objectcomputing
diff --git a/‎README.md‎
Lines changed: 15 additions & 0 deletions b/‎README.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎server/src/main/java/com/objectcomputing/checkins/services/email/EmailController.java‎
Lines changed: 4 additions & 0 deletions b/‎server/src/main/java/com/objectcomputing/checkins/services/email/EmailController.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎server/src/main/java/com/objectcomputing/checkins/services/email/EmailServicesImpl.java‎
Lines changed: 0 additions & 4 deletions b/‎server/src/main/java/com/objectcomputing/checkins/services/email/EmailServicesImpl.java‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎server/src/main/java/com/objectcomputing/checkins/services/permissions/Permission.java‎
Lines changed: 1 addition & 0 deletions b/‎server/src/main/java/com/objectcomputing/checkins/services/permissions/Permission.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎server/src/main/resources/db/dev/R__Load_testing_data.sql‎
Lines changed: 5 additions & 0 deletions b/‎server/src/main/resources/db/dev/R__Load_testing_data.sql‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎server/src/test/java/com/objectcomputing/checkins/services/email/EmailControllerTest.java‎
Lines changed: 1 addition & 1 deletion b/‎server/src/test/java/com/objectcomputing/checkins/services/email/EmailControllerTest.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/test/java/com/objectcomputing/checkins/services/fixture/PermissionFixture.java‎
Lines changed: 1 addition & 0 deletions b/‎server/src/test/java/com/objectcomputing/checkins/services/fixture/PermissionFixture.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎server/src/test/java/com/objectcomputing/checkins/services/fixture/RoleFixture.java‎
Lines changed: 3 additions & 1 deletion b/‎server/src/test/java/com/objectcomputing/checkins/services/fixture/RoleFixture.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎web-ui/src/components/admin/roles/Roles.jsx‎
Lines changed: 12 additions & 7 deletions b/‎web-ui/src/components/admin/roles/Roles.jsx‎
Lines changed: 12 additions & 7 deletions
diff --git a/‎web-ui/src/components/admin/roles/Roles.test.jsx‎
Lines changed: 14 additions & 1 deletion b/‎web-ui/src/components/admin/roles/Roles.test.jsx‎
Lines changed: 14 additions & 1 deletion
@@ -108,6 +108,21 @@ Note: Be sure that the target Google Drive folder has edit access granted to the
 3. Open the browser to run the application at `http://localhost:8080`
 4. Access swagger-UI at - `http://localhost:8080/swagger-ui`
 
+# Testing
+
+1. To run the server tests, run the following:
+    ```sh
+    $ ./gradlew :server:check
+    ```
+2. To run the UI tests, run the following:
+    ```sh
+    $ ./gradlew :web-ui:check
+    ```
+3. To update snapshots, run the following:
+    ```sh
+    $ cd web-ui && yarn test -u
+    ```
+
 # Contributing
 
 Please see [Contributing](./CONTRIBUTING.md) for details on how to contribute to this project.
@@ -1,5 +1,8 @@
 package com.objectcomputing.checkins.services.email;
 
+import com.objectcomputing.checkins.services.permissions.Permission;
+import com.objectcomputing.checkins.services.permissions.RequiredPermission;
+
 import io.micronaut.http.HttpStatus;
 import io.micronaut.http.annotation.Controller;
 import io.micronaut.http.annotation.Post;
@@ -24,6 +27,7 @@ public EmailController(EmailServices emailServices) {
 
     @Post
     @Status(HttpStatus.CREATED)
+    @RequiredPermission(Permission.CAN_SEND_EMAIL)
     public List<Email> sendEmail(String subject, String content, boolean html, String... recipients) {
         return emailServices.sendAndSaveEmail(subject, content, html, recipients);
     }
 
@@ -48,10 +48,6 @@ public List<Email> sendAndSaveEmail(String subject, String content, boolean html
 
         List<Email> sentEmails = new ArrayList<>();
 
-        if (!currentUserServices.isAdmin()) {
-            throw new PermissionException(NOT_AUTHORIZED_MSG);
-        }
-
         MemberProfile currentUser = currentUserServices.getCurrentUser();
         String fromName = currentUser.getFirstName() + " " + currentUser.getLastName();
         LocalDateTime sendDate = LocalDateTime.now();
 
@@ -13,6 +13,7 @@ public enum Permission {
   CAN_CREATE_KUDOS("Create kudos", "Feedback"),
   CAN_ADMINISTER_KUDOS("Administer kudos", "Feedback"),
   CAN_VIEW_FEEDBACK_ANSWER("View feedback answers", "Feedback"),
+  CAN_SEND_EMAIL("Send email", "Feedback"),
   CAN_DELETE_ORGANIZATION_MEMBERS("Delete organization members", "User Management"),
   CAN_CREATE_ORGANIZATION_MEMBERS("Create organization members", "User Management"),
   CAN_IMPERSONATE_MEMBERS("Impersonate organization members", "Security"),
 
@@ -888,6 +888,11 @@ insert into role_permissions
 values
     ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_CREATE_MERIT_REPORT');
 
+insert into role_permissions
+    (roleid, permission)
+values
+    ('e8a4fff8-e984-4e59-be84-a713c9fa8d23', 'CAN_SEND_EMAIL');
+
 -- PDL Permissions
 insert into role_permissions
     (roleid, permission)
 
@@ -172,6 +172,6 @@ void testSendAndSaveEmailUnauthorized() {
                 client.toBlocking().exchange(request, Argument.listOf(Email.class)));
 
         assertEquals(HttpStatus.FORBIDDEN, responseException.getStatus());
-        assertEquals(NOT_AUTHORIZED_MSG, responseException.getMessage());
+        assertEquals("Forbidden", responseException.getMessage());
     }
 }
@@ -97,6 +97,7 @@ public interface PermissionFixture extends RolePermissionFixture {
         Permission.CAN_ADMINISTER_KUDOS,
         Permission.CAN_CREATE_KUDOS,
         Permission.CAN_IMPERSONATE_MEMBERS,
+        Permission.CAN_SEND_EMAIL,
         Permission.CAN_CREATE_MERIT_REPORT
     );
 
 
@@ -14,7 +14,9 @@ default Role createRole(Role role) {
     }
 
     default Role createAndAssignAdminRole(MemberProfile memberProfile) {
-        return createAndAssignRole(RoleType.ADMIN, memberProfile);
+        Role role = createAndAssignRole(RoleType.ADMIN, memberProfile);
+        setPermissionsForAdmin(role.getId());
+        return role;
     }
 
     // TODO phase out RoleType
 
@@ -12,7 +12,10 @@ import {
   removeUserFromRole,
   updateRole
 } from '../../../api/roles';
-
+import {
+  selectHasRoleAssignmentPermission,
+  noPermission,
+} from '../../../context/selectors';
 import RoleUserCards from './RoleUserCards';
 
 import {
@@ -64,7 +67,7 @@ const Roles = () => {
   memberProfiles?.sort((a, b) => a.name.localeCompare(b.name));
 
   if (!roles) console.error('Roles.jsx: state.roles is not set!');
-  const allRoles = roles.map(r => r.role).sort();
+  const allRoles = roles?.map(r => r.role).sort() ?? [];
   useQueryParameters([
     {
       name: 'roles',
@@ -74,7 +77,7 @@ const Roles = () => {
         setSelectedRoles(isArrayPresent(value) ? value.sort() : allRoles);
       },
       toQP() {
-        return selectedRoles.join(',');
+        return selectedRoles?.join(',');
       }
     },
     {
@@ -212,7 +215,7 @@ const Roles = () => {
     setEditedRole({ ...editedRole, description: event?.target?.value });
   };
 
-  return (
+  return selectHasRoleAssignmentPermission(state) ? (
     <div className="roles-content">
       <div className="roles">
         <div className="roles-top">
@@ -234,13 +237,13 @@ const Roles = () => {
                   {roles?.map(roleObj => (
                     <MenuItem key={roleObj.role} value={roleObj.role}>
                       <Checkbox
-                        checked={selectedRoles.indexOf(roleObj.role) > -1}
+                        checked={selectedRoles?.indexOf(roleObj.role) > -1}
                       />
                       <ListItemText primary={roleObj.role} />
                     </MenuItem>
                   ))}
                 </Select>
-                <FormHelperText>{`Showing ${selectedRoles.length}/${roles?.length} roles`}</FormHelperText>
+                <FormHelperText>{`Showing ${selectedRoles?.length}/${roles?.length} roles`}</FormHelperText>
               </FormControl>
               <TextField
                 className="member-role-search"
@@ -303,7 +306,7 @@ const Roles = () => {
         </Modal>
         <div className="roles-bot">
           {roles?.map(roleObj =>
-            selectedRoles.includes(roleObj.role) ? (
+            selectedRoles?.includes(roleObj.role) ? (
               <Card className="role" key={`${roleObj.role}-card`}>
                 <CardContent className="role-card">
                   <List style={{ paddingTop: 0 }}>
@@ -398,6 +401,8 @@ const Roles = () => {
         </div>
       </div>
     </div>
+  ) : (
+    <h3>{noPermission}</h3>
   );
 };
 
 
@@ -12,7 +12,12 @@ const initialState = {
     roles: [
       { id: 1, role: 'ADMIN', memberid: 1 },
       { id: 2, role: 'PDL', memberid: 2 }
-    ]
+    ],
+    userProfile: {
+      name: 'Current User',
+      role: ['MEMBER'],
+      permissions: [{ permission: 'CAN_ASSIGN_ROLE_PERMISSIONS' }],
+    },
   }
 };
 
@@ -23,3 +28,11 @@ it('renders correctly', () => {
     </AppContextProvider>
   );
 });
+
+it('renders an error if user does not have appropriate permission', () => {
+  snapshot(
+    <AppContextProvider>
+      <Roles />
+    </AppContextProvider>
+  );
+});
Original file line number	Diff line number	Diff line change
`@@ -172,6 +172,6 @@ void testSendAndSaveEmailUnauthorized() {`
`172`	`172`	`client.toBlocking().exchange(request, Argument.listOf(Email.class)));`
`173`	`173`
`174`	`174`	`assertEquals(HttpStatus.FORBIDDEN, responseException.getStatus());`
`175`		`- assertEquals(NOT_AUTHORIZED_MSG, responseException.getMessage());`
	`175`	`+ assertEquals("Forbidden", responseException.getMessage());`
`176`	`176`	`}`
`177`	`177`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,9 @@ default Role createRole(Role role) {`
`14`	`14`	`}`
`15`	`15`
`16`	`16`	`default Role createAndAssignAdminRole(MemberProfile memberProfile) {`
`17`		`- return createAndAssignRole(RoleType.ADMIN, memberProfile);`
	`17`	`+ Role role = createAndAssignRole(RoleType.ADMIN, memberProfile);`
	`18`	`+ setPermissionsForAdmin(role.getId());`
	`19`	`+ return role;`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`// TODO phase out RoleType`