Skip to content

Commit

Permalink
fix(ExternalProperties): only project admins should be able to modify…
Browse files Browse the repository at this point in the history
… sensitive AgencyId prop
  • Loading branch information
landonreed committed Mar 14, 2017
1 parent 7583204 commit 7e3a418
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 6 deletions.
24 changes: 19 additions & 5 deletions lib/manager/components/ExternalPropertiesTable.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,23 @@ import EditableTextField from '../../common/components/EditableTextField'

export default class ExternalPropertiesTable extends Component {
static propTypes = {
editingIsDisabled: PropTypes.bool,
externalPropertyChanged: PropTypes.func,
isProjectAdmin: PropTypes.bool,
resourceProps: PropTypes.array,
resourceType: PropTypes.string
}
render () {
const {
editingIsDisabled,
externalPropertyChanged,
isProjectAdmin,
resourceProps,
resourceType
} = this.props
return (
<Panel
header={<h3>{this.props.resourceType} properties</h3>}
header={<h3>{resourceType} properties</h3>}
>
<Table striped fill>
<thead>
Expand All @@ -20,16 +31,19 @@ export default class ExternalPropertiesTable extends Component {
</tr>
</thead>
<tbody>
{Object.keys(this.props.resourceProps).sort().map(propName => {
{Object.keys(resourceProps).sort().map(propName => {
const disabled = resourceType === 'MTC' && propName === 'AgencyId'
? !isProjectAdmin
: editingIsDisabled
return (
<tr>
<td>{propName}</td>
<td>
<EditableTextField
key={propName}
disabled={this.props.editingIsDisabled}
value={this.props.resourceProps[propName]}
onChange={(value) => this.props.externalPropertyChanged(propName, value)}
disabled={disabled}
value={resourceProps[propName]}
onChange={(value) => externalPropertyChanged(propName, value)}
/>
</td>
</tr>
Expand Down
4 changes: 3 additions & 1 deletion lib/manager/components/FeedSourceViewer.js
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ export default class FeedSourceViewer extends Component {
}
}
confirmDeleteFeedSource (feedSource) {
this.refs['page'].showConfirmModal({
this.refs.page.showConfirmModal({
title: 'Delete Feed Source?',
body: 'Are you sure you want to delete this feed source? This action cannot be undone and all feed versions will be deleted.',
onConfirm: () => {
Expand Down Expand Up @@ -126,6 +126,7 @@ export default class FeedSourceViewer extends Component {
} = this.props
const messages = getComponentMessages('FeedSourceViewer')
const disabled = !user.permissions.hasFeedPermission(project.organizationId, project.id, fs.id, 'manage-feed')
const isProjectAdmin = user.permissions.isProjectAdmin(project.id, project.organizationId)
// const editGtfsDisabled = !user.permissions.hasFeedPermission(project.organizationId, project.id, fs.id, 'edit-gtfs')
const autoFetchFeed = fs.retrievalMethod === 'FETCHED_AUTOMATICALLY'
const resourceType = activeComponent === 'settings' && activeSubComponent && activeSubComponent.toUpperCase()
Expand Down Expand Up @@ -218,6 +219,7 @@ export default class FeedSourceViewer extends Component {
<ExternalPropertiesTable
resourceType={resourceType}
editingIsDisabled={disabled}
isProjectAdmin={isProjectAdmin}
resourceProps={fs.externalProperties[resourceType]}
externalPropertyChanged={(name, value) => {
externalPropertyChanged(fs, resourceType, name, value)
Expand Down

0 comments on commit 7e3a418

Please sign in to comment.