BC-10583: Restrict options for EP (#3988)

* chore: check isExpert
-- this check will be deleted after BE provides spesific permission

* restrict access via URL

* chore: make the content invisible if the user has no permission to view

* add unit test for the user has not permission to view the content

* chore: introduce hardcoded permission to control the memberList menu option

* update generated api

* use new Permission on checking them menu option

* fix unit tests for RoomMenu component

* correct permission usaga in component and test file

* chore: set default value to false

---------

Co-authored-by: Murat Merdoglu <[email protected]>
Co-authored-by: Murat Merdoglu <[email protected]>

Author: sebmue-dataport

src/modules/data/room/roomAuthorization.composable.ts

@@ -31,25 +31,26 @@ export const useRoomAuthorization = () => {
 	const canManageRoomInvitationLinks = computed(
 		() => userCanManageRoomInvitationLinks.value && checkRoomPermission(Permission.RoomManageInvitationlinks)
 	);
-
 	const canAddAllStudents = computed(() => canAddRoomMembers.value && canSeeAllStudents.value);
+	const canSeeMembersList = hasPermission(Permission.SchoolListRoomMembers);
 
 	return {
+		canAddAllStudents,
 		canAddRoomMembers,
 		canChangeOwner,
+		canCopyRoom,
 		canCreateRoom,
 		canDeleteRoom,
-		canCopyRoom,
-		canShareRoom,
 		canEditRoom,
 		canEditRoomContent,
 		canLeaveRoom,
+		canListDrafts,
+		canManageRoomInvitationLinks,
+		canManageVideoconferences,
 		canRemoveRoomMembers,
-		canAddAllStudents,
 		canSeeAllStudents,
+		canSeeMembersList,
+		canShareRoom,
 		canViewRoom,
-		canManageRoomInvitationLinks,
-		canListDrafts,
-		canManageVideoconferences,
 	};
 };

src/modules/feature/room/RoomMenu.unit.ts

@@ -48,6 +48,7 @@ describe("@feature-room/RoomMenu", () => {
 			canListDrafts: computed(() => false),
 			canManageRoomInvitationLinks: computed(() => false),
 			canManageVideoconferences: computed(() => false),
+			canSeeMembersList: computed(() => false),
 		};
 		roomAuthorization.mockReturnValue(roomPermissions);
 
@@ -139,7 +140,7 @@ describe("@feature-room/RoomMenu", () => {
 
 	describe("when user only has view members permission", () => {
 		it("should contain room members menu item with correct membersInfoText and leave menu item", async () => {
-			roomPermissions.canViewRoom = computed(() => true);
+			roomPermissions.canSeeMembersList = computed(() => true);
 			roomPermissions.canAddRoomMembers = computed(() => false);
 
 			const { wrapper, menuBtn } = setup();
@@ -158,7 +159,7 @@ describe("@feature-room/RoomMenu", () => {
 
 	describe("when user has view room, edit, delete and leave permissions", () => {
 		it("should show all menu items", async () => {
-			roomPermissions.canViewRoom = computed(() => true);
+			roomPermissions.canSeeMembersList = computed(() => true);
 			roomPermissions.canEditRoom = computed(() => true);
 			roomPermissions.canDeleteRoom = computed(() => true);
 
@@ -265,7 +266,7 @@ describe("@feature-room/RoomMenu", () => {
 
 	describe("when user can add room members", () => {
 		it("should show the correct membersInfoText", async () => {
-			roomPermissions.canViewRoom = computed(() => true);
+			roomPermissions.canSeeMembersList = computed(() => true);
 			roomPermissions.canAddRoomMembers = computed(() => true);
 
 			const { wrapper, menuBtn } = setup();
@@ -280,7 +281,7 @@ describe("@feature-room/RoomMenu", () => {
 
 	describe("when clicking on menu button", () => {
 		beforeEach(() => {
-			roomPermissions.canViewRoom = computed(() => true);
+			roomPermissions.canSeeMembersList = computed(() => true);
 			roomPermissions.canEditRoom = computed(() => true);
 			roomPermissions.canDeleteRoom = computed(() => true);
 		});

src/modules/feature/room/RoomMenu.vue

@@ -2,7 +2,7 @@
 	<KebabMenu class="mx-2" :aria-label="t('pages.roomDetails.ariaLabels.menu')" data-testid="room-menu">
 		<KebabMenuActionEdit v-if="canEditRoom" @click="() => $emit('room:edit')" />
 		<KebabMenuActionRoomMembers
-			v-if="canViewRoom"
+			v-if="canSeeMembersList"
 			:members-info-text="membersInfoText"
 			@click="() => $emit('room:manage-members')"
 		/>
@@ -44,7 +44,7 @@ const { t } = useI18n();
 const isRoomCopyFeatureEnabled = computed(() => useEnvConfig().value.FEATURE_ROOM_COPY_ENABLED);
 const isRoomShareFeatureEnabled = computed(() => useEnvConfig().value.FEATURE_ROOM_SHARE);
 
-const { canAddRoomMembers, canCopyRoom, canShareRoom, canEditRoom, canDeleteRoom, canViewRoom } =
+const { canAddRoomMembers, canCopyRoom, canShareRoom, canEditRoom, canDeleteRoom, canSeeMembersList } =
 	useRoomAuthorization();
 
 const membersInfoText = computed(() =>

src/modules/page/room/RoomDetails.page.unit.ts

@@ -66,6 +66,7 @@ describe("@pages/RoomsDetails.page.vue", () => {
 			canListDrafts: computed(() => false),
 			canManageRoomInvitationLinks: computed(() => false),
 			canManageVideoconferences: computed(() => false),
+			canSeeMembersList: computed(() => false),
 		};
 		roomAuthorization.mockReturnValue(roomPermissions);
 	});

src/modules/page/room/RoomMembers.page.unit.ts

@@ -81,6 +81,7 @@ describe("RoomMembersPage", () => {
 
 		router = createMock<Router>({
 			currentRoute: ref({ query: { tab: "" } }),
+			replace: vi.fn(),
 		});
 		useRouterMock.mockReturnValue(router);
 
@@ -106,6 +107,7 @@ describe("RoomMembersPage", () => {
 			canManageRoomInvitationLinks: computed(() => false),
 			canListDrafts: computed(() => false),
 			canManageVideoconferences: computed(() => false),
+			canSeeMembersList: computed(() => true),
 		};
 		roomAuthorization.mockReturnValue(roomPermissions);
 
@@ -193,6 +195,25 @@ describe("RoomMembersPage", () => {
 		expect(wrapper.exists()).toBe(true);
 	});
 
+	describe("when user has no permission to see members list", () => {
+		beforeEach(() => (roomPermissions.canSeeMembersList = computed(() => false)));
+		it("should not render content", () => {
+			const { wrapper } = setup();
+			const wireframe = wrapper.findComponent(DefaultWireframe);
+			expect(wireframe.exists()).toBe(false);
+		});
+
+		it("should not fetch members on mount", () => {
+			const { roomMembersStore } = setup();
+			expect(roomMembersStore.fetchMembers).not.toHaveBeenCalled();
+		});
+
+		it("should replace the route to /rooms", () => {
+			setup();
+			expect(router.replace).toHaveBeenCalledWith("/rooms");
+		});
+	});
+
 	it("should fetch members on mount", () => {
 		const { roomMembersStore } = setup();
 		expect(roomMembersStore.fetchMembers).toHaveBeenCalled();

src/modules/page/room/RoomMembers.page.vue

@@ -1,5 +1,11 @@
 <template>
-	<DefaultWireframe max-width="full" :breadcrumbs="breadcrumbs" :fab-items="fabAction" @fab:clicked="onFabClick">
+	<DefaultWireframe
+		v-if="canSeeMembersList"
+		max-width="full"
+		:breadcrumbs="breadcrumbs"
+		:fab-items="fabAction"
+		@fab:clicked="onFabClick"
+	>
 		<template #header>
 			<div ref="header">
 				<div class="d-flex align-center">
@@ -106,7 +112,7 @@ const { fetchMembers, loadSchoolList, leaveRoom, resetStore } = roomMembersStore
 const header = ref<HTMLElement | null>(null);
 const { bottom: headerBottom } = useElementBounding(header);
 const { askConfirmation } = useConfirmationDialog();
-const { canAddRoomMembers, canLeaveRoom, canManageRoomInvitationLinks } = useRoomAuthorization();
+const { canAddRoomMembers, canLeaveRoom, canManageRoomInvitationLinks, canSeeMembersList } = useRoomAuthorization();
 
 const { isInvitationDialogOpen, invitationStep } = storeToRefs(useRoomInvitationLinkStore());
 
@@ -225,11 +231,15 @@ const onLeaveRoom = async () => {
 
 onMounted(async () => {
 	activeTab.value = Object.values(Tab).includes(props.tab) ? props.tab : Tab.Members;
-
 	const roomId = route.params.id.toString();
+
 	if (room.value === undefined) {
 		await fetchRoom(roomId);
 	}
+	if (canSeeMembersList.value === false) {
+		router.replace("/rooms");
+		return;
+	}
 	await fetchMembers();
 });
 

src/modules/page/room/Rooms.page.unit.ts

@@ -43,6 +43,7 @@ describe("RoomsPage", () => {
 			canListDrafts: computed(() => false),
 			canManageRoomInvitationLinks: computed(() => false),
 			canManageVideoconferences: computed(() => false),
+			canSeeMembersList: computed(() => false),
 		};
 		roomAuthorization.mockReturnValue(roomPermissions);
 	});

src/serverApi/v3/api.ts

@@ -425,6 +425,7 @@ export enum AuthorizationContextParamsRequiredPermissionsEnum {
     SchoolEditRoom = 'SCHOOL_EDIT_ROOM',
     SchoolDeleteRoom = 'SCHOOL_DELETE_ROOM',
     SchoolListDiscoverableTeachers = 'SCHOOL_LIST_DISCOVERABLE_TEACHERS',
+    SchoolListRoomMembers = 'SCHOOL_LIST_ROOM_MEMBERS',
     SchoolManageRoomInvitationlinks = 'SCHOOL_MANAGE_ROOM_INVITATIONLINKS',
     ScopePermissionsView = 'SCOPE_PERMISSIONS_VIEW',
     StartMeeting = 'START_MEETING',
@@ -7902,6 +7903,7 @@ export enum Permission {
     SchoolEditRoom = 'SCHOOL_EDIT_ROOM',
     SchoolDeleteRoom = 'SCHOOL_DELETE_ROOM',
     SchoolListDiscoverableTeachers = 'SCHOOL_LIST_DISCOVERABLE_TEACHERS',
+    SchoolListRoomMembers = 'SCHOOL_LIST_ROOM_MEMBERS',
     SchoolManageRoomInvitationlinks = 'SCHOOL_MANAGE_ROOM_INVITATIONLINKS',
     ScopePermissionsView = 'SCOPE_PERMISSIONS_VIEW',
     StartMeeting = 'START_MEETING',