Closed tschaffter closed 4 years ago
Update: UserNotificationDataService
is now behaving properly relative to user login/logout. The backend shows that the notification of the Admin are fetched when he logs in, and after logout and User logs in, then the notifications of the User are being fetched. However, the notification sidenav is not in sync with this and constantly show the notifications of the first user who logs in (Admin or User) after a server restart. This is because the sidenav does not use the UserNotificationDataService
...
In the illustration below, the Test user receives a notification that he has been invited to join a project. The Admin doesn't receive this notification, which was the issue reported in #426.
Starting to work on #356
Authorization has been added to define who can edit and delete a Resource.
A few notes:
Notification testing: only the invitee gets an orange notification bubble. The sender no longer gets a duplicate notification.
Not implemented
)The issue was at the level of the server-side authorization when checking if the requester is the author of the resource. Disable this and now any user of the portal can edit a resource (basically just authentication, no authorization).
The same issue was affecting Insights. Fixed the same way.
@ychae @jaeddy The latest update to this PR completes the addition of authorization to Resources and Insights of a project (client side only). The authorization decides when the user can see the button Edit Resource/Insight and Delete Resource/Insight.
REMINDER: In Milestone 2, we are not addressing authorization on the server side, only on the client side so that user can enjoy the expected experience. This is sufficient to receive feedback from users at this point.
@tschaffter this looks pretty good to merge! Thanks so much, I've added my notes below.
Create/Edit Resource
I tested the ability to create all 4 types of Resources
(dashboard, article, webapp, and state) as test
user and admin
and was able to do so successfully. I then edited description, title, and URL and was able to successfully for the resources that I created.
Restrict edit powers to dashboard creator/admin
I then checked to see if test
user could edit the description of the Flatiron dashboard and wasn't able to (whoo hoo! the option wasn't even presented). I also then tested if test
user to edit the descriptions of dashboards of a project
that admin
invited them to with only read
access and I couldn't edit (yay! the option wasn't even presented).
Delete Resources
I was also able to successfully delete the resources I created as test
user. The option wasn't even presented to me on the private project where I only had read access.
There are currently issues with user notifications that I need to address: #580
Right now, both admin and test user get the same initial notification in their sidenav. Each of them should have different initial seed notification.
Update: The issue is that the
UserNotificationDataService
is initialized once a user logs in, but doesn't "reset" when the user logs out and when another user logs in (on the same computer).