fix: do not allow editing of user settings under certain conditions (#1168)

* fix: do not allow editing of user settings under certain conditions * feat(lang): generate translation keys for new strings * refactor: modify owner check for clarity * fix(ui): hide buttons where appropriate and add missing translation string
2021-03-14 00:46:12 -05:00
parent 0bd0912613
commit 001dcd328c
7 changed files with 122 additions and 57 deletions
--- a/src/components/UserProfile/UserSettings/UserPermissions/index.tsx
+++ b/src/components/UserProfile/UserSettings/UserPermissions/index.tsx
@@ -10,6 +10,7 @@ import Error from '../../../../pages/_error';
 import Button from '../../../Common/Button';
 import LoadingSpinner from '../../../Common/LoadingSpinner';
 import PermissionEdit from '../../../PermissionEdit';
+import Alert from '../../../Common/Alert';

 const messages = defineMessages({
  displayName: 'Display Name',
@@ -20,6 +21,8 @@ const messages = defineMessages({
  toastSettingsSuccess: 'Settings successfully saved!',
  toastSettingsFailure: 'Something went wrong while saving settings.',
  permissions: 'Permissions',
+  unauthorized: 'Unauthorized',
+  unauthorizedDescription: 'You cannot modify your own permissions.',
 });

 const UserPermissions: React.FC = () => {
@@ -40,6 +43,21 @@ const UserPermissions: React.FC = () => {
    return <Error statusCode={500} />;
  }

+  if (currentUser?.id !== 1 && currentUser?.id === user?.id) {
+    return (
+      <>
+        <div className="mb-6">
+          <h3 className="heading">
+            {intl.formatMessage(messages.permissions)}
+          </h3>
+        </div>
+        <Alert title={intl.formatMessage(messages.unauthorized)} type="error">
+          {intl.formatMessage(messages.unauthorizedDescription)}
+        </Alert>
+      </>
+    );
+  }
+
  return (
    <>
      <div className="mb-6">