Added user permissions manager, filter nav by group in admin (#1209)

themeetinghouse · Jul 31, 2023 · 078daf9 · 078daf9
1 parent 013ec27
commit 078daf9
Show file tree

Hide file tree

Showing 26 changed files with 1,747 additions and 768 deletions.
diff --git a/amplify/backend/api/themeetinghouse/schema.graphql b/amplify/backend/api/themeetinghouse/schema.graphql
@@ -1524,7 +1524,7 @@ type WebPageContent {
   showLocationSearch: Boolean
 }
 
-type TMHUser @model @auth(rules: [{allow: owner, ownerField: "owner", operations: [create, update, delete, read]}, {allow: groups, groups: ["PaymentService"], operations: [create, update, delete, read]}]) {
+type TMHUser @model @auth(rules: [{allow: groups, groups: ["Admin"], provider: userPools, operations: [read]}, {allow: owner, ownerField: "owner", operations: [create, update, delete, read]}, {allow: groups, groups: ["PaymentService"], operations: [create, update, delete, read]}]) {
   id: ID!
   given_name: String!
   family_name: String!
@@ -1540,14 +1540,14 @@ type TMHUser @model @auth(rules: [{allow: owner, ownerField: "owner", operations
   f1HouseholdId: String @auth(rules: [{allow: owner, ownerField: "owner", operations: [read]}, {allow: groups, groups: ["PaymentService"]}])
 }
 
-type TMHSite @model @auth(rules: [{allow: public, operations: [read]}, {allow: private, operations: [read], provider: iam}, {allow: groups, groups: ["Admin"], provider: userPools}]){
+type TMHSite @model @auth(rules: [{allow: public, operations: [read]}, {allow: private, operations: [read], provider: iam}, {allow: groups, groups: ["Admin", "LocationManager"], provider: userPools}]){
   id: String!
   tmhPeople: [TMHPerson] @manyToMany(relationName: "SitePerson")
 }
 
 type TMHPerson @model @searchable @auth(rules: [{allow: public, operations: [read]}, {allow: private, operations: [read], provider: iam}, {allow: groups, groups: ["Admin"], provider: userPools}]) {
   id: ID!
-  email: AWSEmail
+  email: AWSEmail @index(name: "byEmail", queryField: "TMHPersonByEmail")
   firstName: String
   lastName: String
   image: AWSURL
@@ -1664,4 +1664,4 @@ type Address {
   line2: String
   postal_code: String
   state: String
-}     
+}              
diff --git a/amplify/backend/auth/cognitodevtmh/cli-inputs.json b/amplify/backend/auth/cognitodevtmh/cli-inputs.json
@@ -48,7 +48,10 @@
       "Elder",
       "Instagram",
       "Notes",
-      "PaymentService"
+      "PaymentService",
+      "LocationManager",
+      "GlobalContentManager",
+      "WebEditorManager"
     ],
     "userPoolGroups": true,
     "adminQueries": true,
@@ -118,9 +121,6 @@
     "authTriggerConnections": "[\n  {\n    \"triggerType\": \"PostAuthentication\",\n    \"lambdaFunctionName\": \"cognitodevtmhPostAuthentication\"\n  },\n  {\n    \"triggerType\": \"PreSignUp\",\n    \"lambdaFunctionName\": \"cognitodevtmhPreSignup\"\n  },\n  {\n    \"triggerType\": \"PreTokenGeneration\",\n    \"lambdaFunctionName\": \"cognitodevtmhPreTokenGeneration\"\n  }\n]",
     "parentStack": {
       "Ref": "AWS::StackId"
-    },
-    "facebookAppId": "abc",
-    "googleClientId": "def",
-    "amazonAppId": "fgh"
+    }
   }
-}   
+}
diff --git a/amplify/backend/auth/userPoolGroups/user-pool-group-precedence.json b/amplify/backend/auth/userPoolGroups/user-pool-group-precedence.json
@@ -22,5 +22,17 @@
   {
     "groupName": "PaymentService",
     "precedence": 6
+  },
+  {
+    "groupName": "LocationManager",
+    "precedence": 7
+  },
+  {
+    "groupName": "GlobalContentManager",
+    "precedence": 8
+  },
+  {
+    "groupName": "WebEditorManager",
+    "precedence": 9
   }
 ]
diff --git a/amplify/backend/function/AdminQueriesa1b7e2e8/src/app.js b/amplify/backend/function/AdminQueriesa1b7e2e8/src/app.js
@@ -180,11 +180,19 @@ app.get('/listUsers', async (req, res, next) => {
   try {
     let response;
     if (req.query.token) {
-      response = await listUsers(req.query.limit || 25, req.query.token);
+      response = await listUsers(
+        req.query.limit || 25,
+        req.query.token,
+        req.query.filter
+      );
     } else if (req.query.limit) {
-      response = await listUsers((Limit = req.query.limit));
+      response = await listUsers(
+        (Limit = req.query.limit),
+        null,
+        req.query.filter
+      );
     } else {
-      response = await listUsers();
+      response = await listUsers(null, null, req.query.filter);
     }
     res.status(200).json(response);
   } catch (err) {

diff --git a/amplify/backend/function/AdminQueriesa1b7e2e8/src/cognitoActions.js b/amplify/backend/function/AdminQueriesa1b7e2e8/src/cognitoActions.js
@@ -143,13 +143,13 @@ async function getUser(username) {
   }
 }
 
-async function listUsers(Limit, PaginationToken) {
+async function listUsers(Limit, PaginationToken, SearchQuery) {
   const params = {
     UserPoolId: userPoolId,
     ...(Limit && { Limit }),
     ...(PaginationToken && { PaginationToken }),
   };
-
+  if (SearchQuery) params.Filter = SearchQuery;
   console.log('Attempting to list users');
 
   try {

diff --git a/amplify/backend/function/cognitodevtmhPostAuthentication/src/custom.js b/amplify/backend/function/cognitodevtmhPostAuthentication/src/custom.js
@@ -0,0 +1,7 @@
+/**
+ * @type {import('@types/aws-lambda').APIGatewayProxyHandler}
+ */
+exports.handler = async (event, context) => {
+  // insert code to be executed by your lambda trigger
+  return event;
+};
diff --git a/amplify/backend/function/cognitodevtmhPreTokenGeneration/src/custom.js b/amplify/backend/function/cognitodevtmhPreTokenGeneration/src/custom.js
@@ -0,0 +1,7 @@
+/**
+ * @type {import('@types/aws-lambda').APIGatewayProxyHandler}
+ */
+exports.handler = async (event, context) => {
+  // insert code to be executed by your lambda trigger
+  return event;
+};