merge: merge branch 'THU/viewer_security_changes_PROD-14244'

Author: csm-thu

cypress/commons/constants/generic/TestConstants.js

@@ -120,7 +120,7 @@ export const PERMISSIONS = {
 
 export const ROLES_PERMISSIONS_MAP = {
   [ROLES.SCENARIO.VIEWER]: {
-    granted: [PERMISSIONS.SCENARIO.READ, PERMISSIONS.SCENARIO.READ_SECURITY],
+    granted: [PERMISSIONS.SCENARIO.READ],
     notGranted: [
       PERMISSIONS.SCENARIO.LAUNCH,
       PERMISSIONS.SCENARIO.WRITE,

cypress/e2e/brewery/ScenarioSharing.cy.js

@@ -147,25 +147,12 @@ describe('Check workspace permissions for Viewer, Editor & Validator', () => {
     stub.stop();
   });
 
-  it('Check Viewer permissions', () => {
+  it('must show a disabled button when role is Viewer', () => {
     const scenario = SHARED_SCENARIOS_LIST[0];
     ScenarioSelector.selectScenario(scenario.name, scenario.id, true);
 
     Scenarios.getScenarioValidateButton().should('not.exist');
-    RolesEdition.getShareButton().should('be.visible').should('not.be.disabled').click();
-    RolesEdition.getShareDialogAgentsSelect().should('not.exist');
-    RolesEdition.getRoleEditorAgentName(USERS_LIST[1].email).should('have.text', USERS_LIST[1].email);
-    RolesEdition.getSelectedOptionByAgent(USERS_LIST[1].email).should('value', ROLES.SCENARIO.VIEWER);
-    RolesEdition.isRoleEditorSelectorDisabled(USERS_LIST[1].email).should('eq', 'true');
-    RolesEdition.getRoleEditorAgentName(USERS_LIST[2].email).should('have.text', USERS_LIST[2].email);
-    RolesEdition.getSelectedOptionByAgent(USERS_LIST[2].email).should('value', ROLES.SCENARIO.EDITOR);
-    RolesEdition.isRoleEditorSelectorDisabled(USERS_LIST[2].email).should('eq', 'true');
-    RolesEdition.getRoleEditorAgentName(USERS_LIST[3].email).should('have.text', USERS_LIST[3].email);
-    RolesEdition.getSelectedOptionByAgent(USERS_LIST[3].email).should('value', ROLES.SCENARIO.VALIDATOR);
-    RolesEdition.isRoleEditorSelectorDisabled(USERS_LIST[3].email).should('eq', 'true');
-    RolesEdition.isRoleEditorSelectorDisabled('Workspace').should('eq', 'true');
-    RolesEdition.getShareDialogConfirmAddAccessButton().should('not.exist');
-    RolesEdition.getShareDialogFirstCancelButton().click();
+    RolesEdition.getShareButton().should('be.visible').should('be.disabled');
 
     Scenarios.getScenarioValidateButton().should('not.exist');
     Scenarios.getScenarioRejectButton().should('not.exist');
@@ -186,6 +173,21 @@ describe('Check workspace permissions for Viewer, Editor & Validator', () => {
     const scenario = SHARED_SCENARIOS_LIST[1];
     ScenarioSelector.selectScenario(scenario.name, scenario.id);
 
+    RolesEdition.getShareButton().should('be.visible').should('not.be.disabled').click();
+    RolesEdition.getShareDialogAgentsSelect().should('not.exist');
+    RolesEdition.getRoleEditorAgentName(USERS_LIST[1].email).should('have.text', USERS_LIST[1].email);
+    RolesEdition.getSelectedOptionByAgent(USERS_LIST[1].email).should('value', ROLES.SCENARIO.VIEWER);
+    RolesEdition.isRoleEditorSelectorDisabled(USERS_LIST[1].email).should('eq', 'true');
+    RolesEdition.getRoleEditorAgentName(USERS_LIST[2].email).should('have.text', USERS_LIST[2].email);
+    RolesEdition.getSelectedOptionByAgent(USERS_LIST[2].email).should('value', ROLES.SCENARIO.EDITOR);
+    RolesEdition.isRoleEditorSelectorDisabled(USERS_LIST[2].email).should('eq', 'true');
+    RolesEdition.getRoleEditorAgentName(USERS_LIST[3].email).should('have.text', USERS_LIST[3].email);
+    RolesEdition.getSelectedOptionByAgent(USERS_LIST[3].email).should('value', ROLES.SCENARIO.VALIDATOR);
+    RolesEdition.isRoleEditorSelectorDisabled(USERS_LIST[3].email).should('eq', 'true');
+    RolesEdition.isRoleEditorSelectorDisabled('Workspace').should('eq', 'true');
+    RolesEdition.getShareDialogConfirmAddAccessButton().should('not.exist');
+    RolesEdition.getShareDialogFirstCancelButton().click();
+
     Scenarios.getScenarioValidateButton().should('not.exist');
     Scenarios.getScenarioRejectButton().should('not.exist');
     ScenarioParameters.getLaunchButton().should('be.visible').should('not.be.disabled');

cypress/fixtures/stubbing/default/organizations.js

@@ -6,7 +6,7 @@ export const DEFAULT_ORGANIZATION_PERMISSIONS = [
     component: 'organization',
     roles: {
       none: [],
-      viewer: ['read', 'read_security'],
+      viewer: ['read'],
       user: ['read', 'read_security', 'create_children'],
       editor: ['read', 'read_security', 'create_children', 'write'],
       admin: ['read', 'read_security', 'create_children', 'write', 'write_security', 'delete'],
@@ -16,7 +16,7 @@ export const DEFAULT_ORGANIZATION_PERMISSIONS = [
     component: 'workspace',
     roles: {
       none: [],
-      viewer: ['read', 'read_security'],
+      viewer: ['read'],
       user: ['read', 'read_security', 'create_children'],
       editor: ['read', 'read_security', 'create_children', 'write'],
       admin: ['read', 'read_security', 'create_children', 'write', 'write_security', 'delete'],
@@ -26,7 +26,7 @@ export const DEFAULT_ORGANIZATION_PERMISSIONS = [
     component: 'scenario',
     roles: {
       none: [],
-      viewer: ['read', 'read_security'],
+      viewer: ['read'],
       editor: ['read', 'read_security', 'launch', 'write'],
       validator: ['read', 'read_security', 'launch', 'write', 'validate'],
       admin: ['read', 'read_security', 'launch', 'write', 'validate', 'write_security', 'delete'],

public/locales/en/translation.json

@@ -421,7 +421,8 @@
         "button": {
           "label": "Share",
           "tooltip": "Modify access",
-          "editModeTooltip": "Please save or discard current modifications before changing the scenario access permissions"
+          "editModeTooltip": "Please save or discard current modifications before changing the scenario access permissions",
+          "noReadSecurityPermissionTooltip": "You are not allowed to share or see the security details of this resource"
         },
         "dialog": {
           "buttons": {

public/locales/fr/translation.json

@@ -421,7 +421,8 @@
         "button": {
           "label": "Partager",
           "tooltip": "Modifier l'accès",
-          "editModeTooltip": "Veuillez sauver ou annuler les modifications en cours avant de modifier les permissions d'accès du scénario"
+          "editModeTooltip": "Veuillez sauver ou annuler les modifications en cours avant de modifier les permissions d'accès du scénario",
+          "noReadSecurityPermissionTooltip": "Vous n'avez pas les permissions pour partager ou voir les informations de sécurité de cette ressource"
         },
         "dialog": {
           "buttons": {

src/components/ShareCurrentScenarioButton/ShareCurrentScenarioButton.js

@@ -1,53 +1,40 @@
 // Copyright (c) Cosmo Tech.
 // Licensed under the MIT license.
 import React from 'react';
-import { PermissionsGate, RolesEditionButton } from '@cosmotech/ui';
-import { ACL_PERMISSIONS } from '../../services/config/accessControl';
+import { RolesEditionButton } from '@cosmotech/ui';
 import { useShareCurrentScenarioButton } from './ShareCurrentScenarioButtonHook';
 
 const ShareCurrentScenarioButton = () => {
   const {
-    isDirty,
+    disabled,
+    isReadOnly,
     accessListSpecific,
     applyScenarioSecurityChanges,
     defaultRole,
     permissionsLabels,
     permissionsMapping,
     rolesLabels,
     shareScenarioDialogLabels,
-    userPermissionsOnCurrentScenario,
     workspaceUsers,
   } = useShareCurrentScenarioButton();
 
   return (
-    <>
-      <PermissionsGate
-        userPermissions={userPermissionsOnCurrentScenario}
-        necessaryPermissions={[ACL_PERMISSIONS.SCENARIO.READ_SECURITY]}
-      >
-        <PermissionsGate
-          userPermissions={userPermissionsOnCurrentScenario}
-          necessaryPermissions={[ACL_PERMISSIONS.SCENARIO.WRITE_SECURITY]}
-          noPermissionProps={{ isReadOnly: true }}
-        >
-          <RolesEditionButton
-            data-cy="share-scenario-button"
-            disabled={isDirty}
-            labels={shareScenarioDialogLabels}
-            onConfirmChanges={applyScenarioSecurityChanges}
-            resourceRolesPermissionsMapping={permissionsMapping.scenario}
-            agents={workspaceUsers}
-            specificAccessByAgent={accessListSpecific}
-            defaultRole={defaultRole}
-            defaultAccessScope="Workspace"
-            preventNoneRoleForAgents={true}
-            allRoles={rolesLabels}
-            allPermissions={permissionsLabels}
-            isIconButton={true}
-          />
-        </PermissionsGate>
-      </PermissionsGate>
-    </>
+    <RolesEditionButton
+      data-cy="share-scenario-button"
+      disabled={disabled}
+      isReadOnly={isReadOnly}
+      labels={shareScenarioDialogLabels}
+      onConfirmChanges={applyScenarioSecurityChanges}
+      resourceRolesPermissionsMapping={permissionsMapping.scenario}
+      agents={workspaceUsers}
+      specificAccessByAgent={accessListSpecific}
+      defaultRole={defaultRole}
+      defaultAccessScope="Workspace"
+      preventNoneRoleForAgents={true}
+      allRoles={rolesLabels}
+      allPermissions={permissionsLabels}
+      isIconButton={true}
+    />
   );
 };
 

src/components/ShareCurrentScenarioButton/ShareCurrentScenarioButton.spec.js

@@ -50,19 +50,23 @@ describe('ShareCurrentScenarioButton', () => {
       mockRoleEditionButtonProps = undefined;
     });
 
-    test('None role dont display Share Scenario button', () => {
-      setUp(ROLES.SCENARIO.NONE);
-      expect(getRolesEditionButton()).not.toBeInTheDocument();
-    });
+    test.each([{ role: ROLES.SCENARIO.NONE }, { role: ROLES.SCENARIO.VIEWER }])(
+      'must show a disabled button when role is $role',
+      ({ role }) => {
+        setUp(role);
+        expect(getRolesEditionButton()).toBeInTheDocument();
+        expect(mockRoleEditionButtonProps.disabled).toEqual(true);
+      }
+    );
 
     test.each([
-      { role: ROLES.SCENARIO.ADMIN, expected: undefined },
+      { role: ROLES.SCENARIO.ADMIN, expected: false },
       { role: ROLES.SCENARIO.EDITOR, expected: true },
       { role: ROLES.SCENARIO.VALIDATOR, expected: true },
-      { role: ROLES.SCENARIO.VIEWER, expected: true },
     ])('$role role display Share Scenario button with isReadOnly $expected', ({ role, expected }) => {
       setUp(role);
       expect(getRolesEditionButton()).toBeInTheDocument();
+      expect(mockRoleEditionButtonProps.disabled).toEqual(false);
       expect(mockRoleEditionButtonProps.isReadOnly).toEqual(expected);
     });
   });

src/components/ShareCurrentScenarioButton/ShareCurrentScenarioButtonHook.js

@@ -4,6 +4,7 @@ import { useCallback, useMemo } from 'react';
 import { useFormState } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 import { useUserPermissionsOnCurrentScenario } from '../../hooks/SecurityHooks';
+import { ACL_PERMISSIONS } from '../../services/config/accessControl';
 import {
   useApplicationPermissionsMapping,
   useApplicationRoles,
@@ -29,11 +30,6 @@ export const useShareCurrentScenarioButton = () => {
 
   const applyScenarioSharingSecurity = useApplyScenarioSharingSecurity();
 
-  const shareScenarioDialogLabels = useMemo(
-    () => getShareScenarioDialogLabels(t, currentScenarioData?.name, isDirty),
-    [currentScenarioData?.name, t, isDirty]
-  );
-
   const rolesLabels = useMemo(() => {
     const rolesNames = Object.values(roles.scenario);
     return SecurityUtils.getRolesLabels(t, rolesNames);
@@ -63,9 +59,24 @@ export const useShareCurrentScenarioButton = () => {
     [applyScenarioSharingSecurity, currentScenarioData?.id]
   );
 
+  const hasReadSecurityPermission = useMemo(
+    () => userPermissionsOnCurrentScenario.includes(ACL_PERMISSIONS.SCENARIO.READ_SECURITY),
+    [userPermissionsOnCurrentScenario]
+  );
+  const disabled = useMemo(() => isDirty || !hasReadSecurityPermission, [isDirty, hasReadSecurityPermission]);
+  const isReadOnly = useMemo(
+    () => !userPermissionsOnCurrentScenario.includes(ACL_PERMISSIONS.SCENARIO.WRITE_SECURITY),
+    [userPermissionsOnCurrentScenario]
+  );
+
+  const shareScenarioDialogLabels = useMemo(
+    () => getShareScenarioDialogLabels(t, currentScenarioData?.name, isDirty, hasReadSecurityPermission),
+    [currentScenarioData?.name, t, isDirty, hasReadSecurityPermission]
+  );
+
   return {
-    isDirty,
-    userPermissionsOnCurrentScenario,
+    disabled,
+    isReadOnly,
     permissionsMapping,
     shareScenarioDialogLabels,
     rolesLabels,

src/components/ShareCurrentScenarioButton/labels.js

@@ -1,57 +1,69 @@
 // Copyright (c) Cosmo Tech.
 // Licensed under the MIT license.
 
-export const getShareScenarioDialogLabels = (t, currentScenarioName, isDirty) => ({
-  button: {
-    title: t('commoncomponents.dialog.share.button.label', 'Share'),
-    tooltip: isDirty
-      ? t(
-          'commoncomponents.dialog.share.button.editModeTooltip',
-          'Please save or discard current modifications before changing the scenario access permissions'
-        )
-      : t('commoncomponents.dialog.share.button.label', 'Share'),
-  },
-  dialog: {
-    title: t('commoncomponents.dialog.share.dialog.title', 'Share ') + currentScenarioName,
-    readOnlyTitle: t('commoncomponents.dialog.share.dialog.readOnlyTitle', 'Permissions for ') + currentScenarioName,
-    addPeople: t('commoncomponents.dialog.share.dialog.select.addPeople', 'Add people'),
-    cancel: t('commoncomponents.dialog.share.dialog.buttons.cancel', 'Cancel'),
-    close: t('commoncomponents.dialog.share.dialog.buttons.close', 'Close'),
-    share: t('commoncomponents.dialog.share.dialog.buttons.share', 'Share'),
-    noAdminError: t(
-      'commoncomponents.dialog.share.dialog.error.noAdmin',
-      'The scenario must have at least one administrator'
-    ),
-    userSelected: t('commoncomponents.dialog.share.dialog.select.userSelected', 'Selected user'),
-    usersAccess: t('commoncomponents.dialog.share.dialog.editor.usersAccess', 'Users access'),
-    generalAccess: t('commoncomponents.dialog.share.dialog.editor.generalAccess', 'General access'),
-    removeAccess: t('commoncomponents.dialog.share.dialog.editor.removeAccess', 'Remove specific access'),
-    editor: {
-      helperText: {
-        admin: t('commoncomponents.dialog.share.dialog.editor.helperText.admin', 'Anyone in this workspace is admin'),
-        viewer: t(
-          'commoncomponents.dialog.share.dialog.editor.helperText.viewer',
-          'Anyone in this workspace is viewer'
-        ),
-        validator: t(
-          'commoncomponents.dialog.share.dialog.editor.helperText.validator',
-          'Anyone in this workspace is validator'
-        ),
-        editor: t(
-          'commoncomponents.dialog.share.dialog.editor.helperText.editor',
-          'Anyone in this workspace is editor'
-        ),
-        none: t('commoncomponents.dialog.share.dialog.editor.helperText.none', 'Other users cannot view the scenario'),
-      },
+export const getShareScenarioDialogLabels = (t, currentScenarioName, isDirty, hasReadSecurityPermission) => {
+  let tooltip = t('commoncomponents.dialog.share.button.label', 'Share');
+  if (!hasReadSecurityPermission)
+    tooltip = t(
+      'commoncomponents.dialog.share.button.noReadSecurityPermissionTooltip',
+      'You are not allowed to share or see the security details of this resource'
+    );
+  else if (isDirty)
+    tooltip = t(
+      'commoncomponents.dialog.share.button.editModeTooltip',
+      'Please save or discard current modifications before changing the scenario access permissions'
+    );
+
+  return {
+    button: {
+      title: t('commoncomponents.dialog.share.button.label', 'Share'),
+      tooltip,
     },
-    add: {
+    dialog: {
+      title: t('commoncomponents.dialog.share.dialog.title', 'Share ') + currentScenarioName,
+      readOnlyTitle: t('commoncomponents.dialog.share.dialog.readOnlyTitle', 'Permissions for ') + currentScenarioName,
+      addPeople: t('commoncomponents.dialog.share.dialog.select.addPeople', 'Add people'),
       cancel: t('commoncomponents.dialog.share.dialog.buttons.cancel', 'Cancel'),
-      deniedPermissions: t('commoncomponents.dialog.share.dialog.add.deniedPermissions', 'Not granted permissions'),
-      done: t('commoncomponents.dialog.share.dialog.buttons.done', 'Done'),
-      grantedPermissions: t('commoncomponents.dialog.share.dialog.add.grantedPermissions', 'Granted permissions'),
-      rolesTitle: t('commoncomponents.dialog.share.dialog.add.rolesTitle', 'Roles'),
+      close: t('commoncomponents.dialog.share.dialog.buttons.close', 'Close'),
+      share: t('commoncomponents.dialog.share.dialog.buttons.share', 'Share'),
+      noAdminError: t(
+        'commoncomponents.dialog.share.dialog.error.noAdmin',
+        'The scenario must have at least one administrator'
+      ),
       userSelected: t('commoncomponents.dialog.share.dialog.select.userSelected', 'Selected user'),
-      rolesHelperText: t('commoncomponents.dialog.share.dialog.add.rolesHelperText', 'Select one role'),
+      usersAccess: t('commoncomponents.dialog.share.dialog.editor.usersAccess', 'Users access'),
+      generalAccess: t('commoncomponents.dialog.share.dialog.editor.generalAccess', 'General access'),
+      removeAccess: t('commoncomponents.dialog.share.dialog.editor.removeAccess', 'Remove specific access'),
+      editor: {
+        helperText: {
+          admin: t('commoncomponents.dialog.share.dialog.editor.helperText.admin', 'Anyone in this workspace is admin'),
+          viewer: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.viewer',
+            'Anyone in this workspace is viewer'
+          ),
+          validator: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.validator',
+            'Anyone in this workspace is validator'
+          ),
+          editor: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.editor',
+            'Anyone in this workspace is editor'
+          ),
+          none: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.none',
+            'Other users cannot view the scenario'
+          ),
+        },
+      },
+      add: {
+        cancel: t('commoncomponents.dialog.share.dialog.buttons.cancel', 'Cancel'),
+        deniedPermissions: t('commoncomponents.dialog.share.dialog.add.deniedPermissions', 'Not granted permissions'),
+        done: t('commoncomponents.dialog.share.dialog.buttons.done', 'Done'),
+        grantedPermissions: t('commoncomponents.dialog.share.dialog.add.grantedPermissions', 'Granted permissions'),
+        rolesTitle: t('commoncomponents.dialog.share.dialog.add.rolesTitle', 'Roles'),
+        userSelected: t('commoncomponents.dialog.share.dialog.select.userSelected', 'Selected user'),
+        rolesHelperText: t('commoncomponents.dialog.share.dialog.add.rolesHelperText', 'Select one role'),
+      },
     },
-  },
-});
+  };
+};