Skip to content
Snippets Groups Projects
Commit 7dbfe330 authored by Remco Tukker's avatar Remco Tukker
Browse files

Merge branch 'feature/COMP-278_preview_for_admins_only' into 'develop' 

make sure only admin users can use the preview mode

See merge request !85
parents e166c541 521bff66
No related branches found
No related tags found
1 merge request!85make sure only admin users can use the preview mode
Expand all Hide whitespace changes
Inline Side-by-side
compendium-frontend/src/helpers/usePreview.tsx
+ 4
2
View file @ 7dbfe330
import { useContext, useEffect } from "react"; import { useContext, useEffect } from "react";
import { PreviewContext } from "./PreviewProvider"; import { PreviewContext } from "./PreviewProvider";
import { useSearchParams } from "react-router-dom"; import { useSearchParams } from "react-router-dom";
import { userContext } from "../shared/UserProvider";
export function usePreview() { export function usePreview() {
const { preview, setPreview } = useContext(PreviewContext); const { preview, setPreview } = useContext(PreviewContext);
const { user } = useContext(userContext);
const [searchParams] = useSearchParams(); const [searchParams] = useSearchParams();
const previewParameter = searchParams.get('preview'); const previewParameter = searchParams.get('preview');
useEffect(() => { useEffect(() => {
if (previewParameter !== null) { if (previewParameter !== null && user.permissions.admin) {
setPreview(true); setPreview(true);
} }
}, [previewParameter, setPreview]); }, [previewParameter, setPreview, user]);
return preview; return preview;
} }
\ No newline at end of file
compendium_v2/routes/common.py
+ 3
1
View file @ 7dbfe330
...@@ -7,6 +7,7 @@ from compendium_v2 import db ...@@ -7,6 +7,7 @@ from compendium_v2 import db
from compendium_v2.db.presentation_models import NREN, PreviewYear from compendium_v2.db.presentation_models import NREN, PreviewYear
from flask import Response, request from flask import Response, request
from flask_login import current_user # type: ignore
from sqlalchemy import select from sqlalchemy import select
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
...@@ -63,7 +64,8 @@ def after_request(response): ...@@ -63,7 +64,8 @@ def after_request(response):
def get_data(table_class): def get_data(table_class):
select_statement = select(table_class).join(NREN).order_by(NREN.name.asc(), table_class.year.desc()) select_statement = select(table_class).join(NREN).order_by(NREN.name.asc(), table_class.year.desc())
preview = request.args.get('preview') is not None is_admin = (not current_user.is_anonymous) and current_user.is_admin
preview = is_admin and request.args.get('preview') is not None
if not preview: if not preview:
select_statement = select_statement.where(table_class.year.not_in(select(PreviewYear.year))) select_statement = select_statement.where(table_class.year.not_in(select(PreviewYear.year)))
return db.session.scalars(select_statement) return db.session.scalars(select_statement)
compendium_v2/static/bundle.js
+ 2
2
View file @ 7dbfe330
This diff is collapsed.
test/test_budget.py
+ 1
1
View file @ 7dbfe330
...@@ -15,7 +15,7 @@ def test_budget_response(client, test_budget_data): ...@@ -15,7 +15,7 @@ def test_budget_response(client, test_budget_data):
assert result assert result
def test_budget_response_preview(app, client, test_budget_data): def test_budget_response_preview(app, client, test_budget_data, mocked_admin_user):
rv = client.get( rv = client.get(
'/api/budget/', '/api/budget/',
headers={'Accept': ['application/json']}) headers={'Accept': ['application/json']})
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment