Skip to content
Snippets Groups Projects
Commit 521bff66 authored by Remco Tukker's avatar Remco Tukker
Browse files

make sure only admin users can use the preview mode

parent e166c541
Branches
Tags
1 merge request!85make sure only admin users can use the preview mode
Hide whitespace changes
Inline Side-by-side
compendium-frontend/src/helpers/usePreview.tsx
+ 4
2
View file @ 521bff66
import { useContext, useEffect } from "react"; import { useContext, useEffect } from "react";
import { PreviewContext } from "./PreviewProvider"; import { PreviewContext } from "./PreviewProvider";
import { useSearchParams } from "react-router-dom"; import { useSearchParams } from "react-router-dom";
import { userContext } from "../shared/UserProvider";
export function usePreview() { export function usePreview() {
const { preview, setPreview } = useContext(PreviewContext); const { preview, setPreview } = useContext(PreviewContext);
const { user } = useContext(userContext);
const [searchParams] = useSearchParams(); const [searchParams] = useSearchParams();
const previewParameter = searchParams.get('preview'); const previewParameter = searchParams.get('preview');
useEffect(() => { useEffect(() => {
if (previewParameter !== null) { if (previewParameter !== null && user.permissions.admin) {
setPreview(true); setPreview(true);
} }
}, [previewParameter, setPreview]); }, [previewParameter, setPreview, user]);
return preview; return preview;
} }
\ No newline at end of file
compendium_v2/routes/common.py
+ 3
1
View file @ 521bff66
...@@ -7,6 +7,7 @@ from compendium_v2 import db ...@@ -7,6 +7,7 @@ from compendium_v2 import db
from compendium_v2.db.presentation_models import NREN, PreviewYear from compendium_v2.db.presentation_models import NREN, PreviewYear
from flask import Response, request from flask import Response, request
from flask_login import current_user # type: ignore
from sqlalchemy import select from sqlalchemy import select
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
...@@ -63,7 +64,8 @@ def after_request(response): ...@@ -63,7 +64,8 @@ def after_request(response):
def get_data(table_class): def get_data(table_class):
select_statement = select(table_class).join(NREN).order_by(NREN.name.asc(), table_class.year.desc()) select_statement = select(table_class).join(NREN).order_by(NREN.name.asc(), table_class.year.desc())
preview = request.args.get('preview') is not None is_admin = (not current_user.is_anonymous) and current_user.is_admin
preview = is_admin and request.args.get('preview') is not None
if not preview: if not preview:
select_statement = select_statement.where(table_class.year.not_in(select(PreviewYear.year))) select_statement = select_statement.where(table_class.year.not_in(select(PreviewYear.year)))
return db.session.scalars(select_statement) return db.session.scalars(select_statement)
compendium_v2/static/bundle.js
+ 2
2
View file @ 521bff66
Source diff could not be displayed: it is too large. Options to address this: view the blob.
test/test_budget.py
+ 1
1
View file @ 521bff66
...@@ -15,7 +15,7 @@ def test_budget_response(client, test_budget_data): ...@@ -15,7 +15,7 @@ def test_budget_response(client, test_budget_data):
assert result assert result
def test_budget_response_preview(app, client, test_budget_data): def test_budget_response_preview(app, client, test_budget_data, mocked_admin_user):
rv = client.get( rv = client.get(
'/api/budget/', '/api/budget/',
headers={'Accept': ['application/json']}) headers={'Accept': ['application/json']})
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment