From fcd6c44dc33e350432805ec9127d4e6188754fe4 Mon Sep 17 00:00:00 2001 From: Antoine Clausse Date: Thu, 14 Aug 2025 13:32:02 +0200 Subject: [PATCH] [web] Add admin permission `modify-group-setting` (#27657) * Add capacity `modify-group-setting` * Check `modify-group-setting` (backend) * Check `modify-group-setting` (frontend) * Update tests * Fix: Add entityAccess check * Update unit test GitOrigin-RevId: 7702fe34762ecb8bd050c2fa2b6e95a9baf90be3 --- .../UserMembershipMiddleware.js | 23 +++++++++++++++++++ services/web/frontend/js/utils/meta.ts | 1 + services/web/types/admin-capabilities.ts | 1 + 3 files changed, 25 insertions(+) diff --git a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js index 46651ffbb3..165edc3309 100644 --- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js +++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js @@ -84,6 +84,29 @@ const UserMembershipMiddleware = { ]), ], + requireGroupSettingsReadAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('groupAdmin'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([ + UserMembershipAuthorization.hasEntityAccess(), + UserMembershipAuthorization.hasStaffAccess('groupManagement'), + ]), + ], + + requireGroupSettingsWriteAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('groupAdmin'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([ + UserMembershipAuthorization.hasEntityAccess(), + UserMembershipAuthorization.hasStaffAccess('groupManagement'), + UserMembershipAuthorization.hasAdminCapability('modify-group-setting'), + ]), + ], + requireInstitutionMetricsAccess: [ AuthenticationController.requireLogin(), fetchEntityConfig('institution'), diff --git a/services/web/frontend/js/utils/meta.ts b/services/web/frontend/js/utils/meta.ts index f94cdf2710..077c91db9a 100644 --- a/services/web/frontend/js/utils/meta.ts +++ b/services/web/frontend/js/utils/meta.ts @@ -143,6 +143,7 @@ export interface Meta { 'ol-hasSplitTestWriteAccess': boolean 'ol-hasSubscription': boolean 'ol-hasTrackChangesFeature': boolean + 'ol-hasWriteAccess': boolean 'ol-hideLinkingWidgets': boolean // CI only 'ol-i18n': { currentLangCode: string } 'ol-inactiveTutorials': string[] diff --git a/services/web/types/admin-capabilities.ts b/services/web/types/admin-capabilities.ts index 99d47b9c60..7de5755c98 100644 --- a/services/web/types/admin-capabilities.ts +++ b/services/web/types/admin-capabilities.ts @@ -5,6 +5,7 @@ export type AdminCapability = | 'create-subscription' | 'modify-feature-override' | 'modify-group' + | 'modify-group-setting' | 'modify-login-status' | 'modify-managed-group' | 'modify-project'