diff --git a/app/controllers/api/v1/admin/tenants_controller.rb b/app/controllers/api/v1/admin/tenants_controller.rb index b14634abe3b95d15d85f0c4cf5338b0d7865d202..11569c535fa50f29db8d8d7eb062fc2e9a7ea2fc 100644 --- a/app/controllers/api/v1/admin/tenants_controller.rb +++ b/app/controllers/api/v1/admin/tenants_controller.rb @@ -21,7 +21,7 @@ module Api module Admin class TenantsController < ApiController before_action do - # TODO: - ahmad: Add role check + ensure_super_admin end # GET /api/v1/admin/tenants diff --git a/app/controllers/concerns/authorizable.rb b/app/controllers/concerns/authorizable.rb index 95364c83c45a5ca7ec891a73c0356a9220433419..5de6097ddad113afb2e8a9bef44dbe96e0abf13e 100644 --- a/app/controllers/concerns/authorizable.rb +++ b/app/controllers/concerns/authorizable.rb @@ -41,6 +41,10 @@ module Authorizable ).call end + def ensure_super_admin + return render_error status: :forbidden unless current_user.super_admin? + end + private # Ensures that requests to the API are explicit enough. diff --git a/app/javascript/components/admin/tenants/Tenants.jsx b/app/javascript/components/admin/tenants/Tenants.jsx index 4be513f06579994d802edb69dbe45ab30b7e13a4..70a1630e0ca2178a4ece597fc879f1b7804ede1a 100644 --- a/app/javascript/components/admin/tenants/Tenants.jsx +++ b/app/javascript/components/admin/tenants/Tenants.jsx @@ -16,6 +16,7 @@ import React, { useState } from 'react'; import Card from 'react-bootstrap/Card'; +import { Navigate } from 'react-router-dom'; import { Button, Col, Container, Row, Stack, Tab, @@ -29,10 +30,16 @@ import NoSearchResults from '../../shared_components/search/NoSearchResults'; import TenantsTable from './TenantsTable'; import Modal from '../../shared_components/modals/Modal'; import CreateTenantForm from './forms/CreateTenantForm'; +import { useAuth } from '../../../contexts/auth/AuthProvider'; export default function Tenants() { const { t } = useTranslation(); const [page, setPage] = useState(); + const currentUser = useAuth(); + + if (!currentUser.isSuperAdmin) { + return <Navigate to="/" />; + } const [searchInput, setSearchInput] = useState(); const { data: tenants, isLoading } = useTenants({ search: searchInput, page }); diff --git a/spec/controllers/admin/tenants_controller_spec.rb b/spec/controllers/admin/tenants_controller_spec.rb index 699e47b9ece6009dd11c3c1a9d96a7e6b2c38af1..2563f8373655e5c9d03052d44023b79219598462 100644 --- a/spec/controllers/admin/tenants_controller_spec.rb +++ b/spec/controllers/admin/tenants_controller_spec.rb @@ -19,7 +19,7 @@ require 'rails_helper' RSpec.describe Api::V1::Admin::TenantsController, type: :controller do - let(:user) { create(:user) } + let(:user) { create(:user, :with_super_admin) } let(:valid_tenant_params) do { name: 'new_provider', diff --git a/spec/factories/user_factory.rb b/spec/factories/user_factory.rb index d07008f8d4f80d72c05f26a4dbc6d4818b43fe44..e59a4f63b868dcfb8cae65b1588c8a683f89e4b9 100644 --- a/spec/factories/user_factory.rb +++ b/spec/factories/user_factory.rb @@ -29,6 +29,14 @@ FactoryBot.define do language { %w[en fr es ar].sample } verified { true } + trait :with_super_admin do + after(:create) do |user| + user.provider = 'bn' + user.role = create(:role, :with_super_admin) + user.save + end + end + trait :with_manage_users_permission do after(:create) do |user| create(:role_permission, role: user.role, permission: create(:permission, name: 'ManageUsers'), value: 'true')