Fix admin access to the campaign expneses (#1400)

* Expenses for campaigns: 1. The users can report how spent the money from a campaign. 2. They can upload files to justify those expenses. * Add the layout of the portal to the expenses form. * Allow for expenses files to be downloaded and delete. Make sure the expenses edit button and UI is only visible for the coordinator and the admin user. * Add the expenses list to the campaigns page if there are any. The coordinator can edit them, the rest can download them. * Fix the build of the frontend. Remove unused elements. * Stop using the can-edit endpoint. We can use the useCurrentUser to get the current user id and compare it to the organizer. * Refactor the endpoints for the expenses lists. In order to make the more REST like - we are going via the campaign. * Fix a bug - isAdmin does not seems to be working in this context. * We should not allow any expenses to be saved without an attachment. * Add an on error handler when uploading an expense file. * Use isAdmin function for production. podkrepi-admin role is not available on other environments.
podkrepi-bg · Mar 29, 2023 · 1820b91 · 1820b91
1 parent ff1c3cf
commit 1820b91
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/src/common/hooks/campaigns.ts b/src/common/hooks/campaigns.ts
@@ -13,6 +13,7 @@ import {
 import { DonationStatus } from 'gql/donations.enums'
 import { apiClient } from 'service/apiClient'
 import { useCurrentPerson } from 'common/util/useCurrentPerson'
+import { isAdmin } from 'common/util/roles'
 
 // NOTE: shuffling the campaigns so that each gets its fair chance to be on top row
 export const campaignsOrderQueryFunction: QueryFunction<CampaignResponse[]> = async ({
@@ -128,7 +129,8 @@ export function useCanEditCampaign(slug: string) {
 
   const canEdit =
     userData.user.id === campaignData.campaign.organizer?.person.id ||
-    session?.user?.realm_access?.roles?.includes('podkrepi-admin')
+    session?.user?.realm_access?.roles?.includes('podkrepi-admin') ||
+    isAdmin(session)
 
   return canEdit
 }
diff --git a/src/components/client/campaign-expenses/Form.tsx b/src/components/client/campaign-expenses/Form.tsx
@@ -37,6 +37,7 @@ import { downloadCampaignExpenseFile, deleteExpenseFile } from 'service/expense'
 import { useSession } from 'next-auth/react'
 import DeleteForeverIcon from '@mui/icons-material/DeleteForever'
 import { useViewPersonByKeylockId } from 'common/hooks/person'
+import { isAdmin } from 'common/util/roles'
 
 const validTypes = Object.keys(ExpenseType)
 const validStatuses = Object.keys(ExpenseStatus)
@@ -53,7 +54,8 @@ export default function Form() {
   const { data: expenseFiles } = useCampaignExpenseFiles(id)
   const { data: session } = useSession()
 
-  const canApprove = !!session?.user?.realm_access?.roles?.includes('podkrepi-admin')
+  const canApprove =
+    !!session?.user?.realm_access?.roles?.includes('podkrepi-admin') || isAdmin(session)
 
   const { data: person } = useViewPersonByKeylockId(session?.user?.sub as string)