Merge pull request #1825 from overleaf/ta-institutions-staff-hub

Create Institutions Staff Hub GitOrigin-RevId: 6926406951796d2e7dd0903c3d3c4dae87545390
2024-09-16 02:52:31 -04:00 · 2019-06-04 13:10:49 +02:00 · 2019-06-04 13:10:49 +02:00 · a8edafe104
commit a8edafe104
parent 14cbeef31d
2 changed files with 43 additions and 2 deletions
--- a/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js
+++ b/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js
@ -88,6 +88,18 @@ module.exports = UserMembershipAuthorization = {
    )
  },

+  requireInstitutionManagementStaffAccess(req, res, next) {
+    return requireAccessToEntity(
+      'institution',
+      req.params.id,
+      req,
+      res,
+      next,
+      'institutionManagement',
+      true
+    )
+  },
+
  requirePublisherMetricsAccess(req, res, next) {
    return requireAccessToEntity(
      'publisher',
@ -215,13 +227,28 @@ var requireAccessToEntity = function(
  req,
  res,
  next,
-  requiredStaffAccess = null
+  requiredStaffAccess = null,
+  asStaff
 ) {
+  if (asStaff == null) {
+    asStaff = false
+  }
  const loggedInUser = AuthenticationController.getSessionUser(req)
  if (!loggedInUser) {
    return AuthorizationMiddleware.redirectToRestricted(req, res, next)
  }

+  if (asStaff) {
+    if (
+      !loggedInUser.isAdmin &&
+      !(loggedInUser.staffAccess != null
+        ? loggedInUser.staffAccess[requiredStaffAccess]
+        : undefined)
+    ) {
+      return AuthorizationMiddleware.redirectToRestricted(req, res, next)
+    }
+  }
+
  return getEntity(
    entityName,
    entityId,
--- a/services/web/test/unit/src/UserMembership/UserMembershipAuthorizationTests.js
+++ b/services/web/test/unit/src/UserMembership/UserMembershipAuthorizationTests.js
@ -171,7 +171,7 @@ describe('UserMembershipAuthorization', function() {
      )
    })

-    return it('handle anonymous user', function(done) {
+    it('handle anonymous user', function(done) {
      this.AuthenticationController.getSessionUser.returns(null)
      return this.UserMembershipAuthorization.requireGroupMetricsAccess(
        this.req,
@ -185,6 +185,20 @@ describe('UserMembershipAuthorization', function() {
        }
      )
    })
+
+    return it('checks user is staff if required', function(done) {
+      return this.UserMembershipAuthorization.requireInstitutionManagementStaffAccess(
+        this.req,
+        null,
+        error => {
+          expect(error).to.not.exist
+          sinon.assert.called(this.AuthorizationMiddleware.redirectToRestricted)
+          sinon.assert.notCalled(this.UserMembershipHandler.getEntity)
+          expect(this.req.entity).to.not.exist
+          return done()
+        }
+      )
+    })
  })

  return describe('requireEntityAccess', function() {