diff --git a/js/components/security/access/configure-access-modal.html b/js/components/security/access/configure-access-modal.html index fb966053a..b437d938f 100644 --- a/js/components/security/access/configure-access-modal.html +++ b/js/components/security/access/configure-access-modal.html @@ -14,13 +14,18 @@ readRoleOptions: readRoleOptions, readRoleSearch: readRoleSearch, writeRoleOptions: writeRoleOptions, - writeRoleSearch: writeRoleSearch + writeRoleSearch: writeRoleSearch, + shareFlag: shareFlag, + grantGlobalReadAccess: grantGlobalReadAccess, + revokeGlobalReadAccess: revokeGlobalReadAccess, }"> + +
- +
+ +
- +
+ + +

+ +
+ +
+
+
+
+ +

+
diff --git a/js/components/security/access/configure-access-modal.js b/js/components/security/access/configure-access-modal.js index 61efbe232..3f8a950f7 100644 --- a/js/components/security/access/configure-access-modal.js +++ b/js/components/security/access/configure-access-modal.js @@ -1,6 +1,6 @@ define([ 'knockout', - 'text!./configure-access-modal.html', + 'text!./configure-access-modal.html', 'components/Component', 'utils/CommonUtils', 'utils/AutoBind', @@ -8,7 +8,7 @@ define([ 'databindings', ], function ( ko, - view, + view, Component, commonUtils, AutoBind @@ -34,6 +34,8 @@ define([ this.readRoleSearch = ko.observable(); this.readRoleSearch.subscribe(str => this.loadReadRoleSuggestions(str)); + this.shareFlag = ko.observable(true); + this.isOwnerFn = params.isOwnerFn; this.grantAccessFn = params.grantAccessFn; this.loadAccessListFn = params.loadAccessListFn; @@ -109,7 +111,14 @@ define([ } catch (ex) { console.log(ex); } - this.isLoading(false); + this.isLoading(false); + + // update shareFlag depending on if the shared artifacts reader role is in readAccessList + function testForGlobalRead(value, index, array) { + return value.id === 1; // the 'public' role that every use should have + } + let tst = this.readAccessList().some(testForGlobalRead); + this.shareFlag(tst); } async grantAccess(perm_type) { @@ -124,7 +133,6 @@ define([ const role = this.readRoleSuggestions().find(r => r.name === this.readRoleName()); await this.grantAccessFn(role.id,'READ'); await this._loadReadAccessList(); - this.readRoleName(''); } } catch (ex) { console.log(ex); @@ -142,6 +150,31 @@ define([ } this.isLoading(false); } + + + async grantGlobalReadAccess() { + this.isLoading(true); + try { + console.log('grantGlobalReadAccess function called to grant read permissions!! shareflag: ' + this.shareFlag()); + await this.grantAccessFn('1','READ'); // 1 is the 'public' role, a SYSTEM role every user should have + await this.loadAccessList(); + } catch (ex) { + console.log(ex); + } + this.isLoading(false); + } + + async revokeGlobalReadAccess() { + this.isLoading(true); + try { + console.log('revokeGlobalReadAccess function called to REVOKE read permissions!! shareflag: ' + this.shareFlag()); + await this.revokeAccessFn('1','READ'); // 1 is the 'public' role, a SYSTEM role every user should have + await this.loadAccessList(); + } catch (ex) { + console.log(ex); + } + this.isLoading(false); + } } return commonUtils.build('configure-access-modal', ConfigureAccessModal, view); diff --git a/js/pages/cohort-definitions/cohort-definition-manager.html b/js/pages/cohort-definitions/cohort-definition-manager.html index 2665a0ca7..86ddfba6b 100644 --- a/js/pages/cohort-definitions/cohort-definition-manager.html +++ b/js/pages/cohort-definitions/cohort-definition-manager.html @@ -33,7 +33,7 @@ - + - + diff --git a/js/pages/concept-sets/conceptset-manager.js b/js/pages/concept-sets/conceptset-manager.js index 7402046ed..6fb3f5aab 100644 --- a/js/pages/concept-sets/conceptset-manager.js +++ b/js/pages/concept-sets/conceptset-manager.js @@ -174,7 +174,16 @@ define([ this.canCopy = ko.computed(() => { return this.currentConceptSet() && this.currentConceptSet().id > 0; }); - this.enablePermissionManagement = config.enablePermissionManagement; + + this.enablePermissionManagement = ko.observable(config.enablePermissionManagement); + if (config.enablePermissionManagement) { + this.userCanShare = ko.observable( + !config.limitedPermissionManagement || + authApi.isPermittedGlobalShareArtifact()); + } else { + this.userCanShare = ko.observable(false); + } + this.isSaving = ko.observable(false); this.isDeleting = ko.observable(false); this.isOptimizing = ko.observable(false); diff --git a/js/services/AuthAPI.js b/js/services/AuthAPI.js index cd88bbb32..312ac890f 100644 --- a/js/services/AuthAPI.js +++ b/js/services/AuthAPI.js @@ -395,6 +395,12 @@ define(function(require, exports) { return isPermitted('cohortdefinition:' + id + ':copy:get'); } + var isPermittedGlobalShareArtifact = function() { + // special * permission (intended for admins) that allows the + // user to share any artifact with a "global reader role": + return isPermitted('artifact:global:share:put'); + } + var isPermittedUpdateCohort = function(id) { var permission = 'cohortdefinition:' + id + ':put'; return isPermitted(permission); @@ -407,8 +413,18 @@ define(function(require, exports) { } var isPermittedGenerateCohort = function(cohortId, sourceKey) { - return isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') && + var v = isPermitted('cohortdefinition:' + cohortId + ':generate:' + sourceKey + ':get') && isPermitted('cohortdefinition:' + cohortId + ':info:get'); + + // By default, everyone can generate any artifact they have + // permission to read. If limitedPermissionManagement has + // been set to true, the default + // generate functionality is not desired. Rather, users will have to + // have a permission that allows them to update the specific cohort definition. + if (config.limitedPermissionManagement){ + v = v && isPermitted('cohortdefinition:' + cohortId + ':put') + } + return v } var isPermittedReadCohortReport = function(cohortId, sourceKey) { @@ -576,6 +592,7 @@ define(function(require, exports) { isPermittedReadCohort: isPermittedReadCohort, isPermittedCreateCohort: isPermittedCreateCohort, isPermittedCopyCohort: isPermittedCopyCohort, + isPermittedGlobalShareArtifact: isPermittedGlobalShareArtifact, isPermittedUpdateCohort: isPermittedUpdateCohort, isPermittedDeleteCohort: isPermittedDeleteCohort, isPermittedGenerateCohort: isPermittedGenerateCohort,