diff --git a/packages/editor-ui/src/views/SettingsPersonalView.vue b/packages/editor-ui/src/views/SettingsPersonalView.vue index c985ee613980a..d2248b39d8179 100644 --- a/packages/editor-ui/src/views/SettingsPersonalView.vue +++ b/packages/editor-ui/src/views/SettingsPersonalView.vue @@ -32,7 +32,7 @@ /> -
+
{{ i18n.baseText('settings.personal.security') }}
@@ -43,7 +43,7 @@ }}
-
+
@@ -171,7 +171,7 @@ export default defineComponent({ required: true, autocomplete: 'given-name', capitalize: true, - disabled: this.isLDAPFeatureEnabled && this.signInWithLdap, + disabled: this.isExternalAuthEnabled, }, }, { @@ -183,7 +183,7 @@ export default defineComponent({ required: true, autocomplete: 'family-name', capitalize: true, - disabled: this.isLDAPFeatureEnabled && this.signInWithLdap, + disabled: this.isExternalAuthEnabled, }, }, { @@ -196,7 +196,7 @@ export default defineComponent({ validationRules: [{ name: 'VALID_EMAIL' }], autocomplete: 'email', capitalize: true, - disabled: (this.isLDAPFeatureEnabled && this.signInWithLdap) || this.signInWithSaml, + disabled: !this.isPersonalSecurityEnabled, }, }, ]; @@ -206,16 +206,15 @@ export default defineComponent({ currentUser(): IUser | null { return this.usersStore.currentUser; }, - signInWithLdap(): boolean { - return this.currentUser?.signInType === 'ldap'; + isExternalAuthEnabled(): boolean { + const isLdapEnabled = + this.settingsStore.settings.enterprise.ldap && this.currentUser?.signInType === 'ldap'; + const isSamlEnabled = + this.settingsStore.isSamlLoginEnabled && this.settingsStore.isDefaultAuthenticationSaml; + return isLdapEnabled || isSamlEnabled; }, - isLDAPFeatureEnabled(): boolean { - return this.settingsStore.settings.enterprise.ldap; - }, - signInWithSaml(): boolean { - return ( - this.settingsStore.isSamlLoginEnabled && this.settingsStore.isDefaultAuthenticationSaml - ); + isPersonalSecurityEnabled(): boolean { + return this.usersStore.isInstanceOwner || !this.isExternalAuthEnabled; }, mfaDisabled(): boolean { return !this.usersStore.mfaEnabled; diff --git a/packages/editor-ui/src/views/__tests__/SettingsPersonalView.test.ts b/packages/editor-ui/src/views/__tests__/SettingsPersonalView.test.ts index 09df7dfc216f3..7236800010e07 100644 --- a/packages/editor-ui/src/views/__tests__/SettingsPersonalView.test.ts +++ b/packages/editor-ui/src/views/__tests__/SettingsPersonalView.test.ts @@ -57,16 +57,37 @@ describe('SettingsPersonalView', () => { expect(getByTestId('change-password-link')).toBeInTheDocument(); }); - it('should disable email and pw change when SAML login is enabled', async () => { - vi.spyOn(settingsStore, 'isSamlLoginEnabled', 'get').mockReturnValue(true); - vi.spyOn(settingsStore, 'isDefaultAuthenticationSaml', 'get').mockReturnValue(true); + describe('when external auth is enabled, email and password change', () => { + beforeEach(() => { + vi.spyOn(settingsStore, 'isSamlLoginEnabled', 'get').mockReturnValue(true); + vi.spyOn(settingsStore, 'isDefaultAuthenticationSaml', 'get').mockReturnValue(true); + vi.spyOn(settingsStore, 'isMfaFeatureEnabled', 'get').mockReturnValue(true); + }); - const { queryByTestId, getAllByRole } = renderComponent({ pinia }); - await waitAllPromises(); + it('should not be disabled for the instance owner', async () => { + vi.spyOn(usersStore, 'isInstanceOwner', 'get').mockReturnValue(true); + + const { queryByTestId, getAllByRole } = renderComponent({ pinia }); + await waitAllPromises(); + + expect( + getAllByRole('textbox').find((el) => el.getAttribute('type') === 'email'), + ).toBeEnabled(); + expect(queryByTestId('change-password-link')).toBeInTheDocument(); + expect(queryByTestId('mfa-section')).toBeInTheDocument(); + }); + + it('should be disabled for members', async () => { + vi.spyOn(usersStore, 'isInstanceOwner', 'get').mockReturnValue(false); + + const { queryByTestId, getAllByRole } = renderComponent({ pinia }); + await waitAllPromises(); - expect( - getAllByRole('textbox').find((el) => el.getAttribute('type') === 'email'), - ).toBeDisabled(); - expect(queryByTestId('change-password-link')).not.toBeInTheDocument(); + expect( + getAllByRole('textbox').find((el) => el.getAttribute('type') === 'email'), + ).toBeDisabled(); + expect(queryByTestId('change-password-link')).not.toBeInTheDocument(); + expect(queryByTestId('mfa-section')).not.toBeInTheDocument(); + }); }); });