Merge pull request #116 from icefoganalytics/issue-106/lock-down-user-group-info

Locking down user group info

Author: burkkyy

.gitignore

@@ -70,6 +70,7 @@ typings/
 
 # dotenv environment variables file
 .env
+.envrc
 .env.test
 .env.production
 
@@ -109,3 +110,8 @@ db/sapassword.env
 
 # DB Data
 db/data
+
+# Other
+note.md
+notes.md
+now.sql

api/src/policies/users-policy.ts

@@ -1,6 +1,5 @@
 import { Path } from "@/utils/deep-pick"
 import { User } from "@/models"
-import { RoleTypes } from "@/models/role"
 
 import BasePolicy from "@/policies/base-policy"
 
@@ -13,34 +12,34 @@ export class UsersPolicy extends BasePolicy<User> {
   }
 
   create(): boolean {
-    if (this.user.roleTypes.includes(RoleTypes.SYSTEM_ADMIN)) return true
+    if (this.user.isSystemAdmin) return true
 
     return false
   }
 
   update(): boolean {
-    if (this.user.roleTypes.includes(RoleTypes.SYSTEM_ADMIN)) return true
+    if (this.user.isSystemAdmin) return true
     if (this.user.id === this.record.id) return true
 
     return false
   }
 
   destroy(): boolean {
-    if (this.user.roleTypes.includes(RoleTypes.SYSTEM_ADMIN)) return true
+    if (this.user.isSystemAdmin) return true
 
     return false
   }
 
   permittedAttributes(): Path[] {
-    return [
-      "email",
-      "firstName",
-      "lastName",
-      "position",
-      {
+    const attributes: Path[] = ["email", "firstName", "lastName", "position"]
+
+    if (this.user.isSystemAdmin) {
+      attributes.push({
         groupMembershipAttributes: ["departmentId", "divisionId", "branchId", "unitId"],
-      },
-    ]
+      })
+    }
+
+    return attributes
   }
 
   permittedAttributesForCreate(): Path[] {

docker-compose.development.yml

@@ -115,19 +115,20 @@ services:
 
   mail:
     image: maildev/maildev
+    user: root
     ports:
       - "1080:1080" # Web UI
       - "1025:1025" # SMTP
 
   # For easily generating large PlantUML diagrams
   # Not relevant to production environment.
   # Accessible at http://localhost:9999
-  plantuml:
-    image: plantuml/plantuml-server:jetty
-    ports:
-      - 9999:8080
-    environment:
-      PLANTUML_LIMIT_SIZE: 8192
+  # plantuml:
+  #   image: plantuml/plantuml-server:jetty
+  #   ports:
+  #     - 9999:8080
+  #   environment:
+  #     PLANTUML_LIMIT_SIZE: 8192
 
 volumes:
   db_data: