Merge pull request #1775 from BLSQ/HOTFIX_prevent_overwrite_by_empty_…

…projects IA-3609: prevent edition of project field by non admin
BLSQ · Nov 5, 2024 · 680cd6c · 680cd6c
2 parents fe0344d + 047a5f3
commit 680cd6c
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 0 deletions.
diff --git a/hat/assets/js/apps/Iaso/domains/app/translations/en.json b/hat/assets/js/apps/Iaso/domains/app/translations/en.json
@@ -1455,6 +1455,7 @@
     "iaso.users.selectAllHelperText": "Leave empty to select all",
     "iaso.users.selectedOrgUnits": "Org units selected",
     "iaso.users.update": "Update user",
+    "iaso.users.userAdminOnly": "Can only be edited by user admin",
     "iaso.users.userPermissions": "User permissions",
     "iaso.users.usersHistory": "Users history",
     "iaso.users.warningModalMessage": "You are about to save a user with no permissions. This user will have access to the mobile application but not to the features of the web interface.",

diff --git a/hat/assets/js/apps/Iaso/domains/app/translations/fr.json b/hat/assets/js/apps/Iaso/domains/app/translations/fr.json
@@ -1454,6 +1454,7 @@
     "iaso.users.selectAllHelperText": "Laisser vide pour tout sélectionner",
     "iaso.users.selectedOrgUnits": "Unité d'organisation sélectionnées",
     "iaso.users.update": "Mettre l'utilisateur à jour",
+    "iaso.users.userAdminOnly": "Edition pour les administrateurs uniquement",
     "iaso.users.userPermissions": "Permissions d'utilisateur",
     "iaso.users.usersHistory": "Historique des utilisateurs",
     "iaso.users.warningModalMessage": "Vous êtes sur le point de sauvegarder un utilisateur sans permissions. Cet utilisateur aura accès à l'application mobile mais pas aux fonctionnalités de l'interface web.",

diff --git a/hat/assets/js/apps/Iaso/domains/users/components/UsersInfos.js b/hat/assets/js/apps/Iaso/domains/users/components/UsersInfos.js
@@ -12,6 +12,8 @@ import { useGetProjectsDropdownOptions } from '../../projects/hooks/requests.ts'
 import { InputWithInfos } from '../../../components/InputWithInfos.tsx';
 import { useCurrentUser } from '../../../utils/usersUtils.ts';
 import MESSAGES from '../messages.ts';
+import { userHasPermission } from '../utils.js';
+import { USERS_ADMIN } from '../../../utils/permissions';
 
 const UsersInfos = ({
     setFieldValue,
@@ -20,6 +22,7 @@ const UsersInfos = ({
     allowSendEmailInvitation,
 }) => {
     const loggedUser = useCurrentUser();
+    const isLoggedUserAdmin = userHasPermission(USERS_ADMIN, loggedUser);
     const { formatMessage } = useSafeIntl();
     const isEmailAdressExist = isEmpty(currentUser.email.value);
     const sendUserEmailInvitation = !!isEmailAdressExist;
@@ -170,6 +173,12 @@ const UsersInfos = ({
                         label={MESSAGES.projects}
                         options={availableProjects}
                         loading={isFetchingProjects}
+                        disabled={!isLoggedUserAdmin}
+                        helperText={
+                            !isLoggedUserAdmin
+                                ? formatMessage(MESSAGES.userAdminOnly)
+                                : undefined
+                        }
                     />
                     <InputComponent
                         keyValue="language"

diff --git a/hat/assets/js/apps/Iaso/domains/users/messages.ts b/hat/assets/js/apps/Iaso/domains/users/messages.ts
@@ -510,6 +510,10 @@ const MESSAGES = defineMessages({
         id: 'iaso.users.selectAllHelperText',
         defaultMessage: 'Leave empty to select all',
     },
+    userAdminOnly: {
+        id: 'iaso.users.userAdminOnly',
+        defaultMessage: 'Can only be edited by user admin',
+    },
 });
 
 export default MESSAGES;