fix annotation authorization

celluloid-camp · Oct 31, 2023 · 67b90b4 · 67b90b4
1 parent 6f73a4e
commit 67b90b4
Show file tree

Hide file tree

Showing 10 changed files with 53 additions and 30 deletions.
diff --git a/apps/frontend/src/components/AppBarMenu.tsx b/apps/frontend/src/components/AppBarMenu.tsx
@@ -16,7 +16,10 @@ const Offset = styled("div")(({ theme }) => theme.mixins.toolbar);
 export const AppBarMenu: React.FC<BoxProps> = ({ children }) => {
   const { t } = useTranslation();
   const navigate = useNavigate();
-  const { data } = trpc.user.me.useQuery({}, { retry: false });
+  const { data, isError } = trpc.user.me.useQuery(
+    {},
+    { retry: false, keepPreviousData: false, cacheTime: 0 }
+  );
 
   const location = useLocation();
 
@@ -96,7 +99,7 @@ export const AppBarMenu: React.FC<BoxProps> = ({ children }) => {
             {t("menu.about")}
           </Button>
 
-          <SigninMenu user={data} />
+          <SigninMenu user={!isError ? data : null} />
           <LanguageMenu />
         </Toolbar>
       </AppBar>

diff --git a/apps/frontend/src/components/annotation/ContextualEditor.tsx b/apps/frontend/src/components/annotation/ContextualEditor.tsx
@@ -1,12 +1,8 @@
 import { useParentSize } from "@cutting/use-get-parent-size";
-import { Box, Paper, Typography } from "@mui/material";
+import { Box, Paper } from "@mui/material";
 import { alpha } from "@mui/system";
-import React, { useMemo, useRef } from "react";
-import Draggable, {
-  DraggableData,
-  DraggableEvent,
-  DraggableEventHandler,
-} from "react-draggable";
+import React, { useEffect, useMemo, useRef } from "react";
+import Draggable, { DraggableData, DraggableEvent } from "react-draggable";
 import { useTranslation } from "react-i18next";
 
 import {
@@ -43,7 +39,6 @@ export const ContextualEditor: React.FC<ContextualEditorProps> = () => {
   const handleDrag = (_: DraggableEvent, data: DraggableData) => {
     if (width && height) {
       const position = toRelativePosition(data.x, data.y, width, height);
-
       setContextualEditorState(position);
     }
   };
@@ -59,6 +54,13 @@ export const ContextualEditor: React.FC<ContextualEditorProps> = () => {
     }
   }, [editedAnnotation, width, height]);
 
+  useEffect(() => {
+    if (!contextualEditorState && width && height) {
+      const position = toRelativePosition(0, 0, width, height);
+      setContextualEditorState(position);
+    }
+  }, [contextualEditorState, width, height]);
+
   return (
     <Box
       ref={ref}

diff --git a/apps/frontend/src/components/annotation/useAnnotationEditor.ts b/apps/frontend/src/components/annotation/useAnnotationEditor.ts
@@ -62,7 +62,7 @@ const contextualEditorVisible = selector({
     return state.contextualEditorVisible;
   },
   set: ({ set }, newValue) => set(annotationEditorState, (previousState) => {
-    return { ...previousState, showHints: false, contextualEditorVisible: newValue as boolean }
+    return { ...previousState, showHints: false, contextualEditorVisible: newValue as boolean, contextualPosition: null }
   })
 });
 

diff --git a/apps/frontend/src/components/auth/JoinDialog.tsx b/apps/frontend/src/components/auth/JoinDialog.tsx
@@ -53,12 +53,18 @@ export const JoinDialog: React.FC = () => {
         }
       } catch (e) {
         if (isTRPCClientError(e)) {
-          if (e.message == "PROJECT_OWNER_CANNOT_JOIN")
+          if (e.message == "PROJECT_OWNER_CANNOT_JOIN") {
             // `cause` is now typed as your router's `TRPCClientError`
             formik.setFieldError(
               "error",
               t("join.error.project-owner-cannot-join")
             );
+          } else if (e.message == "CODE_NOT_FOUND") {
+            formik.setFieldError(
+              "shareCode",
+              t("join.error.project-not-found", "Code de partage est invalide")
+            );
+          }
         } else {
           formik.setFieldError(
             "error",

diff --git a/apps/frontend/src/components/auth/LoginDialog.tsx b/apps/frontend/src/components/auth/LoginDialog.tsx
@@ -74,10 +74,11 @@ export const LoginDialog: React.FC = () => {
         formik.setStatus("submited");
       } catch (e) {
         if (isTRPCClientError(e)) {
+          console.log(e.message);
           // `cause` is now typed as your router's `TRPCClientError`
-          if (e.message === "UserNotConfirmed") {
+          if (e.message === "USER_NOT_CONFIRMED") {
             handleConfirm();
-          } else if (e.code === "UNAUTHORIZED") {
+          } else if (e.message === "USER_NOT_FOUND") {
             formik.setFieldError(
               "error",
               t(

diff --git a/apps/frontend/src/components/auth/StudentSignupDialog.tsx b/apps/frontend/src/components/auth/StudentSignupDialog.tsx
@@ -66,19 +66,29 @@ export const StudentSignupDialog: React.FC = () => {
       } catch (e) {
         if (isTRPCClientError(e)) {
           // `cause` is now typed as your router's `TRPCClientError`
-          if (e.message === "ACCOUNT_EXISTS") {
+          if (e.message == "PROJECT_OWNER_CANNOT_JOIN") {
+            // `cause` is now typed as your router's `TRPCClientError`
             formik.setFieldError(
               "error",
-              t(
-                "student-student-signup.error.username-exists",
-                "Email exists dejà"
-              )
+              t("join.error.project-owner-cannot-join")
+            );
+          } else if (e.message == "ACCOUNT_EXISTS") {
+            formik.setFieldError(
+              "username",
+              t("join.error.account", "Nom d'utilisateur existe déjà")
+            );
+          } else if (e.message == "CODE_NOT_FOUND") {
+            formik.setFieldError(
+              "shareCode",
+              t("join.error.project-not-found", "Code de partage est invalide")
             );
           }
+        } else {
+          formik.setFieldError(
+            "error",
+            t("join.error.project-not-found", "Code de partage est invalide")
+          );
         }
-
-        formik.setFieldError("error", e.message);
-        console.log(e);
       }
     },
   });

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -18,6 +18,7 @@ services:
     volumes:
       - ./.data:/var/lib/postgresql/data
       - ./scripts/pg-init-scripts.sh:/docker-entrypoint-initdb.d/init.sh
+      - /etc/localtime:/etc/localtime:ro
     ports:
       - "5432:5432"
     restart: unless-stopped

diff --git a/packages/trpc/src/routers/annotation.ts b/packages/trpc/src/routers/annotation.ts
@@ -79,7 +79,7 @@ export const annotationRouter = router({
       }),
     )
     .mutation(async ({ input, ctx }) => {
-      if (ctx.user && ctx.user.id && ctx.requirePermissions([UserRole.Teacher, UserRole.Admin])) {
+      if (ctx.user && ctx.user.id) {
         const annotation = await prisma.annotation.create({
           data: {
             userId: ctx.user?.id,
@@ -123,7 +123,7 @@ export const annotationRouter = router({
         );
       }
 
-      if (existingAnnotation.userId == ctx.user?.id) {
+      if (existingAnnotation.userId == ctx.user?.id || ctx.user.role == UserRole.Admin) {
         // Perform the update
         const updatedAnnotation = await prisma.annotation.update({
           where: { id: input.annotationId },
@@ -170,7 +170,7 @@ export const annotationRouter = router({
         );
       }
 
-      if (existingAnnotation.userId == ctx.user?.id) {
+      if (existingAnnotation.userId == ctx.user?.id || ctx.user.role == UserRole.Admin) {
         const annotation = await prisma.annotation.delete({
           where: { id: input.annotationId },
         });

diff --git a/packages/trpc/src/routers/project.ts b/packages/trpc/src/routers/project.ts
@@ -205,8 +205,8 @@ export const projectRouter = router({
         ...project,
         editable: ctx.user && (ctx.user.id == project.userId || ctx.user.role == UserRole.Admin),
         deletable: ctx.user && (ctx.user.id == project.userId || ctx.user.role == UserRole.Admin),
-        annotable: ctx.user && (ctx.user.id == project.userId || ctx.user.role == UserRole.Admin || project.members.some(m => ctx.user && m.userId == ctx.user.id)),
-        commentable: ctx.user && (ctx.user.id == project.userId || ctx.user.role == UserRole.Admin || project.members.some(m => ctx.user && m.userId == ctx.user.id))
+        annotable: ctx.user && (ctx.user.id == project.userId || ctx.user.role == UserRole.Admin || (project.members.some(m => ctx.user && m.userId == ctx.user.id) && project.collaborative)),
+        commentable: ctx.user && (ctx.user.id == project.userId || ctx.user.role == UserRole.Admin || (project.members.some(m => ctx.user && m.userId == ctx.user.id) && project.collaborative)),
       };
     }),
   add: protectedProcedure

diff --git a/packages/trpc/src/routers/user.ts b/packages/trpc/src/routers/user.ts
@@ -54,15 +54,15 @@ export const userRouter = router({
       }).catch(err => {
         console.log(err.name);
 
-        if (err?.name === 'AuthenticationError') {
+        if (err?.name === 'InvalidUserError') {
           throw new TRPCError({
             code: 'UNAUTHORIZED',
-            message: 'Incorrect username or password.'
+            message: 'USER_NOT_FOUND'
           })
         } else if (err?.name === "UserNotConfirmed") {
           throw new TRPCError({
             code: 'UNAUTHORIZED',
-            message: 'UserNotConfirmed'
+            message: 'USER_NOT_CONFIRMED'
           })
         }