fix: hide Access Tokens and User Access Control tabs from package settings if the user does not have corresponding permissions (#54)

Author: iurii-golovinskii

src/packages/portal/pages/PortalPage/BaseVersionPage/PackageSettingsPage.ts

@@ -1,5 +1,5 @@
 import type { Page } from '@playwright/test'
-import { Breadcrumbs, Button, Title } from '@shared/components/base'
+import { Breadcrumbs, Button, Placeholder, Title } from '@shared/components/base'
 import { GeneralSettingsTab } from './PackageSettingsPage/GeneralSettingsTab'
 import { ApiSpecConfigTab } from './PackageSettingsPage/ApiSpecConfigTab'
 import { VersionsTab } from './PackageSettingsPage/VersionsTab'
@@ -16,6 +16,7 @@ export class PackageSettingsPage {
   readonly versionsTab = new VersionsTab(this.page)
   readonly accessTokensTab = new AccessTokensTab(this.page)
   readonly accessControlTab = new AccessControlTab(this.page)
+  readonly noPermissionPlaceholder  = new Placeholder(this.page.getByTestId('NoPermissionPlaceholder'), 'No permission')
 
   constructor(private readonly page: Page) { }
 }

src/test-data/portal/uac/general/messages.ts

@@ -11,3 +11,4 @@ export const NO_PERM_GEN_TOKEN = 'You do not have permission to generate token'
 export const NO_PERM_REVOKE_TOKEN = 'You do not have permission to revoke the token'
 export const NO_PERM_ADD_MEMBER = 'You do not have permission to add member'
 export const NO_PERM_MANAGE_ROLES = 'You do not have permission to manage user roles in current package'
+export const NO_PERM_SEE_PAGE = 'You do not have permission to see this page'

src/tests/portal/03-access-control/3.0-general.spec.ts

@@ -4,6 +4,7 @@ import { PortalPage } from '@portal/pages/PortalPage'
 import {
   GRP_P_UAC_G1_N,
   GRP_P_UAC_G2_N,
+  NO_PERM_SEE_PAGE,
   PKG_P_UAC_G_ASSIGN_N,
   PKG_P_UAC_G_INHER_N,
   PKG_P_UAC_G_MULT1_N,
@@ -301,27 +302,15 @@ test.describe('03.0 Access Control. General.', () => {
 
       const portalPage = new PortalPage(page)
       const { versionPackagePage: versionPage } = portalPage
-      const { accessControlTab } = versionPage.packageSettingsPage
+      const { accessControlTab, noPermissionPlaceholder } = versionPage.packageSettingsPage
       const testUserName = TEST_USER_1.name
-      const tooltipMsg = 'You do not have permission to manage user roles in current package'
 
       await portalPage.gotoPackage(PKG_P_UAC_G_MULT2_N, SETTINGS_TAB_USERS)
-
       await expect(accessControlTab.getUserRow(testUserName).adminChx).toBeEnabled()
-
       await accessControlTab.getUserRow(testUserName).adminChx.click()
 
-      await expect(accessControlTab.getUserRow(testUserName).adminChx).toBeDisabled()
-
-      await accessControlTab.getUserRow(testUserName).adminChx.hover({ force: true })
-
-      await expect(portalPage.tooltip).toHaveCount(1)
-      await expect(portalPage.tooltip).toHaveText(tooltipMsg)
-
-      await accessControlTab.getUserRow(testUserName).deleteBtn.hover({ force: true })
-
-      await expect(portalPage.tooltip).toHaveCount(1)
-      await expect(portalPage.tooltip).toHaveText(tooltipMsg)
+      await expect(accessControlTab).not.toBeVisible()
+      await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
     })
 
   test('[P-ACG-03.7] Deleting a user by checkbox clicking',

src/tests/portal/03-access-control/3.1.1-viewer-package.spec.ts

@@ -4,21 +4,19 @@ import { PortalPage } from '@portal/pages/PortalPage'
 import {
   CREATE_LIST_OF_USERS_V1,
   GRP_P_VIEWER_ROOT_R,
-  NO_PERM_ADD_MEMBER,
   NO_PERM_CREATE_GROUP,
   NO_PERM_DEL_PACKAGE,
   NO_PERM_DEL_VERSION,
   NO_PERM_EDIT_PACKAGE,
   NO_PERM_EDIT_VERSION,
-  NO_PERM_GEN_TOKEN,
-  NO_PERM_MANAGE_ROLES,
+  NO_PERM_SEE_PAGE,
   OGR_PREFIX_DELETION_MSG,
   OGR_PREFIX_EDITING_MSG,
   ORG_UAC_PKG_REST,
   PKG_P_VIEWER_R,
   V_P_PKG_UAC_VIEWER_CHANGED_R,
 } from '@test-data/portal'
-import { VERSION_OVERVIEW_TAB_GROUPS } from '@portal/entities'
+import { SETTINGS_TAB_TOKENS, SETTINGS_TAB_USERS, VERSION_OVERVIEW_TAB_GROUPS } from '@portal/entities'
 import { TICKET_BASE_URL } from '@test-setup'
 
 test.describe('03.1.1 Access Control. Viewer role. (Package)', () => {
@@ -198,6 +196,7 @@ test.describe('03.1.1 Access Control. Viewer role. (Package)', () => {
         versionsTab,
         accessTokensTab,
         accessControlTab,
+        noPermissionPlaceholder
       } = versionPage.packageSettingsPage
 
       await portalPage.gotoPackage(testPackage)
@@ -261,31 +260,15 @@ test.describe('03.1.1 Access Control. Viewer role. (Package)', () => {
       })
 
       await test.step('View "Access Tokens" tab', async () => {
-        await accessTokensTab.click()
-
-        await expect(accessTokensTab.nameTxtFld).toBeDisabled()
-        await expect(accessTokensTab.rolesAc).toBeDisabled()
-        await expect(accessTokensTab.createdForAc).toBeDisabled()
-        await expect(accessTokensTab.generateBtn).toBeDisabled()
-
-        await accessTokensTab.generateBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_GEN_TOKEN)
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        // await expect(portalPage.tooltip).toHaveText(NO_PERM_REVOKE_TOKEN) //TODO: TestCase-B-1019
+        await expect(accessTokensTab).not.toBeVisible()
+        await portalPage.gotoPackage(testPackage, SETTINGS_TAB_TOKENS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
 
       await test.step('View "User Access Control" tab', async () => {
-        await accessControlTab.click()
-
-        await expect(accessControlTab.addUserBtn).toBeDisabled()
-
-        await accessControlTab.addUserBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_ADD_MEMBER)
+        await expect(accessControlTab).not.toBeVisible()
+        await portalPage.gotoPackage(testPackage, SETTINGS_TAB_USERS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
     })
 })

src/tests/portal/03-access-control/3.1.2-viewer-dashboard.spec.ts

@@ -3,19 +3,22 @@ import { expect, expectFile } from '@services/expect-decorator'
 import { PortalPage } from '@portal/pages/PortalPage'
 import {
   DSH_P_VIEWER_R,
-  NO_PERM_ADD_MEMBER,
   NO_PERM_CREATE_GROUP,
   NO_PERM_DEL_PACKAGE,
   NO_PERM_DEL_VERSION,
   NO_PERM_EDIT_PACKAGE,
   NO_PERM_EDIT_VERSION,
-  NO_PERM_GEN_TOKEN,
-  NO_PERM_MANAGE_ROLES,
+  NO_PERM_SEE_PAGE,
   OGR_UAC_DSH_REST,
   PKG_P_VIEWER_R,
   V_P_DSH_UAC_VIEWER_CHANGED_R,
 } from '@test-data/portal'
-import { SETTINGS_TAB_GENERAL, VERSION_OVERVIEW_TAB_GROUPS } from '@portal/entities'
+import {
+  SETTINGS_TAB_GENERAL,
+  SETTINGS_TAB_TOKENS,
+  SETTINGS_TAB_USERS,
+  VERSION_OVERVIEW_TAB_GROUPS,
+} from '@portal/entities'
 import { TICKET_BASE_URL } from '@test-setup'
 
 test.describe('03.1.2 Access Control. Viewer role. (Dashboard)', () => {
@@ -175,6 +178,7 @@ test.describe('03.1.2 Access Control. Viewer role. (Dashboard)', () => {
         versionsTab,
         accessTokensTab,
         accessControlTab,
+        noPermissionPlaceholder,
       } = versionPage.packageSettingsPage
 
       await portalPage.gotoDashboard(testDashboard)
@@ -225,31 +229,15 @@ test.describe('03.1.2 Access Control. Viewer role. (Dashboard)', () => {
       })
 
       await test.step('View "Access Tokens" tab', async () => {
-        await accessTokensTab.click()
-
-        await expect(accessTokensTab.nameTxtFld).toBeDisabled()
-        await expect(accessTokensTab.rolesAc).toBeDisabled()
-        await expect(accessTokensTab.createdForAc).toBeDisabled()
-        await expect(accessTokensTab.generateBtn).toBeDisabled()
-
-        await accessTokensTab.generateBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_GEN_TOKEN)
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        // await expect(portalPage.tooltip).toHaveText(NO_PERM_REVOKE_TOKEN) //TODO: TestCase-B-1019
+        await expect(accessTokensTab).not.toBeVisible()
+        await portalPage.gotoDashboard(testDashboard, SETTINGS_TAB_TOKENS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
 
       await test.step('View "User Access Control" tab', async () => {
-        await accessControlTab.click()
-
-        await expect(accessControlTab.addUserBtn).toBeDisabled()
-
-        await accessControlTab.addUserBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_ADD_MEMBER)
+        await expect(accessControlTab).not.toBeVisible()
+        await portalPage.gotoDashboard(testDashboard, SETTINGS_TAB_USERS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
     })
 })

src/tests/portal/03-access-control/3.1.3-viewer-group.spec.ts

@@ -3,14 +3,13 @@ import { expect } from '@services/expect-decorator'
 import { PortalPage } from '@portal/pages/PortalPage'
 import {
   GRP_P_VIEWER_R,
-  NO_PERM_ADD_MEMBER,
   NO_PERM_CREATE_PACKAGES,
   NO_PERM_DEL_PACKAGE,
   NO_PERM_EDIT_PACKAGE,
-  NO_PERM_GEN_TOKEN,
-  NO_PERM_MANAGE_ROLES,
+  NO_PERM_SEE_PAGE,
 } from '@test-data/portal'
 import { TICKET_BASE_URL } from '@test-setup'
+import { SETTINGS_TAB_TOKENS, SETTINGS_TAB_USERS } from '@portal/entities'
 
 test.describe('03.1.3 Access Control. Viewer role. (Group)', () => {
 
@@ -27,7 +26,7 @@ test.describe('03.1.3 Access Control. Viewer role. (Group)', () => {
 
       const portalPage = new PortalPage(page)
       const { versionPackagePage: versionPage } = portalPage
-      const { generalTab, accessTokensTab, accessControlTab } = versionPage.packageSettingsPage
+      const { generalTab, accessTokensTab, accessControlTab, noPermissionPlaceholder } = versionPage.packageSettingsPage
 
       await test.step('Navigate to a group', async () => {
         await portalPage.gotoGroup(testGroup)
@@ -58,31 +57,15 @@ test.describe('03.1.3 Access Control. Viewer role. (Group)', () => {
       })
 
       await test.step('View "Access Tokens" tab', async () => {
-        await accessTokensTab.click()
-
-        await expect(accessTokensTab.nameTxtFld).toBeDisabled()
-        await expect(accessTokensTab.rolesAc).toBeDisabled()
-        await expect(accessTokensTab.createdForAc).toBeDisabled()
-        await expect(accessTokensTab.generateBtn).toBeDisabled()
-
-        await accessTokensTab.generateBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_GEN_TOKEN)
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        //! await expect(portalPage.tooltip).toHaveText(NO_PERM_REVOKE_TOKEN) //Issue: TestCase-B-1019
+        await expect(accessTokensTab).not.toBeVisible()
+        await portalPage.gotoPackage(testGroup, SETTINGS_TAB_TOKENS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
 
       await test.step('View "User Access Control" tab', async () => {
-        await accessControlTab.click()
-
-        await expect(accessControlTab.addUserBtn).toBeDisabled()
-
-        await accessControlTab.addUserBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_ADD_MEMBER)
+        await expect(accessControlTab).not.toBeVisible()
+        await portalPage.gotoPackage(testGroup, SETTINGS_TAB_USERS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
     })
 })

src/tests/portal/03-access-control/3.2.1-editor-package.spec.ts

@@ -4,11 +4,9 @@ import { PortalPage } from '@portal/pages/PortalPage'
 import {
   CREATE_LIST_OF_USERS_V1,
   GRP_P_EDITOR_ROOT_N,
-  NO_PERM_ADD_MEMBER,
   NO_PERM_DEL_PACKAGE,
   NO_PERM_EDIT_PACKAGE,
-  NO_PERM_GEN_TOKEN,
-  NO_PERM_MANAGE_ROLES,
+  NO_PERM_SEE_PAGE,
   OGR_PREFIX_DELETION_MSG,
   OGR_PREFIX_EDITING_MSG,
   ORG_PKG_UAC_EDITOR_REST_CHANGING_OPERATIONS_N,
@@ -22,9 +20,20 @@ import {
   V_P_PKG_UAC_EDITOR_EDITING_RELEASE_N,
   VERSION_DELETED_MSG,
 } from '@test-data/portal'
-import { SETTINGS_TAB_VERSIONS, VERSION_OVERVIEW_TAB_GROUPS } from '@portal/entities'
+import {
+  SETTINGS_TAB_TOKENS,
+  SETTINGS_TAB_USERS,
+  SETTINGS_TAB_VERSIONS,
+  VERSION_OVERVIEW_TAB_GROUPS,
+} from '@portal/entities'
 import type { VersionStatuses } from '@shared/entities'
-import { API_TITLES_MAP, ARCHIVED_VERSION_STATUS, DRAFT_VERSION_STATUS, RELEASE_VERSION_STATUS, REST_API_TYPE } from '@shared/entities'
+import {
+  API_TITLES_MAP,
+  ARCHIVED_VERSION_STATUS,
+  DRAFT_VERSION_STATUS,
+  RELEASE_VERSION_STATUS,
+  REST_API_TYPE,
+} from '@shared/entities'
 import { PUBLISH_TIMEOUT, SNAPSHOT_TIMEOUT, TICKET_BASE_URL } from '@test-setup'
 
 test.describe('03.2.1 Access Control. Editor role. (Package)', () => {
@@ -326,6 +335,7 @@ test.describe('03.2.1 Access Control. Editor role. (Package)', () => {
         apiSpecConfigTab,
         accessTokensTab,
         accessControlTab,
+        noPermissionPlaceholder,
       } = versionPage.packageSettingsPage
 
       await portalPage.gotoGroup(rootGroup)
@@ -359,31 +369,15 @@ test.describe('03.2.1 Access Control. Editor role. (Package)', () => {
       })
 
       await test.step('View "Access Tokens" tab', async () => {
-        await accessTokensTab.click()
-
-        await expect(accessTokensTab.nameTxtFld).toBeDisabled()
-        await expect(accessTokensTab.rolesAc).toBeDisabled()
-        await expect(accessTokensTab.createdForAc).toBeDisabled()
-        await expect(accessTokensTab.generateBtn).toBeDisabled()
-
-        await accessTokensTab.generateBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_GEN_TOKEN)
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        //! await expect(portalPage.tooltip).toHaveText(NO_PERM_REVOKE_TOKEN) //Issue: TestCase-B-1019
+        await expect(accessTokensTab).not.toBeVisible()
+        await portalPage.gotoPackage(testPackage, SETTINGS_TAB_TOKENS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
 
       await test.step('View "User Access Control" tab', async () => {
-        await accessControlTab.click()
-
-        await expect(accessControlTab.addUserBtn).toBeDisabled()
-
-        await accessControlTab.addUserBtn.hover({ force: true })
-
-        await expect(portalPage.tooltip).toHaveCount(1)
-        await expect(portalPage.tooltip).toHaveText(NO_PERM_ADD_MEMBER)
+        await expect(accessControlTab).not.toBeVisible()
+        await portalPage.gotoPackage(testPackage, SETTINGS_TAB_USERS)
+        await expect(noPermissionPlaceholder).toHaveText(NO_PERM_SEE_PAGE)
       })
     })