make mobile app available to viewers (#1892)

# What this PR does closes #2153 ## Which issue(s) this PR fixes ## Checklist - [x] Unit, integration, and e2e (if applicable) tests updated - [ ] Documentation added (or `pr:no public docs` PR label added if not required) - [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not required)
grafana · Jun 13, 2023 · 072d43c · 072d43c
1 parent 6d77f59
commit 072d43c
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 74 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Users with the Viewer basic role can now connect and use the mobile app ([#1892](https://github.com/grafana/oncall/pull/1892))
 - Add helm chart support for redis and mysql existing secrets [#2156](https://github.com/grafana/oncall/pull/2156)
 
 ### Changed

diff --git a/engine/apps/api/tests/test_user.py b/engine/apps/api/tests/test_user.py
@@ -1155,7 +1155,7 @@ def test_user_cant_unlink_slack_another_user(
 
 
 @pytest.mark.django_db
-def test_user_cant_unlink_backend__another_user(
+def test_user_cant_unlink_backend_another_user(
     make_organization_and_user_with_plugin_token, make_user_for_organization, make_user_auth_headers
 ):
     organization, first_user, token = make_organization_and_user_with_plugin_token(role=LegacyAccessControlRole.EDITOR)
@@ -1425,22 +1425,6 @@ def test_forget_other_number(
         assert response.json()["verified_phone_number"] == initial_verified_number
 
 
-@pytest.mark.django_db
-def test_viewer_cant_get_own_backend_verification_code(
-    make_organization_and_user_with_plugin_token, make_user_auth_headers
-):
-    _, user, token = make_organization_and_user_with_plugin_token(role=LegacyAccessControlRole.VIEWER)
-
-    client = APIClient()
-    url = (
-        reverse("api-internal:user-get-backend-verification-code", kwargs={"pk": user.public_primary_key})
-        + "?backend=TESTONLY"
-    )
-
-    response = client.get(f"{url}", format="json", **make_user_auth_headers(user, token))
-    assert response.status_code == status.HTTP_403_FORBIDDEN
-
-
 @pytest.mark.django_db
 def test_viewer_cant_get_another_user_backend_verification_code(
     make_organization_and_user_with_plugin_token, make_user_for_organization, make_user_auth_headers
@@ -1458,16 +1442,6 @@ def test_viewer_cant_get_another_user_backend_verification_code(
     assert response.status_code == status.HTTP_403_FORBIDDEN
 
 
-@pytest.mark.django_db
-def test_viewer_cant_unlink_backend_own_user(make_organization_and_user_with_plugin_token, make_user_auth_headers):
-    _, user, token = make_organization_and_user_with_plugin_token(role=LegacyAccessControlRole.VIEWER)
-    client = APIClient()
-    url = reverse("api-internal:user-unlink-backend", kwargs={"pk": user.public_primary_key}) + "?backend=TESTONLY"
-
-    response = client.post(f"{url}", format="json", **make_user_auth_headers(user, token))
-    assert response.status_code == status.HTTP_403_FORBIDDEN
-
-
 @pytest.mark.django_db
 def test_viewer_cant_unlink_backend_another_user(
     make_organization_and_user_with_plugin_token, make_user_for_organization, make_user_auth_headers

diff --git a/engine/apps/api/views/user.py b/engine/apps/api/views/user.py
@@ -162,16 +162,16 @@ class UserView(
         "forget_number": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
         "get_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
         "get_verification_call": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "get_backend_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "get_backend_verification_code": [RBACPermission.Permissions.USER_SETTINGS_READ],
         "get_telegram_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
         "unlink_slack": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
         "unlink_telegram": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "unlink_backend": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "unlink_backend": [RBACPermission.Permissions.USER_SETTINGS_READ],
         "make_test_call": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "send_test_push": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "send_test_push": [RBACPermission.Permissions.USER_SETTINGS_READ],
         "send_test_sms": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
         "export_token": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
-        "upcoming_shifts": [RBACPermission.Permissions.USER_SETTINGS_WRITE],
+        "upcoming_shifts": [RBACPermission.Permissions.USER_SETTINGS_READ],
     }
 
     rbac_object_permissions = {

diff --git a/grafana-plugin/src/containers/MobileAppConnection/MobileAppConnection.tsx b/grafana-plugin/src/containers/MobileAppConnection/MobileAppConnection.tsx
@@ -187,41 +187,36 @@ const MobileAppConnection = observer(({ userPk }: Props) => {
   }
 
   return (
-    <WithPermissionControlDisplay
-      userAction={UserActions.UserSettingsWrite}
-      message="You do not have permission to perform this action. Ask an admin to upgrade your permissions."
-    >
-      <VerticalGroup>
-        <div className={cx('container')}>
-          <Block shadowed bordered withBackground className={cx('container__box')}>
-            <DownloadIcons />
-          </Block>
-          <Block shadowed bordered withBackground className={cx('container__box')}>
-            {content}
-          </Block>
+    <VerticalGroup>
+      <div className={cx('container')}>
+        <Block shadowed bordered withBackground className={cx('container__box')}>
+          <DownloadIcons />
+        </Block>
+        <Block shadowed bordered withBackground className={cx('container__box')}>
+          {content}
+        </Block>
+      </div>
+      {store.hasFeature(AppFeature.MobileTestPush) && mobileAppIsCurrentlyConnected && isCurrentUser && (
+        <div className={cx('notification-buttons')}>
+          <HorizontalGroup spacing={'md'} justify={'flex-end'}>
+            <Button
+              variant="secondary"
+              onClick={() => onSendTestNotification()}
+              disabled={isAttemptingTestNotification}
+            >
+              Send Test Push
+            </Button>
+            <Button
+              variant="secondary"
+              onClick={() => onSendTestNotification(true)}
+              disabled={isAttemptingTestNotification}
+            >
+              Send Test Push Important
+            </Button>
+          </HorizontalGroup>
         </div>
-        {store.hasFeature(AppFeature.MobileTestPush) && mobileAppIsCurrentlyConnected && isCurrentUser && (
-          <div className={cx('notification-buttons')}>
-            <HorizontalGroup spacing={'md'} justify={'flex-end'}>
-              <Button
-                variant="secondary"
-                onClick={() => onSendTestNotification()}
-                disabled={isAttemptingTestNotification}
-              >
-                Send Test Push
-              </Button>
-              <Button
-                variant="secondary"
-                onClick={() => onSendTestNotification(true)}
-                disabled={isAttemptingTestNotification}
-              >
-                Send Test Push Important
-              </Button>
-            </HorizontalGroup>
-          </div>
-        )}
-      </VerticalGroup>
-    </WithPermissionControlDisplay>
+      )}
+    </VerticalGroup>
   );
 
   async function onSendTestNotification(isCritical = false) {

diff --git a/grafana-plugin/src/containers/UserSettings/UserSettings.tsx b/grafana-plugin/src/containers/UserSettings/UserSettings.tsx
@@ -9,7 +9,6 @@ import { Tabs, TabsContent } from 'containers/UserSettings/parts';
 import { User as UserType } from 'models/user/user.types';
 import { AppFeature } from 'state/features';
 import { useStore } from 'state/useStore';
-import { isUserActionAllowed, UserActions } from 'utils/authorization';
 import { BREAKPOINT_TABS } from 'utils/consts';
 
 import { UserSettingsTab } from './UserSettings.types';
@@ -53,7 +52,7 @@ const UserSettings = observer(({ id, onHide, tab = UserSettingsTab.UserInfo }: U
     !isDesktopOrLaptop,
     isCurrent && teamStore.currentTeam?.slack_team_identity && !storeUser.slack_user_identity,
     isCurrent && store.hasFeature(AppFeature.Telegram) && !storeUser.telegram_configuration,
-    isCurrent && isUserActionAllowed(UserActions.UserSettingsWrite),
+    isCurrent,
   ];
 
   return (

diff --git a/grafana-plugin/src/containers/UserSettings/parts/connectors/MobileAppConnector.tsx b/grafana-plugin/src/containers/UserSettings/parts/connectors/MobileAppConnector.tsx
@@ -4,8 +4,6 @@ import { Button, Label } from '@grafana/ui';
 import cn from 'classnames/bind';
 
 import { UserSettingsTab } from 'containers/UserSettings/UserSettings.types';
-import { WithPermissionControlTooltip } from 'containers/WithPermissionControl/WithPermissionControlTooltip';
-import { UserActions } from 'utils/authorization';
 
 import styles from './index.module.css';
 
@@ -26,11 +24,9 @@ const MobileAppConnector = (props: MobileAppConnectorProps) => {
     <div className={cx('user-item')}>
       <Label>Mobile App:</Label>
       <div>
-        <WithPermissionControlTooltip userAction={UserActions.UserSettingsWrite}>
-          <Button size="sm" fill="text" onClick={handleClickConfirmMobileAppButton}>
-            Click to add a mobile app
-          </Button>
-        </WithPermissionControlTooltip>
+        <Button size="sm" fill="text" onClick={handleClickConfirmMobileAppButton}>
+          Click to add a mobile app
+        </Button>
       </div>
     </div>
   );