fix: Check perms on Kanban Column actions
- Check Column options access (archive, indicators) - Check column dragability access (allow if write access to board) - Check card dragability access (allow if write access to board) - Hide "Add Column" if no write access to board - Avoid board update on load without write access
This commit is contained in:
marination
parent
4bef9e3559
commit
dcbfcdf8b9
1 changed files with 29 additions and 5 deletions
|
|
@ -297,6 +297,7 @@ frappe.provide("frappe.views");
|
|||
self.wrapper = opts.wrapper;
|
||||
self.cur_list = opts.cur_list;
|
||||
self.board_name = opts.board_name;
|
||||
self.board_perms = self.cur_list.board_perms;
|
||||
|
||||
self.update = function (cards) {
|
||||
// update cards internally
|
||||
|
|
@ -325,7 +326,11 @@ frappe.provide("frappe.views");
|
|||
store.watch((state, getters) => {
|
||||
return state.empty_state;
|
||||
}, show_empty_state);
|
||||
store.dispatch("update_order");
|
||||
|
||||
if (self.board_perms.write) {
|
||||
// If write access to Board, update Kanban cards order on load
|
||||
store.dispatch("update_order");
|
||||
}
|
||||
}
|
||||
|
||||
function prepare() {
|
||||
|
|
@ -347,7 +352,7 @@ frappe.provide("frappe.views");
|
|||
var columns = store.state.columns;
|
||||
|
||||
columns.filter(is_active_column).map(function (col) {
|
||||
frappe.views.KanbanBoardColumn(col, self.$kanban_board);
|
||||
frappe.views.KanbanBoardColumn(col, self.$kanban_board, self.board_perms);
|
||||
});
|
||||
}
|
||||
|
||||
|
|
@ -356,7 +361,10 @@ frappe.provide("frappe.views");
|
|||
bind_clickdrag();
|
||||
}
|
||||
|
||||
function setup_sortable() { // drag column
|
||||
function setup_sortable() {
|
||||
// If no write access, editing board (by dragging column) should be blocked
|
||||
if (!self.board_perms.write) return;
|
||||
|
||||
var sortable = new Sortable(self.$kanban_board.get(0), {
|
||||
group: "columns",
|
||||
animation: 150,
|
||||
|
|
@ -372,6 +380,12 @@ frappe.provide("frappe.views");
|
|||
}
|
||||
|
||||
function bind_add_column() {
|
||||
if (!self.board_perms.write) {
|
||||
// If no write access, editing board (by adding column) should be blocked
|
||||
self.$kanban_board.find(".add-new-column").hide();
|
||||
return;
|
||||
}
|
||||
|
||||
var $add_new_column = self.$kanban_board.find(".add-new-column"),
|
||||
$compose_column = $add_new_column.find(".compose-column"),
|
||||
$compose_column_form = $add_new_column.find(".compose-column-form").hide();
|
||||
|
|
@ -513,7 +527,7 @@ frappe.provide("frappe.views");
|
|||
return self;
|
||||
};
|
||||
|
||||
frappe.views.KanbanBoardColumn = function (column, wrapper) {
|
||||
frappe.views.KanbanBoardColumn = function (column, wrapper, board_perms) {
|
||||
var self = {};
|
||||
var filtered_cards = [];
|
||||
|
||||
|
|
@ -566,7 +580,10 @@ frappe.provide("frappe.views");
|
|||
}
|
||||
}
|
||||
|
||||
function setup_sortable() { // drag card
|
||||
function setup_sortable() {
|
||||
// If no write access, editing board (by dragging card) should be blocked
|
||||
if (!board_perms.write) return;
|
||||
|
||||
Sortable.create(self.$kanban_cards.get(0), {
|
||||
group: "cards",
|
||||
animation: 150,
|
||||
|
|
@ -641,6 +658,12 @@ frappe.provide("frappe.views");
|
|||
}
|
||||
|
||||
function bind_options() {
|
||||
if (!board_perms.write) {
|
||||
// If no write access, column options should be hidden
|
||||
self.$kanban_column.find(".column-options").hide();
|
||||
return;
|
||||
}
|
||||
|
||||
self.$kanban_column
|
||||
.find(".column-options .dropdown-menu")
|
||||
.on("click", "[data-action]", function () {
|
||||
|
|
@ -654,6 +677,7 @@ frappe.provide("frappe.views");
|
|||
store.dispatch("set_indicator", { column, color });
|
||||
}
|
||||
});
|
||||
|
||||
get_column_indicators(function (indicators) {
|
||||
let html = `<li class="button-group">${indicators
|
||||
.map((indicator) => {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue