Skip to content

Commit 0ce8a4a

Browse files
committed
feat: add validation in admin frontend
1 parent 50454eb commit 0ce8a4a

File tree

7 files changed

+60
-1
lines changed

7 files changed

+60
-1
lines changed

graphql/schema.graphql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ type Query {
33
getHistory: [GetHistoryResponse] @cacheControl(scope: PRIVATE)
44
getLast(workspace: String): GetLastResponse @cacheControl(scope: PRIVATE)
55
getById(id: String): ConfigResponse @cacheControl(scope: PRIVATE)
6+
getPermissions: GetPermissionsResponse @cacheControl(scope: PRIVATE)
67
}
78

89
type Mutation {
@@ -49,6 +50,9 @@ type GetHistoryResponse {
4950
appVersion: String
5051
}
5152

53+
type GetPermissionsResponse {
54+
access: Boolean
55+
}
5256
type GetSetupConfigResponse {
5357
adminSetup: AdminSetupResponse
5458
}

messages/context.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
"admin/checkout-ui.navigation.title": "admin/checkout-ui.navigation.title",
33
"admin/checkout-ui.title": "admin/checkout-ui.title",
44
"admin/checkout-ui.update-warning": "admin/checkout-ui.update-warning",
5+
"admin/checkout-ui.permission-warning": "admin/checkout-ui.permission-warning",
6+
"admin/checkout-ui.permission-tooltip": "admin/checkout-ui.permission-tooltip",
57
"admin/checkout-ui.tab.layout": "admin/checkout-ui.tab.layout",
68
"admin/checkout-ui.tab.colors": "admin/checkout-ui.tab.colors",
79
"admin/checkout-ui.tab.javascript": "admin/checkout-ui.tab.javascript",

messages/en.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
{
22
"admin/checkout-ui.title": "Checkout UI Custom",
33
"admin/checkout-ui.update-warning": "This app has been updated. Please click PUBLISH to apply the latest fixes to your checkout.",
4+
"admin/checkout-ui.permission-warning":"You have no permission to publish",
5+
"admin/checkout-ui.permission-tooltip":"License role is 'SaveOrderFormConfiguration'",
46
"admin/checkout-ui.navigation.title": "Checkout UI Custom",
57
"admin/checkout-ui.tab.layout": "Layout",
68
"admin/checkout-ui.tab.colors": "Colors",

messages/pt.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
{
22
"admin/checkout-ui.title": "Interface personalizada do checkout",
33
"admin/checkout-ui.update-warning": "Este app foi atualizado. Clique em PUBLICAR para aplicar as últimas correções ao seu checkout.",
4+
"admin/checkout-ui.permission-warning":"Você não tem permissão para publicar",
5+
"admin/checkout-ui.permission-tooltip":"A licença chave é 'SaveOrderFormConfiguration'",
46
"admin/checkout-ui.navigation.title": "Interface personalizada do checkout",
57
"admin/checkout-ui.tab.layout": "Interface",
68
"admin/checkout-ui.tab.colors": "Cores",

node/graphql/index.ts

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import { getCountryRules } from '../middlewares/getCountryRules'
88
import { holidays } from '../middlewares/holidays'
99

1010
import { authCheck } from './authcheck'
11+
import { validateAdminToken } from './helper'
1112

1213

1314
const SCHEMA_VERSION = 'v0.1.3'
@@ -237,6 +238,23 @@ export const resolvers = {
237238

238239
return data
239240
},
241+
getPermissions: async (_: any, __: any, ctx: any) => {
242+
243+
const cookie = ctx.headers?.cookie
244+
245+
const vtexCredentials: any = cookie
246+
? cookie
247+
.split('; ')
248+
.find((cookie: string) => cookie.startsWith('VtexIdclientAutCookie='))
249+
?.split('=')[1] ?? ''
250+
: '';
251+
252+
const permission = await validateAdminToken(ctx, vtexCredentials)
253+
254+
return {
255+
access: permission.hasValidAdminRole
256+
}
257+
},
240258
getById: async (_: any, params: any, ctx: any) => {
241259
const {
242260
clients: { masterdata },

react/Admin.tsx

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ import {
1818
IconDeny,
1919
ModalDialog,
2020
Progress,
21+
Tooltip,
22+
Tag,
23+
IconWarning
2124
} from 'vtex.styleguide'
2225
import { useRuntime } from 'vtex.render-runtime'
2326
import sessionQuery from 'vtex.store-resources/QuerySession'
@@ -30,6 +33,8 @@ import History from './components/History'
3033
import saveMutation from './mutations/saveConfiguration.gql'
3134
import GET_LAST from './queries/getLast.gql'
3235
import GET_CONFIG from './queries/getConfig.gql'
36+
import getUserPermissions from './queries/getPermissions.gql'
37+
3338

3439
const messages = defineMessages({
3540
title: {
@@ -93,6 +98,9 @@ const Admin: FC<any & WrappedComponentProps> = ({
9398
}: any) => {
9499
const { workspace, production } = useRuntime()
95100

101+
102+
const { data : permission } = useQuery(getUserPermissions)
103+
96104
const [state, setState] = useState<any>({
97105
...defaultConfiguration,
98106
currentTab: 0,
@@ -284,7 +292,9 @@ const Admin: FC<any & WrappedComponentProps> = ({
284292
<div className="ma3">
285293
<Button
286294
variation="primary"
287-
disabled={loadingLast}
295+
disabled={
296+
permission?.getPermissions?.access ? loadingLast : true
297+
}
288298
onClick={() => {
289299
handlePublish()
290300
}}
@@ -293,6 +303,22 @@ const Admin: FC<any & WrappedComponentProps> = ({
293303
</Button>
294304
</div>
295305
</div>
306+
307+
{permission && !permission?.getPermissions?.access && (
308+
309+
<div className="cb ma3">
310+
<Tag type="warning" variation="low">
311+
<FormattedMessage id="admin/checkout-ui.permission-warning" />
312+
<Tooltip label={<FormattedMessage id="admin/checkout-ui.permission-tooltip" />}>
313+
<span className="ml3 pointer">
314+
<IconWarning />
315+
</span>
316+
</Tooltip>
317+
</Tag>
318+
</div>
319+
320+
)}
321+
296322
</span>
297323
</PageHeader>
298324
}

react/queries/getPermissions.gql

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
query getUserPermissions {
2+
getPermissions {
3+
access
4+
}
5+
}

0 commit comments

Comments
 (0)