Merge pull request #36 from terminusdb/dashboard-review

review access-control component

Author: Francesca-Bit

package-lock.json

@@ -5,6 +5,7 @@
     "./packages/react-worker",
     "./packages/tdb-react-layout",
     "./packages/tdb-access-control-component",
-    "./packages/tdb-dashboard"
+    "./packages/tdb-dashboard",
+    "../terminusdb-documents-ui/src/index.js"
   ]
 }

package.json

@@ -2,8 +2,8 @@
 import {Row, Tab, Tabs} from "react-bootstrap"
 import {NewMemberModal} from "./roles/NewMemberModal"
 import {INVITATION_TAB, MEMBERS_TAB} from "./constants"
-import {RiUserShared2Fill} from "react-icons/ri"
-import {FaUsers} from "react-icons/fa"
+import {RiTeamLine, RiUserShared2Fill} from "react-icons/ri"
+import {FaUsers,FaUserEdit,FaUserFriends} from "react-icons/fa"
 import {InvitationsList} from "./roles/InvitationsList"
 import {MembersList} from "./roles/MembersList"
 import {defaultSetting} from "./utils/default"
@@ -45,17 +45,17 @@ export const TeamMembers = ({organization,currentUser,accessControlDashboard,opt
                 </Tab>
             }
             { settings.tabs.ORGANIZATION_LIST && 
-                <Tab eventKey={"ORGANIZATION_LIST"}   title={<span><RiUserShared2Fill className="mr-1"/>{"ORGANIZATIONS"}</span>}>
+                <Tab eventKey={"ORGANIZATION_LIST"}   title={<span><FaUserFriends className="mr-1"/>{"TEAMS"}</span>}>
                     <OrganizationList options={settings}   accessControlDashboard={accessControlDashboard}/>
                 </Tab>
             }
             {settings.tabs.ALL_USER && 
-                <Tab eventKey={"ALL_USER"}   title={<span><RiUserShared2Fill className="mr-1"/>{"ALL THE USERS"}</span>}>
+                <Tab eventKey={"ALL_USER"}   title={<span><RiUserShared2Fill className="mr-1"/>{"USERS"}</span>}>
                     <AllUserList options={settings}   accessControlDashboard={accessControlDashboard}/>
                 </Tab>
             }
             { settings.tabs.ROLES_LIST && 
-                <Tab eventKey={"ROLES_LIST"}   title={<span><RiUserShared2Fill className="mr-1"/>{"ROLE List"}</span>}>
+                <Tab eventKey={"ROLES_LIST"}   title={<span><FaUserEdit className="mr-1"/>{"ROLES"}</span>}>
                     <RoleListTable options={settings}  accessControlDashboard={accessControlDashboard}/>
                 </Tab>
             }

packages/tdb-access-control-component/src/TeamMembers.js

@@ -39,20 +39,31 @@ export const getListConfigBase = (limit,getActionButtons) => {
 
 export const getRoleListConfig = (limit,getActionButtons) => {
     const tabConfig= TerminusClient.View.table();
-    tabConfig.column_order("name","actions")
+    tabConfig.column_order("name","action","actions")
     tabConfig.column("name").header("Role Name")
+
+    tabConfig.column("action").header("Action List")
+    tabConfig.column("action").render(formatActions)
     tabConfig.column("actions").header(" ")
     tabConfig.column("actions").render(getActionButtons)
     tabConfig.pager("local")
     tabConfig.pagesize(limit)
     return tabConfig
 }
 
+function formatActions (cell){
+    const columnId= cell.column.id
+    const columnAction = cell.row.original[columnId]
+    if(!Array.isArray(columnAction))return ""
+    return columnAction.map((item,index)=><p className="mb-0" key={`${index}__key`}>{item}</p>)
+    
+}
+
 function formatRoles (cell) {
     const columnId= cell.column.id
     const rolesList = cell.row.original[columnId]
     if(!Array.isArray(rolesList))return ""
-    return rolesList.map((item,index)=><p key={`${index}__key`}>{item["@id"]}</p>
+    return rolesList.map((item,index)=><p className="mb-0" key={`${index}__key`}>{item["@id"]}</p>
     )
 }
 

packages/tdb-access-control-component/src/ViewConfig.js

@@ -1,46 +1,53 @@
 //every component 
 import {UTILS} from '@terminusdb/terminusdb-client'
-
+import {filterCapability} from "./utils/searchResult"
 export const AccessControlDashboard = (clientAccessControl)=>{
 
     let __rolesList = []
     let __teamUserRoles = null // an array of roles
     let __teamUserActions = null
-    let __userDBRoles = null
-    let __dbUserActions = null
+
+    let __databasesUserRoles = null // all the dbs capabilities of present
+    let __dbUserRoles = null // the current database user roles
+    let __dbUserActions = null // the current database actions
+
     let __clientAccessControl = clientAccessControl
     //let __currentUser = 
 
     async function callGetRolesList(roleRemoveFilter){
-            try{
-               const list = await __clientAccessControl.getAccessRoles()
-               __rolesList= list
-               if(roleRemoveFilter){
-                     __rolesList = list.filter(item => !roleRemoveFilter[item["@id"]])
-               }
-              
-               return __rolesList
-            }catch(err){
-                console.log('I can not get the role list',err)
+        try{
+            const list = await __clientAccessControl.getAccessRoles()
+            __rolesList= list
+            if(roleRemoveFilter){
+                __rolesList = list.filter(item => !roleRemoveFilter[item["@id"]])
             }
+              
+            return __rolesList
+        }catch(err){
+            console.log('I can not get the role list',err)
+        }
     }
 
-          // review with database capability 
-            // before we have to fix team
+    // review with database capability 
+    // before we have to fix team
+    // if we have a database role we can see the database id no the database name but we use the database name to identify a
+    // database inside the dashboard and in the client
     async function callGetUserTeamRole(userName,orgName){
 		try{
 			const result = await __clientAccessControl.getTeamUserRoles(userName,orgName)
             let teamRoles = []
+            let dbUserRole = {}
             if(result && result.capability && result.capability.length>0){
                 if(result.capability.length ===1){
                     teamRoles = result.capability[0].role
                 }else{
                     const orgId = `Organization/${UTILS.encodeURISegment(orgName)}`
-                    const cap = result.capability.find(item=>item.scope === orgId)
-                    teamRoles = cap && cap.role ? cap.role : []
+                    const {role,databases} = filterCapability(result.capability,orgId)
+                    teamRoles = role || []
+                    dbUserRole = databases
                 }
             }        
-            setTeamActions(teamRoles)
+            setTeamActions(teamRoles,dbUserRole)
 		}catch(err){
             if(err.data && err.status === 404 && err.data["api:message"]){
                 throw new Error(err.data["api:message"])
@@ -67,30 +74,28 @@ export const AccessControlDashboard = (clientAccessControl)=>{
         return actionsObj
     }
 
-    const setTeamActions = (teamRoles,dbUserRole) =>{
+    const setTeamActions = (teamRoles,databasesUserRoles) =>{
        // const database = databaseRoles.find(element => element["name"]["@value"] === dataproduct);
         //const role = database ? database['role'] : teamRole
         __teamUserRoles = teamRoles
         __teamUserActions =  formatActionsRoles(teamRoles) 
-        __userDBRoles = dbUserRole
-        //if change the team I reset the __dbUserActions === at the teamActions
+       // all the database capabilities 
+        __databasesUserRoles = databasesUserRoles
+        // I have to find a way to set the db_user actions
+        __dbUserRoles = null
         __dbUserActions = null
     }
 
+    // ??
     const setDBUserActions = (id) =>{
-        if(!id) {
-            __dbUserActions = null
-            return
-        }
-        if(!Array.isArray(__userDBRoles)) return 
-        const database = __userDBRoles.find(element => element["name"]["@value"] === id);
-        const role = database ? database['role'] : null
-        //no role could be a new database
-        if(!role || role === __teamUserRole){
-            __dbUserActions = __teamUserActions         
-        }else{
-            __dbUserActions = formatActionsRoles(role)
-        }     
+        __dbUserActions = null
+        __dbUserRoles = null
+        if(!__databasesUserRoles) return 
+        const databaseRoles = __databasesUserRoles[id]
+        if(databaseRoles){
+            __dbUserRoles = databaseRoles
+            __dbUserActions = formatActionsRoles(databaseRoles)
+        }   
     }
 
     const isAdmin = () =>{
@@ -107,31 +112,43 @@ export const AccessControlDashboard = (clientAccessControl)=>{
         return __teamUserActions[DELETE_DATABASE] ? true : false
      }
 
+    
+    const checkDBManagmentAccess = (actionName) =>{
+        // no team roles the access is always false
+        if(!__teamUserActions)return false 
+        if( __teamUserActions[actionName]) return true 
+        if(__dbUserActions && __dbUserActions[actionName]) return true
+        return false
+    }
      //!!!TO BE REVIEW
      // I have to move this check at database-level
     const schemaWrite = () =>{
-     if(!__teamUserActions)return false 
-       return __teamUserActions[SCHEMA_WRITE_ACCESS] ? true : false
+       return checkDBManagmentAccess(SCHEMA_WRITE_ACCESS)
     }
 
     const classFrame = () =>{
-        if(!__teamUserActions)return false 
-          return __teamUserActions[CLASS_FRAME] ? true : false
+        return checkDBManagmentAccess(CLASS_FRAME)
     }
 
     const instanceRead = () =>{
-        if(!__teamUserActions)return false 
-          return __teamUserActions[INSTANCE_READ_ACCESS] ? true : false
+        return checkDBManagmentAccess(INSTANCE_READ_ACCESS)
     }
 
     const instanceWrite = () =>{
-        if(!__teamUserActions)return false 
-          return __teamUserActions[INSTANCE_WRITE_ACCESS] ? true : false
+        console.log("INSTANCE_WRITE_ACCESS", checkDBManagmentAccess(INSTANCE_WRITE_ACCESS))
+        return checkDBManagmentAccess(INSTANCE_WRITE_ACCESS)
     }
 
     const branch = () =>{
-        if(!__teamUserActions)return false 
-          return __teamUserActions[BRANCH] ? true : false
+        return checkDBManagmentAccess(BRANCH)
+    }
+
+    const commitRead = () =>{
+        return checkDBManagmentAccess(COMMIT_READ_ACCESS)
+    }
+
+    const commitWrite = () =>{
+        return checkDBManagmentAccess(COMMIT_WRITE_ACCESS)
     }
 
     const getRolesList = () =>{
@@ -147,8 +164,14 @@ export const AccessControlDashboard = (clientAccessControl)=>{
         return __teamUserRoles
     }
 
+    const getDatabaseUserRoles = () =>{
+        return __dbUserRoles
+    }
 
-    return {createDB,
+    return {getDatabaseUserRoles,
+            commitRead,
+            commitWrite,
+            createDB,
             classFrame,
             instanceRead,
             instanceWrite,

packages/tdb-access-control-component/src/accessControlDashboard.js

@@ -1,5 +1,6 @@
 import React , { useState } from "react"
 import {UTILS} from "@terminusdb/terminusdb-client"
+import {filterCapability} from "../utils/searchResult"
 
 export const AccessControlHook=(accessControlDashboard,options)=> {
     //to load the items list
@@ -15,7 +16,7 @@ export const AccessControlHook=(accessControlDashboard,options)=> {
     const [teamRequestAccessList,setTeamRequestAccessList] =useState([])
 
     //review
-    const [rolesList,setRolesList]=useState(accessControlDashboard.getRolesList())
+    const [rolesList,setRolesList]=useState([])
     const [resultTable,setResultTable]=useState([])
 
     const formatMessage = (err)=>{
@@ -53,11 +54,11 @@ export const AccessControlHook=(accessControlDashboard,options)=> {
     /*
     * I can not use the general one because I need in accessControl
     */
-    async function getRolesList(){
+    async function getRolesList(roleRemoveFilter){
         resetStatus()
         const errorMessage = "I can not get the roles list"
         try{
-            const result = await accessControlDashboard.callGetRolesList()
+            const result = await accessControlDashboard.callGetRolesList(roleRemoveFilter)
             setRolesList (result.reverse())
             if(successMessage)setSuccessMessage(successMessage)
         }catch(err){
@@ -128,24 +129,8 @@ export const AccessControlHook=(accessControlDashboard,options)=> {
 		}finally{
         	setLoading(false)
         }
-
     }
 
-    function filterCapability (capArr,orgId){
-        let role;
-        let databases= {}
-        capArr.forEach(cap => {
-            if(cap.scope === orgId){
-                role = cap.role
-            }else if(cap.scope.startsWith("UserDatabase")){
-                databases[cap.scope] = cap.role
-            }
-
-        })
-
-        return {role,databases}
-    }
-
     async function getOrgUsersLocal(orgName){
         setLoading(true)
 		try{
@@ -270,10 +255,44 @@ export const AccessControlHook=(accessControlDashboard,options)=> {
         }
     }
 
+    async function createOrganizationRemote(teamName){
+        resetStatus()
+        const currentBaseUrl =clientAccessControl.baseURL
+        try{
+            /*
+            * I need to override the baseUrl for the remoteCall
+            */         
+           clientAccessControl.baseURL = currentBaseUrl+"/private"
+           await clientAccessControl.createOrganization(teamName)
+          
+           return true
+        }catch(err){
+           setError(formatMessage(err))
+           return false
+        }finally{
+            clientAccessControl.baseURL = currentBaseUrl
+            setLoading(false)
+        }
+   }
+
+
+    async function createOrganizationAndCapability(teamName,userId,roles){
+         resetStatus()
+         try{
+            const teamId = await clientAccessControl.createOrganization(teamName)
+            await clientAccessControl.manageCapability(userId,teamId,roles,"grant")
+            return true
+         }catch(err){
+            setError(formatMessage(err))
+            return false
+         }finally{
+        	setLoading(false)
+        }
+    }
     /*
     * local database
     */
-    async function manageCapability(teamId,operation,roles, username,password){
+    async function manageCapability(teamId,operation,roles, userId,password){
         setLoading(true)
 		try{
 			//const user = await clientAccessControl.addUser(name,password)
@@ -283,7 +302,7 @@ export const AccessControlHook=(accessControlDashboard,options)=> {
                 }
                 else return item
             })
-            await clientAccessControl.manageCapability(username, teamId, rolesIds, operation)
+            await clientAccessControl.manageCapability(userId, teamId, rolesIds, operation)
             return true
 		}catch(err){
         	setError(formatMessage(err))
@@ -346,7 +365,9 @@ export const AccessControlHook=(accessControlDashboard,options)=> {
         }
     }
 
-    return {getOrgUsersLocal,
+    return {createOrganizationAndCapability,
+            createOrganizationRemote,
+            getOrgUsersLocal,
             createElementByName,
             deleteElementByName,
             getResultTable,

packages/tdb-access-control-component/src/hooks/AccessControlHook.js

@@ -1,2 +1,3 @@
 export {TeamMembers} from './TeamMembers';
-export {AccessControlDashboard} from './accessControlDashboard';
+export {AccessControlDashboard} from './accessControlDashboard';
+export {AccessControlHook} from './hooks/AccessControlHook';