152 create a permission group for users (#154)

* Possibly works. need to merge main * Updated readme for env var * Allow for missing group env var (training) * Added uml documentation for user permissions * changed user.permissions to user.write_allowed
cdisc-org · Feb 14, 2023 · 1879dfc · 1879dfc
1 parent c73b8c1
commit 1879dfc
Show file tree

Hide file tree

Showing 13 changed files with 328 additions and 265 deletions.
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ https://cdisc-org.github.io/conformance-rules-editor/
          "SWA_TENANT_ID": "<Static Web App Tenant ID>",
          "SWA_CLIENT_ID": "<Static Web App Client ID>",
          "SWA_CLIENT_SECRET": "<Static Web App Client Secret>",
+         "CORE_AUTHOR_GROUP": "<User Group ID for write permissions>"
        }
    }
    ```

diff --git a/api/get_permissions/function.json b/api/get_permissions/function.json
@@ -0,0 +1,18 @@
+{
+  "bindings": [
+    {
+      "authLevel": "anonymous",
+      "type": "httpTrigger",
+      "direction": "in",
+      "name": "req",
+      "methods": ["get"],
+      "route": "permissions"
+    },
+    {
+      "type": "http",
+      "direction": "out",
+      "name": "res"
+    }
+  ],
+  "scriptFile": "../dist/get_permissions/index.js"
+}
diff --git a/api/get_permissions/index.ts b/api/get_permissions/index.ts
@@ -0,0 +1,16 @@
+import { USERS_PROVIDER } from "../providers/BaseUsers";
+import handle_response from "../utils/handle_response";
+
+export default async (context, req) => {
+  const user = JSON.parse(
+    Buffer.from(req.headers["x-ms-client-principal"], "base64").toString(
+      "ascii"
+    )
+  );
+  await handle_response(context, async () => ({
+    body: await USERS_PROVIDER.getUserPermissions({
+      id: user.userId,
+      name: user.userDetails,
+    }),
+  }));
+};
diff --git a/api/providers/MSGraphUsers.ts b/api/providers/MSGraphUsers.ts
@@ -96,7 +96,19 @@ const getUsersByName = async (name: string): Promise<IUser[]> => {
   return users;
 };
 
+const getUserPermissions = async (user: IUser): Promise<IUser> => {
+  if ("CORE_AUTHOR_GROUP" in process.env) {
+    var link = `/users/${user.id}/memberOf?$count=true&$filter=id eq '${process.env["CORE_AUTHOR_GROUP"]}'`;
+    const response = await client.api(link).get();
+    user.write_allowed = response.value && response.value.length === 1;
+  } else {
+    user.write_allowed = true;
+  }
+  return user;
+};
+
 export default {
   getUsersByIds,
   getUsersByName,
+  getUserPermissions,
 };
diff --git a/api/types/IUser.ts b/api/types/IUser.ts
@@ -2,4 +2,5 @@ export interface IUser {
   id: string;
   name?: string;
   company?: string;
+  write_allowed?: boolean;
 }
diff --git a/api/types/IUsers.ts b/api/types/IUsers.ts
@@ -3,4 +3,5 @@ import { IUser } from "./IUser";
 export interface IUsers {
   getUsersByIds: (ids: string[]) => Promise<{ [id: string]: IUser }>;
   getUsersByName: (name: string) => Promise<IUser[]>;
+  getUserPermissions: (user: IUser) => Promise<IUser>;
 }
diff --git a/docs/dev/doc.svg b/docs/dev/doc.svg
diff --git a/docs/dev/doc.yuml b/docs/dev/doc.yuml
@@ -19,7 +19,7 @@
 [Base Storage Provider|Get-Rules();Get-Rule();Post-Rule();Patch-Rule();Delete-Rule();Max-CoreId();{bg:orange}]
 [Drupal Storage{bg:orange}]
 [Cosmos SQL Storage{bg:orange}]
-[Base Users Provider|Get-Users-By-Ids();Get-Users-By-Name();{bg:orange}]
+[Base Users Provider|Get-Users-By-Ids();Get-Users-By-Name();Get-User-Permissions();{bg:orange}]
 [MS Graph Users{bg:orange}]
 
 // Azure SWA
@@ -36,7 +36,7 @@
 
 // Users
 [Users|id]
-[User|id;name]
+[User|id;name;company;write_allowed]
 
 // RELATIONSHIPS