From dbdecb1e0afb450e0cda6965a6d89408a831db0e Mon Sep 17 00:00:00 2001 From: TheCatLady <52870424+TheCatLady@users.noreply.github.com> Date: Mon, 29 Aug 2022 03:33:17 -0700 Subject: [PATCH] fix(frontend): only allow 'request as' users w/ request perms (#2991) --- .../RequestModal/AdvancedRequester/index.tsx | 49 +++++++++++++++---- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/src/components/RequestModal/AdvancedRequester/index.tsx b/src/components/RequestModal/AdvancedRequester/index.tsx index c95dc633..e8ac41b1 100644 --- a/src/components/RequestModal/AdvancedRequester/index.tsx +++ b/src/components/RequestModal/AdvancedRequester/index.tsx @@ -11,8 +11,9 @@ import type { ServiceCommonServerWithDetails, } from '@server/interfaces/api/serviceInterfaces'; import type { UserResultsResponse } from '@server/interfaces/api/userInterfaces'; +import { hasPermission } from '@server/lib/permissions'; import { isEqual } from 'lodash'; -import { useEffect, useState } from 'react'; +import { useEffect, useMemo, useState } from 'react'; import { defineMessages, useIntl } from 'react-intl'; import Select from 'react-select'; import useSWR from 'swr'; @@ -64,7 +65,7 @@ const AdvancedRequester = ({ onChange, }: AdvancedRequesterProps) => { const intl = useIntl(); - const { user, hasPermission } = useUser(); + const { user: currentUser, hasPermission: currentHasPermission } = useUser(); const { data, error } = useSWR( `/api/v1/service/${type === 'movie' ? 'radarr' : 'sonarr'}`, { @@ -113,16 +114,41 @@ const AdvancedRequester = ({ ); const { data: userData } = useSWR( - hasPermission([Permission.MANAGE_REQUESTS, Permission.MANAGE_USERS]) + currentHasPermission([Permission.MANAGE_REQUESTS, Permission.MANAGE_USERS]) ? '/api/v1/user?take=1000&sort=displayname' : null ); + const filteredUserData = useMemo( + () => + userData?.results.filter((user) => + hasPermission( + is4k + ? [ + Permission.REQUEST_4K, + type === 'movie' + ? Permission.REQUEST_4K_MOVIE + : Permission.REQUEST_4K_TV, + ] + : [ + Permission.REQUEST, + type === 'movie' + ? Permission.REQUEST_MOVIE + : Permission.REQUEST_TV, + ], + user.permissions, + { type: 'or' } + ) + ), + [userData?.results] + ); useEffect(() => { - if (userData?.results && !requestUser) { - setSelectedUser(userData.results.find((u) => u.id === user?.id) ?? null); + if (filteredUserData && !requestUser) { + setSelectedUser( + filteredUserData.find((u) => u.id === currentUser?.id) ?? null + ); } - }, [userData?.results]); + }, [filteredUserData]); useEffect(() => { let defaultServer = data?.find( @@ -273,7 +299,7 @@ const AdvancedRequester = ({ serverData.rootFolders.length < 2 && (serverData.languageProfiles ?? []).length < 2 && !serverData.tags?.length)))) && - (!selectedUser || (userData?.results ?? []).length < 2) + (!selectedUser || (filteredUserData ?? []).length < 2) ) { return null; } @@ -512,9 +538,12 @@ const AdvancedRequester = ({ /> )} - {hasPermission([Permission.MANAGE_REQUESTS, Permission.MANAGE_USERS]) && + {currentHasPermission([ + Permission.MANAGE_REQUESTS, + Permission.MANAGE_USERS, + ]) && selectedUser && - (userData?.results ?? []).length > 1 && ( + (filteredUserData ?? []).length > 1 && ( - {userData?.results.map((user) => ( + {filteredUserData?.map((user) => ( {({ selected, active }) => (