From dcbfcdf8b9098ef723dec4ca9566cd4bc18bac63 Mon Sep 17 00:00:00 2001 From: marination Date: Wed, 23 Nov 2022 20:41:04 +0530 Subject: [PATCH] fix: Check perms on Kanban Column actions - Check Column options access (archive, indicators) - Check column dragability access (allow if write access to board) - Check card dragability access (allow if write access to board) - Hide "Add Column" if no write access to board - Avoid board update on load without write access --- .../views/kanban/kanban_board.bundle.js | 34 ++++++++++++++++--- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js b/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js index ae11c0fdc0..52eb912c78 100644 --- a/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js +++ b/frappe/public/js/frappe/views/kanban/kanban_board.bundle.js @@ -297,6 +297,7 @@ frappe.provide("frappe.views"); self.wrapper = opts.wrapper; self.cur_list = opts.cur_list; self.board_name = opts.board_name; + self.board_perms = self.cur_list.board_perms; self.update = function (cards) { // update cards internally @@ -325,7 +326,11 @@ frappe.provide("frappe.views"); store.watch((state, getters) => { return state.empty_state; }, show_empty_state); - store.dispatch("update_order"); + + if (self.board_perms.write) { + // If write access to Board, update Kanban cards order on load + store.dispatch("update_order"); + } } function prepare() { @@ -347,7 +352,7 @@ frappe.provide("frappe.views"); var columns = store.state.columns; columns.filter(is_active_column).map(function (col) { - frappe.views.KanbanBoardColumn(col, self.$kanban_board); + frappe.views.KanbanBoardColumn(col, self.$kanban_board, self.board_perms); }); } @@ -356,7 +361,10 @@ frappe.provide("frappe.views"); bind_clickdrag(); } - function setup_sortable() { // drag column + function setup_sortable() { + // If no write access, editing board (by dragging column) should be blocked + if (!self.board_perms.write) return; + var sortable = new Sortable(self.$kanban_board.get(0), { group: "columns", animation: 150, @@ -372,6 +380,12 @@ frappe.provide("frappe.views"); } function bind_add_column() { + if (!self.board_perms.write) { + // If no write access, editing board (by adding column) should be blocked + self.$kanban_board.find(".add-new-column").hide(); + return; + } + var $add_new_column = self.$kanban_board.find(".add-new-column"), $compose_column = $add_new_column.find(".compose-column"), $compose_column_form = $add_new_column.find(".compose-column-form").hide(); @@ -513,7 +527,7 @@ frappe.provide("frappe.views"); return self; }; - frappe.views.KanbanBoardColumn = function (column, wrapper) { + frappe.views.KanbanBoardColumn = function (column, wrapper, board_perms) { var self = {}; var filtered_cards = []; @@ -566,7 +580,10 @@ frappe.provide("frappe.views"); } } - function setup_sortable() { // drag card + function setup_sortable() { + // If no write access, editing board (by dragging card) should be blocked + if (!board_perms.write) return; + Sortable.create(self.$kanban_cards.get(0), { group: "cards", animation: 150, @@ -641,6 +658,12 @@ frappe.provide("frappe.views"); } function bind_options() { + if (!board_perms.write) { + // If no write access, column options should be hidden + self.$kanban_column.find(".column-options").hide(); + return; + } + self.$kanban_column .find(".column-options .dropdown-menu") .on("click", "[data-action]", function () { @@ -654,6 +677,7 @@ frappe.provide("frappe.views"); store.dispatch("set_indicator", { column, color }); } }); + get_column_indicators(function (indicators) { let html = `
  • ${indicators .map((indicator) => {