_id}`,
|
path: url,
|
||||||
successCallback: processResult,
|
successCallback: setUserTasks,
|
||||||
failureCallback: addError,
|
onUnauthorized: () => {},
|
||||||
|
failureCallback: (error: any) => {
|
||||||
|
addError(error);
|
||||||
|
},
|
||||||
});
|
});
|
||||||
}
|
};
|
||||||
|
HttpService.makeCallToBackend({
|
||||||
|
path: `/tasks/${params.process_instance_id}/${params.task_id}`,
|
||||||
|
successCallback: processResult,
|
||||||
|
failureCallback: addError,
|
||||||
|
});
|
||||||
// FIXME: not sure what to do about addError. adding it to this array causes the page to endlessly reload
|
// FIXME: not sure what to do about addError. adding it to this array causes the page to endlessly reload
|
||||||
// eslint-disable-next-line react-hooks/exhaustive-deps
|
// eslint-disable-next-line react-hooks/exhaustive-deps
|
||||||
}, [permissionsLoaded, ability, params, targetUris]);
|
}, [params]);
|
||||||
|
|
||||||
const processSubmitResult = (result: any) => {
|
const processSubmitResult = (result: any) => {
|
||||||
removeError();
|
removeError();
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ type backendCallProps = {
|
||||||
path: string;
|
path: string;
|
||||||
successCallback: Function;
|
successCallback: Function;
|
||||||
failureCallback?: Function;
|
failureCallback?: Function;
|
||||||
|
onUnauthorized?: Function;
|
||||||
httpMethod?: string;
|
httpMethod?: string;
|
||||||
extraHeaders?: object;
|
extraHeaders?: object;
|
||||||
postBody?: any;
|
postBody?: any;
|
||||||
|
|
@ -37,6 +38,7 @@ const makeCallToBackend = ({
|
||||||
path,
|
path,
|
||||||
successCallback,
|
successCallback,
|
||||||
failureCallback,
|
failureCallback,
|
||||||
|
onUnauthorized,
|
||||||
httpMethod = 'GET',
|
httpMethod = 'GET',
|
||||||
extraHeaders = {},
|
extraHeaders = {},
|
||||||
postBody = {},
|
postBody = {},
|
||||||
|
|
@ -88,9 +90,13 @@ backendCallProps) => {
|
||||||
if (isSuccessful) {
|
if (isSuccessful) {
|
||||||
successCallback(result);
|
successCallback(result);
|
||||||
} else if (is403) {
|
} else if (is403) {
|
||||||
// Hopefully we can make this service a hook and use the error message context directly
|
if (onUnauthorized) {
|
||||||
// eslint-disable-next-line no-alert
|
onUnauthorized(result);
|
||||||
alert(result.message);
|
} else {
|
||||||
|
// Hopefully we can make this service a hook and use the error message context directly
|
||||||
|
// eslint-disable-next-line no-alert
|
||||||
|
alert(result.message);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
let message = 'A server error occurred.';
|
let message = 'A server error occurred.';
|
||||||
if (result.message) {
|
if (result.message) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue