make mobile app available to viewers (#1892)

# What this PR does closes #2153 ## Which issue(s) this PR fixes ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required)
2023-06-13 20:54:52 +02:00 · 2023-06-13 20:54:52 +02:00 · 072d43c3d2
commit 072d43c3d2
parent 6d77f598d6
6 changed files with 39 additions and 74 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ### Added

+- Users with the Viewer basic role can now connect and use the mobile app ([#1892](https://github.com/grafana/oncall/pull/1892))
 - Add helm chart support for redis and mysql existing secrets [#2156](https://github.com/grafana/oncall/pull/2156)

 ### Changed
--- a/engine/apps/api/tests/test_user.py
+++ b/engine/apps/api/tests/test_user.py
@ -1155,7 +1155,7 @@ def test_user_cant_unlink_slack_another_user(


@pytest.mark.django_db
-def test_user_cant_unlink_backend__another_user(
+def test_user_cant_unlink_backend_another_user(
    make_organization_and_user_with_plugin_token, make_user_for_organization, make_user_auth_headers
 ):
    organization, first_user, token = make_organization_and_user_with_plugin_token(role=LegacyAccessControlRole.EDITOR)
@ -1425,22 +1425,6 @@ def test_forget_other_number(
        assert response.json()["verified_phone_number"] == initial_verified_number


-@pytest.mark.django_db
-def test_viewer_cant_get_own_backend_verification_code(
-    make_organization_and_user_with_plugin_token, make_user_auth_headers
-):
-    _, user, token = make_organization_and_user_with_plugin_token(role=LegacyAccessControlRole.VIEWER)
-
-    client = APIClient()
-    url = (
-        reverse("api-internal:user-get-backend-verification-code", kwargs={"pk": user.public_primary_key})
-        + "?backend=TESTONLY"
-    )
-
-    response = client.get(f"{url}", format="json", **make_user_auth_headers(user, token))
-    assert response.status_code == status.HTTP_403_FORBIDDEN
-
-
@pytest.mark.django_db
 def test_viewer_cant_get_another_user_backend_verification_code(
    make_organization_and_user_with_plugin_token, make_user_for_organization, make_user_auth_headers
@ -1458,16 +1442,6 @@ def test_viewer_cant_get_another_user_backend_verification_code(
    assert response.status_code == status.HTTP_403_FORBIDDEN


-@pytest.mark.django_db
-def test_viewer_cant_unlink_backend_own_user(make_organization_and_user_with_plugin_token, make_user_auth_headers):
-    _, user, token = make_organization_and_user_with_plugin_token(role=LegacyAccessControlRole.VIEWER)
-    client = APIClient()
-    url = reverse("api-internal:user-unlink-backend", kwargs={"pk": user.public_primary_key}) + "?backend=TESTONLY"
-
-    response = client.post(f"{url}", format="json", **make_user_auth_headers(user, token))
-    assert response.status_code == status.HTTP_403_FORBIDDEN
-
-
@pytest.mark.django_db
 def test_viewer_cant_unlink_backend_another_user(
    make_organization_and_user_with_plugin_token, make_user_for_organization, make_user_auth_headers
--- a/engine/apps/api/views/user.py
+++ b/engine/apps/api/views/user.py
@ -162,16 +162,16 @@ class UserView(
        "forget_number": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
        "get_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
        "get_verification_call": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "get_backend_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "get_backend_verification_code": [RBACPermission.Permissions.USER_SETTINGS_READ],
        "get_telegram_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
        "unlink_slack": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
        "unlink_telegram": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "unlink_backend": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "unlink_backend": [RBACPermission.Permissions.USER_SETTINGS_READ],
        "make_test_call": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "send_test_push": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "send_test_push": [RBACPermission.Permissions.USER_SETTINGS_READ],
        "send_test_sms": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
        "export_token": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "upcoming_shifts": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "upcoming_shifts": [RBACPermission.Permissions.USER_SETTINGS_READ],
    }

    rbac_object_permissions = {
--- a/grafana-plugin/src/containers/MobileAppConnection/MobileAppConnection.tsx
+++ b/grafana-plugin/src/containers/MobileAppConnection/MobileAppConnection.tsx
@ -187,41 +187,36 @@ const MobileAppConnection = observer(({ userPk }: Props) => {
  }

  return (
-    <WithPermissionControlDisplay
-      userAction={UserActions.UserSettingsWrite}
-      message="You do not have permission to perform this action. Ask an admin to upgrade your permissions."
-    >
-      <VerticalGroup>
-        <div className={cx('container')}>
-          <Block shadowed bordered withBackground className={cx('container__box')}>
-            <DownloadIcons />
-          </Block>
-          <Block shadowed bordered withBackground className={cx('container__box')}>
-            {content}
-          </Block>
+    <VerticalGroup>
+      <div className={cx('container')}>
+        <Block shadowed bordered withBackground className={cx('container__box')}>
+          <DownloadIcons />
+        </Block>
+        <Block shadowed bordered withBackground className={cx('container__box')}>
+          {content}
+        </Block>
+      </div>
+      {store.hasFeature(AppFeature.MobileTestPush) && mobileAppIsCurrentlyConnected && isCurrentUser && (
+        <div className={cx('notification-buttons')}>
+          <HorizontalGroup spacing={'md'} justify={'flex-end'}>
+            <Button
+              variant="secondary"
+              onClick={() => onSendTestNotification()}
+              disabled={isAttemptingTestNotification}
+            >
+              Send Test Push
+            </Button>
+            <Button
+              variant="secondary"
+              onClick={() => onSendTestNotification(true)}
+              disabled={isAttemptingTestNotification}
+            >
+              Send Test Push Important
+            </Button>
+          </HorizontalGroup>
        </div>
-        {store.hasFeature(AppFeature.MobileTestPush) && mobileAppIsCurrentlyConnected && isCurrentUser && (
-          <div className={cx('notification-buttons')}>
-            <HorizontalGroup spacing={'md'} justify={'flex-end'}>
-              <Button
-                variant="secondary"
-                onClick={() => onSendTestNotification()}
-                disabled={isAttemptingTestNotification}
-              >
-                Send Test Push
-              </Button>
-              <Button
-                variant="secondary"
-                onClick={() => onSendTestNotification(true)}
-                disabled={isAttemptingTestNotification}
-              >
-                Send Test Push Important
-              </Button>
-            </HorizontalGroup>
-          </div>
-        )}
-      </VerticalGroup>
-    </WithPermissionControlDisplay>
+      )}
+    </VerticalGroup>
  );

  async function onSendTestNotification(isCritical = false) {
--- a/grafana-plugin/src/containers/UserSettings/UserSettings.tsx
+++ b/grafana-plugin/src/containers/UserSettings/UserSettings.tsx
@ -9,7 +9,6 @@ import { Tabs, TabsContent } from 'containers/UserSettings/parts';
 import { User as UserType } from 'models/user/user.types';
 import { AppFeature } from 'state/features';
 import { useStore } from 'state/useStore';
-import { isUserActionAllowed, UserActions } from 'utils/authorization';
 import { BREAKPOINT_TABS } from 'utils/consts';

 import { UserSettingsTab } from './UserSettings.types';
@ -53,7 +52,7 @@ const UserSettings = observer(({ id, onHide, tab = UserSettingsTab.UserInfo }: U
    !isDesktopOrLaptop,
    isCurrent && teamStore.currentTeam?.slack_team_identity && !storeUser.slack_user_identity,
    isCurrent && store.hasFeature(AppFeature.Telegram) && !storeUser.telegram_configuration,
-    isCurrent && isUserActionAllowed(UserActions.UserSettingsWrite),
+    isCurrent,
  ];

  return (
--- a/grafana-plugin/src/containers/UserSettings/parts/connectors/MobileAppConnector.tsx
+++ b/grafana-plugin/src/containers/UserSettings/parts/connectors/MobileAppConnector.tsx
@ -4,8 +4,6 @@ import { Button, Label } from '@grafana/ui';
 import cn from 'classnames/bind';

 import { UserSettingsTab } from 'containers/UserSettings/UserSettings.types';
-import { WithPermissionControlTooltip } from 'containers/WithPermissionControl/WithPermissionControlTooltip';
-import { UserActions } from 'utils/authorization';

 import styles from './index.module.css';

@ -26,11 +24,9 @@ const MobileAppConnector = (props: MobileAppConnectorProps) => {
    <div className={cx('user-item')}>
      <Label>Mobile App:</Label>
      <div>
-        <WithPermissionControlTooltip userAction={UserActions.UserSettingsWrite}>
-          <Button size="sm" fill="text" onClick={handleClickConfirmMobileAppButton}>
-            Click to add a mobile app
-          </Button>
-        </WithPermissionControlTooltip>
+        <Button size="sm" fill="text" onClick={handleClickConfirmMobileAppButton}>
+          Click to add a mobile app
+        </Button>
      </div>
    </div>
  );