Skip to content
Snippets Groups Projects
Unverified Commit eb079015 authored by Samuel Couillard's avatar Samuel Couillard Committed by GitHub
Browse files

Fix Tenants access (#5314)

* Fix Tenants access

* Add :with_super_admin traits in user factory
parent ed1d7e6a
Branches
Tags
No related merge requests found
......@@ -21,7 +21,7 @@ module Api
module Admin
class TenantsController < ApiController
before_action do
# TODO: - ahmad: Add role check
ensure_super_admin
end
# GET /api/v1/admin/tenants
......
......@@ -41,6 +41,10 @@ module Authorizable
).call
end
def ensure_super_admin
return render_error status: :forbidden unless current_user.super_admin?
end
private
# Ensures that requests to the API are explicit enough.
......
......@@ -16,6 +16,7 @@
import React, { useState } from 'react';
import Card from 'react-bootstrap/Card';
import { Navigate } from 'react-router-dom';
import {
Button,
Col, Container, Row, Stack, Tab,
......@@ -29,10 +30,16 @@ import NoSearchResults from '../../shared_components/search/NoSearchResults';
import TenantsTable from './TenantsTable';
import Modal from '../../shared_components/modals/Modal';
import CreateTenantForm from './forms/CreateTenantForm';
import { useAuth } from '../../../contexts/auth/AuthProvider';
export default function Tenants() {
const { t } = useTranslation();
const [page, setPage] = useState();
const currentUser = useAuth();
if (!currentUser.isSuperAdmin) {
return <Navigate to="/" />;
}
const [searchInput, setSearchInput] = useState();
const { data: tenants, isLoading } = useTenants({ search: searchInput, page });
......
......@@ -19,7 +19,7 @@
require 'rails_helper'
RSpec.describe Api::V1::Admin::TenantsController, type: :controller do
let(:user) { create(:user) }
let(:user) { create(:user, :with_super_admin) }
let(:valid_tenant_params) do
{
name: 'new_provider',
......
......@@ -29,6 +29,14 @@ FactoryBot.define do
language { %w[en fr es ar].sample }
verified { true }
trait :with_super_admin do
after(:create) do |user|
user.provider = 'bn'
user.role = create(:role, :with_super_admin)
user.save
end
end
trait :with_manage_users_permission do
after(:create) do |user|
create(:role_permission, role: user.role, permission: create(:permission, name: 'ManageUsers'), value: 'true')
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment