Fix Tenants access (#5314)

* Fix Tenants access * Add :with_super_admin traits in user factory

Fix Tenants access (#5314)
eb079015 · Samuel Couillard · GitHub · ed1d7e6a · eb079015 · eb079015
Unverified Commit eb079015 authored 1 year ago by Samuel Couillard Committed by GitHub 1 year ago
--- a/app/controllers/api/v1/admin/tenants_controller.rb
+++ b/app/controllers/api/v1/admin/tenants_controller.rb
@@ -21,7 +21,7 @@ module Api
    module Admin
      class TenantsController < ApiController
        before_action do
-          # TODO: - ahmad: Add role check
+          ensure_super_admin
        end

        # GET /api/v1/admin/tenants

--- a/app/controllers/concerns/authorizable.rb
+++ b/app/controllers/concerns/authorizable.rb
@@ -41,6 +41,10 @@ module Authorizable
    ).call
  end

+  def ensure_super_admin
+    return render_error status: :forbidden unless current_user.super_admin?
+  end
+
  private

  # Ensures that requests to the API are explicit enough.

--- a/app/javascript/components/admin/tenants/Tenants.jsx
+++ b/app/javascript/components/admin/tenants/Tenants.jsx
@@ -16,6 +16,7 @@

 import React, { useState } from 'react';
 import Card from 'react-bootstrap/Card';
+import { Navigate } from 'react-router-dom';
 import {
  Button,
  Col, Container, Row, Stack, Tab,
@@ -29,10 +30,16 @@ import NoSearchResults from '../../shared_components/search/NoSearchResults';
 import TenantsTable from './TenantsTable';
 import Modal from '../../shared_components/modals/Modal';
 import CreateTenantForm from './forms/CreateTenantForm';
+import { useAuth } from '../../../contexts/auth/AuthProvider';

 export default function Tenants() {
  const { t } = useTranslation();
  const [page, setPage] = useState();
+  const currentUser = useAuth();
+
+  if (!currentUser.isSuperAdmin) {
+    return <Navigate to="/" />;
+  }

  const [searchInput, setSearchInput] = useState();
  const { data: tenants, isLoading } = useTenants({ search: searchInput, page });

--- a/spec/controllers/admin/tenants_controller_spec.rb
+++ b/spec/controllers/admin/tenants_controller_spec.rb
@@ -19,7 +19,7 @@
 require 'rails_helper'

 RSpec.describe Api::V1::Admin::TenantsController, type: :controller do
-  let(:user) { create(:user) }
+  let(:user) { create(:user, :with_super_admin) }
  let(:valid_tenant_params) do
    {
      name: 'new_provider',

--- a/spec/factories/user_factory.rb
+++ b/spec/factories/user_factory.rb
@@ -29,6 +29,14 @@ FactoryBot.define do
    language { %w[en fr es ar].sample }
    verified { true }

+    trait :with_super_admin do
+      after(:create) do |user|
+        user.provider = 'bn'
+        user.role = create(:role, :with_super_admin)
+        user.save
+      end
+    end
+
    trait :with_manage_users_permission do
      after(:create) do |user|
        create(:role_permission, role: user.role, permission: create(:permission, name: 'ManageUsers'), value: 'true')