feat(2915): apply permissions for tenant screens

interledger · Jan 30, 2025 · ac04fa6 · ac04fa6
1 parent 993e4c4
commit ac04fa6
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 17 deletions.
diff --git a/packages/frontend/app/lib/api/tenant.server.ts b/packages/frontend/app/lib/api/tenant.server.ts
@@ -63,6 +63,7 @@ export const createTenant = async (
       mutation CreateTenantMutation($input: CreateTenantInput!) {
         createTenant(input: $input) {
           tenant {
+            id
             publicName
             email
             apiSecret

diff --git a/packages/frontend/app/lib/validate.server.ts b/packages/frontend/app/lib/validate.server.ts
@@ -141,8 +141,8 @@ export const createTenantSchema = z
   .object({
     apiSecret: z
       .string()
-      .min(3, { message: 'API Secret should be at least 3 characters long' })
-      .max(6, { message: 'Maximum length of API Secret is 255 characters' })
+      .min(10, { message: 'API Secret should be at least 3 characters long' })
+      .max(255, { message: 'Maximum length of API Secret is 255 characters' })
       .regex(
         /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/,
         { message: 'API Secret should be Base64 encoded.' }

diff --git a/packages/frontend/app/routes/tenants.$tenantId.tsx b/packages/frontend/app/routes/tenants.$tenantId.tsx
@@ -231,10 +231,7 @@ export async function action({ request }: ActionFunctionArgs) {
       }
 
       const response = await updateTenant(request, {
-        ...result.data,
-        ...(result.data.withdrawalThreshold
-          ? { withdrawalThreshold: result.data.withdrawalThreshold }
-          : { withdrawalThreshold: undefined })
+        ...result.data
       })
 
       if (!response?.asset) {
@@ -258,8 +255,8 @@ export async function action({ request }: ActionFunctionArgs) {
         })
       }
 
-      const response = await deleteTenant(request, { id: result.data.id })
-      if (!response?.tenant) {
+      const response = await deleteTenant(request, result.data.id)
+      if (!response) {
         return setMessageAndRedirect({
           session,
           message: {

diff --git a/packages/frontend/app/routes/tenants._index.tsx b/packages/frontend/app/routes/tenants._index.tsx
@@ -5,6 +5,7 @@ import { Button, Table } from '~/components/ui'
 import { listTenants } from '~/lib/api/tenant.server'
 import { paginationSchema } from '~/lib/validate.server'
 import { checkAuthAndRedirect } from '../lib/kratos_checks.server'
+import { getSession } from '~/lib/session.server'
 
 export const loader = async ({ request }: LoaderFunctionArgs) => {
   const cookies = request.headers.get('cookie')
@@ -19,6 +20,7 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
     throw json(null, { status: 400, statusText: 'Invalid pagination.' })
   }
 
+  let isOperator = false
   const tenants = await listTenants(request, {
     ...pagination.data
   })
@@ -30,11 +32,29 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
   if (tenants.pageInfo.hasNextPage)
     nextPageUrl = `/tenants?after=${tenants.pageInfo.endCursor}`
 
-  return json({ tenants, previousPageUrl, nextPageUrl })
+  let tenantEdges = tenants.edges
+  const tenantPageInfo = tenants.pageInfo
+  if (tenantEdges.length) {
+    const session = await getSession(cookies)
+    const sessionApiSecret = session.get('apiSecret')
+    if (sessionApiSecret && sessionApiSecret.length > 0) {
+      for (const edge of tenantEdges) {
+        const edgeNode = edge.node
+        if (edgeNode && sessionApiSecret === edgeNode.apiSecret) {
+          isOperator = edgeNode.isOperator
+          break
+        }
+      }
+    }
+    tenantEdges = isOperator ? tenants.edges :
+      tenantEdges.filter(
+        ({ node }) => node.apiSecret === sessionApiSecret)
+  }
+  return json({ tenantEdges, tenantPageInfo, previousPageUrl, nextPageUrl, isOperator })
 }
 
 export default function TenantsPage() {
-  const { tenants, previousPageUrl, nextPageUrl } =
+  const { tenantEdges, tenantPageInfo, previousPageUrl, nextPageUrl, isOperator } =
     useLoaderData<typeof loader>()
   const navigate = useNavigate()
 
@@ -46,18 +66,20 @@ export default function TenantsPage() {
             <h3 className='text-2xl'>Tenants</h3>
           </div>
           <div className='ml-auto'>
-            <Button aria-label='add new tenant' to='/tenants/create'>
-              Add tenant
-            </Button>
+            {isOperator && (
+              <Button aria-label='add new tenant' to='/tenants/create'>
+                Add tenant
+              </Button>
+            )}
           </div>
         </PageHeader>
         <Table>
           <Table.Head
             columns={['ID', 'Public name', 'Email', 'Status', 'Operator']}
           />
           <Table.Body>
-            {tenants.edges.length ? (
-              tenants.edges.map((tenant) => (
+            {tenantEdges.length ? (
+              tenantEdges.map((tenant) => (
                 <Table.Row
                   key={tenant.node.id}
                   className='cursor-pointer'
@@ -110,7 +132,7 @@ export default function TenantsPage() {
         <div className='flex items-center justify-between p-5'>
           <Button
             aria-label='go to previous page'
-            disabled={!tenants.pageInfo.hasPreviousPage}
+            disabled={!tenantPageInfo.hasPreviousPage}
             onClick={() => {
               navigate(previousPageUrl)
             }}
@@ -119,7 +141,7 @@ export default function TenantsPage() {
           </Button>
           <Button
             aria-label='go to next page'
-            disabled={!tenants.pageInfo.hasNextPage}
+            disabled={!tenantPageInfo.hasNextPage}
             onClick={() => {
               navigate(nextPageUrl)
             }}