feat: enforce user roles

enforces user admin role requirement for - creating / deleting / setting role for organization users - creating / deleting / setting role for project users - updating project name - deleting project hides action elements based on role for - admin console - team settings if team is only visible through project membership - add project tile if not team admin - project name text editor if not team / project admin - add redirect from team page if settings only visible through project membership - add redirect from admin console if not org admin role enforcement is handled on the api side through a custom GraphQL directive `hasRole`. on the client side, role information is fetched in the TopNavbar's `me` query and stored in the `UserContext`. there is a custom hook, `useCurrentUser`, that provides a user object with two functions, `isVisibile` & `isAdmin` which is used to check roles in order to render/hide relevant UI elements.
2020-07-31 20:01:14 -05:00
parent 5dbdc20b36
commit e64f6f8569
63 changed files with 3017 additions and 1905 deletions
--- a/frontend/src/Install/index.tsx
+++ b/frontend/src/Install/index.tsx
@ -8,13 +8,13 @@ import { getAccessToken, setAccessToken } from 'shared/utils/accessToken';
 import updateApolloCache from 'shared/utils/cache';
 import produce from 'immer';
 import { useApolloClient } from '@apollo/react-hooks';
-import UserIDContext from 'App/context';
+import UserContext, { PermissionLevel, PermissionObjectType } from 'App/context';
 import jwtDecode from 'jwt-decode';

 const Install = () => {
  const client = useApolloClient();
  const history = useHistory();
-  const { setUserID } = useContext(UserIDContext);
+  const { setUser } = useContext(UserContext);
  useEffect(() => {
    fetch('/auth/refresh_token', {
      method: 'POST',
@ -65,7 +65,15 @@ const Install = () => {
                    const response: RefreshTokenResponse = await x.data;
                    const { accessToken, isInstalled } = response;
                    const claims: JWTToken = jwtDecode(accessToken);
-                    setUserID(claims.userId);
+                    const currentUser = {
+                      id: claims.userId,
+                      roles: {
+                        org: claims.orgRole,
+                        teams: new Map<string, string>(),
+                        projects: new Map<string, string>(),
+                      },
+                    };
+                    setUser(currentUser);
                    setAccessToken(accessToken);
                    if (!isInstalled) {
                      history.replace('/install');