fix: allow personnal access tokens call with global admin

Ad tooltip for personnal access tokens creation form. Fix a bug preventing to create a no expiration token.
MAIF · Nov 18, 2024 · 1fac2ff · 1fac2ff
1 parent 680591a
commit 1fac2ff
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 8 deletions.
diff --git a/app/fr/maif/izanami/web/AuthAction.scala b/app/fr/maif/izanami/web/AuthAction.scala
@@ -209,7 +209,7 @@ class PersonnalAccessTokenTenantAuthAction(
               .findUser(username)
               .map {
                 case Some(user)
-                    if user.tenantRights
+                    if user.admin || user.tenantRights
                       .get(tenant)
                       .exists(r => RightLevels.superiorOrEqualLevels(minimumLevel).contains(r)) =>
                   Right(username)

diff --git a/izanami-frontend/src/components/TokenForm.tsx b/izanami-frontend/src/components/TokenForm.tsx
@@ -17,6 +17,7 @@ import {
 } from "../utils/types";
 import { customStyles } from "../styles/reactSelect";
 import { hasRightForTenant, IzanamiContext } from "../securityContext";
+import { Tooltip } from "./Tooltip";
 
 export type PesonnalTokenFormType =
   | LimitedRightsPesonnalTokenFormType
@@ -91,6 +92,10 @@ export function TokenForm(props: {
       >
         <label>
           Name*
+          <Tooltip id="token-name">
+            Token name, use something meaningfull, it can be modified later
+            without impacts.
+          </Tooltip>
           <input
             autoFocus={true}
             className="form-control"
@@ -107,6 +112,12 @@ export function TokenForm(props: {
         </label>
         <label className="mt-3">
           All rights
+          <Tooltip id="token-all-rights">
+            If this is checked, token will have all user rights.
+            <br />
+            If this is unchecked, you'll have to specify what token is allowed
+            to do.
+          </Tooltip>
           <Controller
             name="allRights"
             control={control}
@@ -147,6 +158,11 @@ export function TokenForm(props: {
         )}
         <label className="mt-3">
           Expiration
+          <Tooltip id="token-expiration">
+            Expiration date for token.
+            <br />
+            Token won't be usable after this date.
+          </Tooltip>
           <Controller
             name="expiresAt"
             control={control}
@@ -173,6 +189,9 @@ export function TokenForm(props: {
         </label>
         <label className="mt-3">
           Timezone
+          <Tooltip id="token-expiration-timezone">
+            Timezone for token expiration.
+          </Tooltip>
           <Controller
             name="expirationTimezone"
             defaultValue={DEFAULT_TIMEZONE}
@@ -261,7 +280,7 @@ function TenantRightSelector(props: {
               type="button"
               onClick={() => onChange([...value, [null, []]])}
             >
-              Add
+              Add rights
             </button>
           </div>
         )}

diff --git a/izanami-frontend/src/utils/queries.tsx b/izanami-frontend/src/utils/queries.tsx
@@ -146,13 +146,16 @@ export function createPersonnalAccessToken(
   allRights: boolean,
   rights: { [tenant: string]: TokenTenantRight[] }
 ) {
+  const hasExpiration = expiration && !isNaN(expiration);
   return handleFetchJsonResponse(
     fetch(`/api/admin/users/${user}/tokens`, {
       method: "POST",
       body: JSON.stringify({
         name: name,
-        expiresAt: format(expiration, "yyyy-MM-dd'T'HH:mm"),
-        expirationTimezone: timezone,
+        expiresAt: hasExpiration
+          ? format(expiration, "yyyy-MM-dd'T'HH:mm")
+          : undefined,
+        expirationTimezone: hasExpiration ? timezone : undefined,
         allRights,
         rights,
       }),
@@ -164,15 +167,18 @@ export function createPersonnalAccessToken(
 }
 
 export function updatePersonnalAccessToken(token: PersonnalAccessToken) {
+  const hasExpiration = "expiresAt" in token && !isNaN(token.expiresAt);
   return handleFetchJsonResponse(
     fetch(`/api/admin/users/${token.username}/tokens/${token.id}`, {
       method: "PUT",
       body: JSON.stringify({
         ...token,
-        expiresAt:
-          "expiresAt" in token
-            ? format(token.expiresAt, "yyyy-MM-dd'T'HH:mm")
-            : undefined,
+        expirationTimezone: hasExpiration
+          ? token.expirationTimezone
+          : undefined,
+        expiresAt: hasExpiration
+          ? format(token.expiresAt, "yyyy-MM-dd'T'HH:mm")
+          : undefined,
       }),
       headers: {
         "content-type": "application/json",