[$30] Better wordings for showing Permission restrictions

topcoder-platform / micro-frontends-taas-admin-app

taas-admin-app for managing taas administrative activities

MIT License

0 stars 5 forks source link

[$30] Better wordings for showing Permission restrictions #6

Closed sandhiyakavi closed 3 years ago

sandhiyakavi commented 3 years ago

Description:

Users other than BookingManager/Admin if they try to access the Taas Admin app. Now the text "Error: You don't have access to view memberRate" is displayed.

Instead of that can we have other text like "You don't have permission to access this page" or hide the "TAAS admin" option itself in the top nav bar ?

nkumar-topcoder commented 3 years ago

@sandhiyakavi for user other than BM/admin role - plan is - not show taas-admin icon. This will be implemented. cc @maxceem

maxceem commented 3 years ago

Summary:

To avoid such issues, we should check user permissions to see the page before making any API request.
To support such a feature in a general way we can update withAuthentication HOC, so it support the second argument roles where we should pass user roles who can access this page. If auth user don't have such roles, we should show error.

Example:

For a page with Work Periods here we can update to export default withAuthentication(WorkPeriods, ADMIN_ROLES);
Where ADMIN_ROLES is a constant with value ['bookingmanager', 'administrator']
And update the code of withAuthentication to be:
```
 export default function withAuthentication(Component, roles) {
```
and inside, as soon as we get the user details, we should check if user has at least one role, and if no, then show error: You don't have permissions to access this page.

Leave Freelancers page without roles mentioned which means any user can access it.

maxceem commented 3 years ago

@MadOPcode would you like to handle it as a private task? The prize is mentioned in the issue description - $30.

Working branch: dev Submission: PR

MadOPcode commented 3 years ago

@maxceem yes I'm ready to make a PR.

maxceem commented 3 years ago

ok, please, make PR when it's ready

MadOPcode commented 3 years ago

@maxceem although I have a question first. The HOC component withAuthentication either displays or hides the whole page including the sidebar with navigation menu. So if the user doesn't have required role(s) the navigation menu will not be on the page. Should the sidebar with navigation menu still be visible if the user does not have required role(s)?

maxceem commented 3 years ago

That's a good question. Let's keep it simple for now - the whole page would be hidden with sidebar, if wee need to keep sidebar visible in the future we would think for another solution.

sandhiyakavi commented 3 years ago

Verified on Dev Env.

sandhiyakavi commented 3 years ago

Verified on Prod Env with @nkumar-topcoder