diff --git a/app/controllers/api/v1/admin/tenants_controller.rb b/app/controllers/api/v1/admin/tenants_controller.rb index b14634abe3..11569c535f 100644 --- a/app/controllers/api/v1/admin/tenants_controller.rb +++ b/app/controllers/api/v1/admin/tenants_controller.rb @@ -21,7 +21,7 @@ module V1 module Admin class TenantsController < ApiController before_action do - # TODO: - ahmad: Add role check + ensure_super_admin end # GET /api/v1/admin/tenants diff --git a/app/controllers/concerns/authorizable.rb b/app/controllers/concerns/authorizable.rb index 95364c83c4..5de6097dda 100644 --- a/app/controllers/concerns/authorizable.rb +++ b/app/controllers/concerns/authorizable.rb @@ -41,6 +41,10 @@ def ensure_authorized(permission_names, user_id: nil, friendly_id: nil, record_i ).call end + def ensure_super_admin + return render_error status: :forbidden unless current_user.super_admin? + end + private # Ensures that requests to the API are explicit enough. diff --git a/app/javascript/components/admin/tenants/Tenants.jsx b/app/javascript/components/admin/tenants/Tenants.jsx index 4be513f065..70a1630e0c 100644 --- a/app/javascript/components/admin/tenants/Tenants.jsx +++ b/app/javascript/components/admin/tenants/Tenants.jsx @@ -16,6 +16,7 @@ import React, { useState } from 'react'; import Card from 'react-bootstrap/Card'; +import { Navigate } from 'react-router-dom'; import { Button, Col, Container, Row, Stack, Tab, @@ -29,10 +30,16 @@ import NoSearchResults from '../../shared_components/search/NoSearchResults'; import TenantsTable from './TenantsTable'; import Modal from '../../shared_components/modals/Modal'; import CreateTenantForm from './forms/CreateTenantForm'; +import { useAuth } from '../../../contexts/auth/AuthProvider'; export default function Tenants() { const { t } = useTranslation(); const [page, setPage] = useState(); + const currentUser = useAuth(); + + if (!currentUser.isSuperAdmin) { + return ; + } const [searchInput, setSearchInput] = useState(); const { data: tenants, isLoading } = useTenants({ search: searchInput, page }); diff --git a/spec/controllers/admin/tenants_controller_spec.rb b/spec/controllers/admin/tenants_controller_spec.rb index 699e47b9ec..2563f83736 100644 --- a/spec/controllers/admin/tenants_controller_spec.rb +++ b/spec/controllers/admin/tenants_controller_spec.rb @@ -19,7 +19,7 @@ require 'rails_helper' RSpec.describe Api::V1::Admin::TenantsController, type: :controller do - let(:user) { create(:user) } + let(:user) { create(:user, :with_super_admin) } let(:valid_tenant_params) do { name: 'new_provider', diff --git a/spec/factories/user_factory.rb b/spec/factories/user_factory.rb index d07008f8d4..e59a4f63b8 100644 --- a/spec/factories/user_factory.rb +++ b/spec/factories/user_factory.rb @@ -29,6 +29,14 @@ language { %w[en fr es ar].sample } verified { true } + trait :with_super_admin do + after(:create) do |user| + user.provider = 'bn' + user.role = create(:role, :with_super_admin) + user.save + end + end + trait :with_manage_users_permission do after(:create) do |user| create(:role_permission, role: user.role, permission: create(:permission, name: 'ManageUsers'), value: 'true')