From f992a67999c70a0258ec336e9a71a5bc6e0ac6ef Mon Sep 17 00:00:00 2001
From: Tom Winter <tom@aam-digital.com>
Date: Mon, 29 Jan 2024 13:37:41 +0100
Subject: [PATCH] fix: use create permissions when read public form fields

---
 .../entity-form/entity-form.component.spec.ts | 23 ++++++++++++++++++-
 .../entity-form/entity-form.component.ts      |  4 +++-
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/app/core/common-components/entity-form/entity-form/entity-form.component.spec.ts b/src/app/core/common-components/entity-form/entity-form/entity-form.component.spec.ts
index b340b42772..4a31a33462 100644
--- a/src/app/core/common-components/entity-form/entity-form/entity-form.component.spec.ts
+++ b/src/app/core/common-components/entity-form/entity-form/entity-form.component.spec.ts
@@ -56,7 +56,7 @@ describe("EntityFormComponent", () => {
     expect(component).toBeTruthy();
   });
 
-  it("should remove fields without read permissions", async () => {
+  it("should remove fields without read permissions when entity is not new", async () => {
     component.fieldGroups = [
       { fields: ["foo", "bar"] },
       { fields: ["name"] },
@@ -67,6 +67,27 @@ describe("EntityFormComponent", () => {
       { subject: "Child", action: "read", fields: ["foo", "name"] },
     ]);
 
+    component.entity._rev = "foo";
+
+    component.ngOnChanges({ entity: true, form: true } as any);
+
+    expect(component.fieldGroups).toEqual([
+      { fields: ["foo"] },
+      { fields: ["name"] },
+    ]);
+  });
+
+  it("should remove fields without create permissions when entity is new", async () => {
+    component.fieldGroups = [
+      { fields: ["foo", "bar"] },
+      { fields: ["name"] },
+      { fields: ["birthday"] },
+    ];
+
+    TestBed.inject(EntityAbility).update([
+      { subject: "Child", action: "create", fields: ["foo", "name"] },
+    ]);
+
     component.ngOnChanges({ entity: true, form: true } as any);
 
     expect(component.fieldGroups).toEqual([
diff --git a/src/app/core/common-components/entity-form/entity-form/entity-form.component.ts b/src/app/core/common-components/entity-form/entity-form/entity-form.component.ts
index 81ab7eb210..67776168ad 100644
--- a/src/app/core/common-components/entity-form/entity-form/entity-form.component.ts
+++ b/src/app/core/common-components/entity-form/entity-form/entity-form.component.ts
@@ -139,11 +139,13 @@ export class EntityFormComponent<T extends Entity = Entity>
     fieldGroups: FieldGroup[],
     entity: Entity,
   ): FieldGroup[] {
+    const action = entity.isNew ? "create" : "read";
+
     return fieldGroups
       .map((group) => {
         group.fields = group.fields.filter((field) =>
           this.ability.can(
-            "read",
+            action,
             entity,
             typeof field === "string" ? field : field.id,
           ),