Merge pull request #174 from r00tat/bugfix/auth

Fehlerbehebung Berechtigungen für subitems eines Einsatzes
r00tat · Oct 22, 2024 · db3260b · db3260b
2 parents 43cff43 + 70592e3
commit db3260b
Show file tree

Hide file tree

Showing 15 changed files with 215 additions and 163 deletions.
diff --git a/firebase/dev/firestore.rules b/firebase/dev/firestore.rules
@@ -33,10 +33,19 @@ service cloud.firestore {
       allow read: if authorizedUser()
     }
 
-    match /call/{doc=**} {
+    match /call/{doc} {
       allow read, write: if authorizedUser() 
             // && resource.data.group in get(/databases/$(database)/documents/user/$(request.auth.uid)).data.groups 
-            && resource.data.group in request.auth.token.groups 
+            && resource.data.group in request.auth.token.groups;
+
+      function callAuthorized() {
+        return authorizedUser() && get(/databases/$(database)/documents/call/$(doc)).data.group  in request.auth.token.groups 
+      }
+
+      match /{subitem=**} {
+        allow read, write: if callAuthorized()
+      }
+
     }
 
     match /clusters/{doc=**} {

diff --git a/firebase/prod/firestore.rules b/firebase/prod/firestore.rules
@@ -33,10 +33,19 @@ service cloud.firestore {
       allow read: if authorizedUser()
     }
 
-    match /call/{doc=**} {
+    match /call/{doc} {
       allow read, write: if authorizedUser() 
             // && resource.data.group in get(/databases/$(database)/documents/user/$(request.auth.uid)).data.groups 
-            && resource.data.group in request.auth.token.groups 
+            && resource.data.group in request.auth.token.groups;
+
+      function callAuthorized() {
+        return authorizedUser() && get(/databases/$(database)/documents/call/$(doc)).data.group  in request.auth.token.groups 
+      }
+
+      match /{subitem=**} {
+        allow read, write: if callAuthorized()
+      }
+
     }
 
     match /clusters/{doc=**} {

diff --git a/src/app/admin/adminActions.ts b/src/app/admin/adminActions.ts
@@ -1,13 +1,12 @@
 'use server';
 
-import { uniqueArray } from '../../common/arrayUtils';
 import { UserRecordExtended } from '../../common/users';
 import {
   Firecall,
   FIRECALL_COLLECTION_ID,
   USER_COLLECTION_ID,
 } from '../../components/firebase/firestore';
-import { firebaseAuth, firestore } from '../../server/firebase/admin';
+import { firestore } from '../../server/firebase/admin';
 import { setCustomClaimsForUser } from '../api/users/[uid]/updateUser';
 import { actionAdminRequired } from '../auth';
 

diff --git a/src/app/api/users/[uid]/updateUser.ts b/src/app/api/users/[uid]/updateUser.ts
@@ -1,5 +1,3 @@
-'use server';
-
 import { uniqueArray } from '../../../../common/arrayUtils';
 import { isTruthy } from '../../../../common/boolish';
 import { feuerwehren } from '../../../../common/feuerwehren';

diff --git a/src/app/groups/GroupAction.ts b/src/app/groups/GroupAction.ts
@@ -1,7 +1,6 @@
 'use server';
 
 import { uniqueArray } from '../../common/arrayUtils';
-import { UserRecordExtended } from '../../common/users';
 import {
   GROUP_COLLECTION_ID,
   USER_COLLECTION_ID,
@@ -12,21 +11,7 @@ import {
   setCustomClaimsForUser,
 } from '../api/users/[uid]/updateUser';
 import { actionAdminRequired, actionUserRequired } from '../auth';
-
-export interface Group {
-  id?: string;
-  name: string;
-  description?: string;
-}
-
-async function getGroups(): Promise<Group[]> {
-  const groupDocs = (
-    await firestore.collection(GROUP_COLLECTION_ID).orderBy('name', 'asc').get()
-  ).docs;
-  return groupDocs.map(
-    (g) => ({ ...g.data(), name: g.data().name || '', id: g.id } as Group)
-  );
-}
+import { getGroups, getMyGroups, Group } from './groupHelpers';
 
 export async function getGroupsAction(): Promise<Group[]> {
   await actionUserRequired();
@@ -121,19 +106,6 @@ export async function updateGroupAction(group: Group, assigendUsers: string[]) {
   return groupId;
 }
 
-async function getMyGroups(userId: string): Promise<Group[]> {
-  const allGropus = await getGroups();
-  const myGroupIds =
-    (
-      (
-        await firestore.collection(USER_COLLECTION_ID).doc(userId).get()
-      ).data() as UserRecordExtended
-    ).groups || [];
-  return allGropus
-    .filter((g) => g.id && myGroupIds.includes(g.id))
-    .sort((a, b) => a.name.localeCompare(b.name));
-}
-
 export async function getMyGroupsFromServer(): Promise<Group[]> {
   const userInfo = await actionUserRequired();
 

diff --git a/src/app/groups/GroupDialog.tsx b/src/app/groups/GroupDialog.tsx
@@ -1,20 +1,20 @@
 import Button from '@mui/material/Button';
+import Checkbox from '@mui/material/Checkbox';
 import Dialog from '@mui/material/Dialog';
 import DialogActions from '@mui/material/DialogActions';
 import DialogContent from '@mui/material/DialogContent';
 import DialogContentText from '@mui/material/DialogContentText';
 import DialogTitle from '@mui/material/DialogTitle';
-import Select, { SelectChangeEvent } from '@mui/material/Select';
-import TextField from '@mui/material/TextField';
-import React, { useEffect, useMemo, useState } from 'react';
-import { Group } from './GroupAction';
-import { UserRecordExtended } from '../../common/users';
 import FormControl from '@mui/material/FormControl';
 import InputLabel from '@mui/material/InputLabel';
-import MenuItem from '@mui/material/MenuItem';
-import Checkbox from '@mui/material/Checkbox';
 import ListItemText from '@mui/material/ListItemText';
+import MenuItem from '@mui/material/MenuItem';
 import OutlinedInput from '@mui/material/OutlinedInput';
+import Select, { SelectChangeEvent } from '@mui/material/Select';
+import TextField from '@mui/material/TextField';
+import React, { useEffect, useState } from 'react';
+import { UserRecordExtended } from '../../common/users';
+import { Group } from './groupHelpers';
 
 export interface GroupDialoggOptions {
   onClose: (item?: Group, assigendUsers?: string[]) => void;

diff --git a/src/app/groups/groupHelpers.ts b/src/app/groups/groupHelpers.ts
@@ -0,0 +1,34 @@
+import { UserRecordExtended } from '../../common/users';
+import {
+  GROUP_COLLECTION_ID,
+  USER_COLLECTION_ID,
+} from '../../components/firebase/firestore';
+import { firestore } from '../../server/firebase/admin';
+
+export interface Group {
+  id?: string;
+  name: string;
+  description?: string;
+}
+
+export async function getGroups(): Promise<Group[]> {
+  const groupDocs = (
+    await firestore.collection(GROUP_COLLECTION_ID).orderBy('name', 'asc').get()
+  ).docs;
+  return groupDocs.map(
+    (g) => ({ ...g.data(), name: g.data().name || '', id: g.id } as Group)
+  );
+}
+
+export async function getMyGroups(userId: string): Promise<Group[]> {
+  const allGropus = await getGroups();
+  const myGroupIds =
+    (
+      (
+        await firestore.collection(USER_COLLECTION_ID).doc(userId).get()
+      ).data() as UserRecordExtended
+    ).groups || [];
+  return allGropus
+    .filter((g) => g.id && myGroupIds.includes(g.id))
+    .sort((a, b) => a.name.localeCompare(b.name));
+}
diff --git a/src/app/groups/page.tsx b/src/app/groups/page.tsx
@@ -17,10 +17,10 @@ import { getUsers } from '../users/action';
 import {
   deleteGroupAction,
   getGroupsAction,
-  Group,
   updateGroupAction,
 } from './GroupAction';
 import GroupDialog from './GroupDialog';
+import { Group } from './groupHelpers';
 
 interface UserRowButtonParams {
   row: Group;

diff --git a/src/app/users/page.tsx b/src/app/users/page.tsx
@@ -10,15 +10,13 @@ import IconButton from '@mui/material/IconButton';
 import Tooltip from '@mui/material/Tooltip';
 import Typography from '@mui/material/Typography';
 import { green, red } from '@mui/material/colors';
-import { GridColDef } from '@mui/x-data-grid';
-import React, { useCallback, useEffect, useMemo, useState } from 'react';
-import { feuerwehren } from '../../common/feuerwehren';
+import React, { useCallback, useMemo, useState } from 'react';
 import { UserRecordExtended } from '../../common/users';
 import UserRecordExtendedDialog from '../../components/users/UserDialog';
 import useFirebaseCollection from '../../hooks/useFirebaseCollection';
 import useUpdateUser from '../../hooks/useUpdateUser';
 import useUserList from '../../hooks/useUserList';
-import { Group } from '../groups/GroupAction';
+import { Group } from '../groups/groupHelpers';
 
 interface UserRowButtonParams {
   row: UserRecordExtended;

diff --git a/src/components/FirecallItems/EinsatzDialog.tsx b/src/components/FirecallItems/EinsatzDialog.tsx
@@ -4,23 +4,21 @@ import DialogActions from '@mui/material/DialogActions';
 import DialogContent from '@mui/material/DialogContent';
 import DialogContentText from '@mui/material/DialogContentText';
 import DialogTitle from '@mui/material/DialogTitle';
+import FormControl from '@mui/material/FormControl';
+import InputLabel from '@mui/material/InputLabel';
+import MenuItem from '@mui/material/MenuItem';
+import Select, { SelectChangeEvent } from '@mui/material/Select';
 import TextField from '@mui/material/TextField';
 import { addDoc, collection, doc, setDoc } from 'firebase/firestore';
-import { useCallback, useEffect, useState } from 'react';
+import { useCallback, useState } from 'react';
+import { GeoPositionObject } from '../../common/geo';
+import { parseTimestamp } from '../../common/time-format';
+import { defaultPosition } from '../../hooks/constants';
 import useFirebaseLogin from '../../hooks/useFirebaseLogin';
 import { useFirecallSelect } from '../../hooks/useFirecall';
-import { defaultPosition } from '../../hooks/constants';
 import { firestore } from '../firebase/firebase';
 import { Firecall, FIRECALL_COLLECTION_ID } from '../firebase/firestore';
 import MyDateTimePicker from '../inputs/DateTimePicker';
-import moment from 'moment';
-import { GeoPositionObject } from '../../common/geo';
-import { parseTimestamp } from '../../common/time-format';
-import FormControl from '@mui/material/FormControl';
-import InputLabel from '@mui/material/InputLabel';
-import Select, { SelectChangeEvent } from '@mui/material/Select';
-import MenuItem from '@mui/material/MenuItem';
-import { getMyGroupsFromServer, Group } from '../../app/groups/GroupAction';
 
 export interface EinsatzDialogOptions {
   onClose: (einsatz?: Firecall) => void;

diff --git a/src/components/Map/layers/FirecallItemsLayer.tsx b/src/components/Map/layers/FirecallItemsLayer.tsx
@@ -1,6 +1,7 @@
-import { Suspense, useMemo, useState } from 'react';
+import { where } from 'firebase/firestore';
+import React, { useMemo, useState } from 'react';
 import useFirebaseCollection from '../../../hooks/useFirebaseCollection';
-import useFirecall from '../../../hooks/useFirecall';
+import { useFirecallId } from '../../../hooks/useFirecall';
 import {
   filterDisplayableItems,
   FIRECALL_COLLECTION_ID,
@@ -9,8 +10,6 @@ import {
 } from '../../firebase/firestore';
 import { getItemInstance } from '../../FirecallItems/elements';
 import ItemOverlay from '../../FirecallItems/ItemOverlay';
-import React from 'react';
-import { where } from 'firebase/firestore';
 
 export interface FirecallLayerOptions {
   layer?: FirecallLayer;
@@ -29,7 +28,7 @@ function renderMarker(
 }
 
 export default function FirecallItemsLayer({ layer }: FirecallLayerOptions) {
-  const firecall = useFirecall();
+  const firecallId = useFirecallId();
   const [firecallItem, setFirecallItem] = useState<FirecallItem>();
   const queryConstraints = useMemo(
     () => (layer?.id ? [where('layer', '==', layer.id)] : []),
@@ -47,7 +46,7 @@ export default function FirecallItemsLayer({ layer }: FirecallLayerOptions) {
   const records = useFirebaseCollection<FirecallItem>({
     collectionName: FIRECALL_COLLECTION_ID,
     queryConstraints,
-    pathSegments: [firecall?.id || 'unknown', 'item'],
+    pathSegments: [firecallId, 'item'],
     filterFn,
   });
 

diff --git a/src/components/Map/layers/UnwetterAction.ts b/src/components/Map/layers/UnwetterAction.ts
@@ -111,7 +111,7 @@ const fetchUWD = async (sheetId: string, range: string) => {
   return markers;
 };
 
-export const fetchUnwetterCachedData = unstable_cache(
+const fetchUnwetterCachedData = unstable_cache(
   async (sheetId: string, range: string) => fetchUWD(sheetId, range),
   ['unwetter-sheet-data'],
   { revalidate: 10 }