Improved: permission management and app access restrictions (#263)

.env.example

@@ -9,7 +9,7 @@ VUE_APP_POLL_TIME=10000
 VUE_APP_ORDER_FILTERS=["orderTypeId: SALES_ORDER", "facilityId:PRE_ORDER_PARKING OR facilityId:BACKORDER_PARKING", "orderStatusId: ORDER_APPROVED", "!orderItemStatusId: ITEM_CANCELLED" ]
 VUE_APP_BASE_URL=
 VUE_APP_ORDER_IN_BRKRNG_FILTERS=["orderTypeId: SALES_ORDER", "facilityId: _NA_", "orderStatusId: ORDER_APPROVED", "!orderItemStatusId: ITEM_CANCELLED" ]
-VUE_APP_PERMISSION_ID=
+VUE_APP_PERMISSION_ID="PREORDER_APP_VIEW"
 VUE_APP_ALIAS=
 VUE_APP_CTGRY_AND_BRKRNG_JOB=["JOB_REL_PREODR_CAT", "JOB_BKR_ORD", "JOB_RLS_ORD_DTE"]
 VUE_APP_DEFAULT_ALIAS=

src/authorization/Rules.ts

@@ -4,5 +4,7 @@ export default {
     "APP_CATALOG_VIEW": "",
     "APP_PRDT_DTLS_VIEW": "",
     "APP_CTLG_PRDT_DTLS_VIEW": "",
-    "APP_INV_CNFG_UPDT": "COMMON_ADMIN"
+    "APP_INV_CNFG_UPDT": "COMMON_ADMIN",
+    "MERCHANDISING_ADMIN": "MERCHANDISING_ADMIN",
+    "PREORDER_APP_VIEW": "PREORDER_APP_VIEW"
 } as any

src/services/UserService.ts

@@ -35,17 +35,21 @@ const setUserPreference = async (payload: any): Promise<any> => {
   });
 }
 
-const getEComStores = async (token: any, partyId: any): Promise<any> => {
+const getEComStores = async (token: any, partyId: any, isAdminUser = false): Promise<any> => {
   try {
     const params = {
       "inputFields": {
-        "storeName_op": "not-empty",
-        "partyId": partyId
+        "storeName_op": "not-empty"
       },
       "fieldList": ["productStoreId", "storeName"],
       "entityName": "ProductStoreAndRole",
       "distinct": "Y",
-      "noConditionFind": "Y"
+      "noConditionFind": "Y",
+      "filterByDate": 'Y'
+    } as any;
+
+    if(!isAdminUser) {
+      params.inputFields['partyId'] = partyId
     }
 
     const baseURL = store.getters['user/getBaseUrl'];

src/store/modules/user/actions.ts

@@ -39,19 +39,21 @@ const actions: ActionTree<UserState, RootState> = {
           if (permissionId) {
             // As the token is not yet set in the state passing token headers explicitly
             // TODO Abstract this out, how token is handled should be part of the method not the callee
-            const hasPermission = appPermissions.some((appPermissionId: any) => appPermissionId === permissionId );
+            const hasPermission = appPermissions.some((appPermission: any) => appPermission.action === permissionId );
             // If there are any errors or permission check fails do not allow user to login
-            if (hasPermission) {
+            if (!hasPermission) {
               const permissionError = 'You do not have permission to access the app.';
               showToast(translate(permissionError));
               console.error("error", permissionError);
               return Promise.reject(new Error(permissionError));
             }
           }
 
+          const isAdminUser = appPermissions.some((appPermission: any) => appPermission?.action === "MERCHANDISING_ADMIN");
+
           // Getting user profile
           const userProfile = await UserService.getUserProfile(token);
-          userProfile.stores = await UserService.getEComStores(token, userProfile.partyId);
+          userProfile.stores = await UserService.getEComStores(token, userProfile.partyId, isAdminUser);
 
           // Getting user preferred store
           let preferredStore = userProfile.stores[0];