Merge pull request #146 from tupuio/140-protect-pages

feat: add auth property to restrict pages based on role and published…

Author: maranta1

components/AuthChecker/AuthChecker.js

@@ -0,0 +1,27 @@
+import { useSession } from "next-auth/react"
+import { ADMIN_ROLE } from "../../constants"
+
+export const ACCESS_DENIED_MESSAGE = 'Access denied'
+
+function AuthChecker({ children, authObject }) {
+    const { data: session } = useSession()
+
+    // if the user does not have a session deny access
+    if (!session) {
+        return <div>Access denied</div>
+    }
+
+    // if page requires the user to be published and the user is not published deny access
+    if (authObject?.publishedOnly && !session?.user?.published) {
+        return <div>Access denied</div>
+    }
+
+    // if the page requires the user to have a certain role and the user does not have the role deny access
+    if (authObject?.roles && !authObject.roles.some(item => session?.user?.roles?.includes(item)) && !authObject.roles.includes(ADMIN_ROLE)) {
+        return <div data-testid>{ACCESS_DENIED_MESSAGE}</div>
+    }
+
+    return children
+}
+
+export default AuthChecker

components/AuthChecker/AuthChecker.test.js

@@ -0,0 +1,95 @@
+import { render, screen } from "@testing-library/react";
+import '@testing-library/jest-dom'
+import AuthChecker, { ACCESS_DENIED_MESSAGE } from "./AuthChecker";
+import { SessionProvider } from "next-auth/react";
+import { MENTEE_ROLE } from "../../constants";
+
+const mockSessionObject = {
+    "user": {
+        "name": "test user",
+        "email": "test@gmail.com",
+        "published": true,
+        "roles": ["mentor"]
+    },
+    "expires": "2200-08-07T15:44:00.045Z"
+}
+
+const AUTHCHECKER_CHILD_TEST_ID = 'authchecker-child'
+
+function renderComponent(authObject = {}, sessionObject = mockSessionObject, ChildComponent) {
+    return render(
+        <SessionProvider session={sessionObject}>
+            <AuthChecker authObject={authObject}>
+                <div data-testid={AUTHCHECKER_CHILD_TEST_ID}>Test</div>
+            </AuthChecker>
+        </SessionProvider>
+    )
+}
+
+describe('AuthChecker', () => {
+    test('should render children if there is no auth object on the component instance', () => {
+        renderComponent()
+
+        expect(screen.getByTestId(AUTHCHECKER_CHILD_TEST_ID)).toBeInTheDocument()
+    })
+
+    describe('published only components', () => {
+        test('should render children if the user is published', () => {
+            const publishedSessionObject = {
+                ...mockSessionObject,
+                user: {
+                    ...mockSessionObject.user,
+                    published: true
+                }
+            }
+
+            renderComponent({ publishedOnly: true }, publishedSessionObject)
+
+            expect(screen.queryByTestId(AUTHCHECKER_CHILD_TEST_ID)).toBeInTheDocument()
+        })
+
+        test('should not render children if the user is not published', () => {
+
+            const notPublishedSessionObject = {
+                ...mockSessionObject,
+                user: {
+                    ...mockSessionObject.user,
+                    published: false
+                }
+            }
+
+            renderComponent({ publishedOnly: true }, notPublishedSessionObject)
+
+            expect(screen.queryByTestId(AUTHCHECKER_CHILD_TEST_ID)).not.toBeInTheDocument()
+
+            expect(screen.queryByText(ACCESS_DENIED_MESSAGE)).toBeInTheDocument()
+        })
+    })
+
+    describe('mentee only components', () => {
+        test('should render children if the user has the mentee role', () => {
+            const menteeSessionObject = {
+                ...mockSessionObject,
+                user: {
+                    ...mockSessionObject.user,
+                    roles: [MENTEE_ROLE]
+                }
+            }
+
+            renderComponent({ roles: [MENTEE_ROLE] }, menteeSessionObject)
+
+            expect(screen.queryByTestId(AUTHCHECKER_CHILD_TEST_ID)).toBeInTheDocument()
+        })
+
+        test('should not render children if the user does not have the mentee role', () => {
+
+            renderComponent({ roles: [MENTEE_ROLE] }, null)
+
+            expect(screen.queryByTestId(AUTHCHECKER_CHILD_TEST_ID)).not.toBeInTheDocument()
+
+            expect(screen.queryByText(ACCESS_DENIED_MESSAGE)).toBeInTheDocument()
+        })
+    })
+
+
+})

components/Sidebar/MobileNav.js

@@ -5,23 +5,17 @@ import { Box, Flex, HStack, Text, VStack } from "@chakra-ui/layout";
 import {
   Menu,
   MenuButton,
-  MenuDivider,
   MenuItem,
   MenuList,
 } from "@chakra-ui/menu";
 import { FiChevronDown, FiMenu } from "react-icons/fi";
 import { signOut } from "next-auth/react";
 import { useRouter } from 'next/router'
 
-const MobileNav = ({ session, onOpen, mode, setMode, ...rest }) => {
+const MobileNav = ({ session, onOpen, ...rest }) => {
   const name = session?.user?.name;
   const router = useRouter();
 
-  const toggleMode = () => {
-    setMode(mode === "mentor" ? "mentee" : "mentor");
-    router.push('/');
-  };
-
   return (
     <Flex
       ml={{ base: 0, md: 60 }}
@@ -69,9 +63,6 @@ const MobileNav = ({ session, onOpen, mode, setMode, ...rest }) => {
                   ml="2"
                 >
                   <Text fontSize="sm">{name}</Text>
-                  <Text fontSize="xs" color="gray.600">
-                    {mode === "mentor" ? "Mentor" : "Mentee"}
-                  </Text>
                 </VStack>
                 <Box display={{ base: "none", md: "flex" }}>
                   <FiChevronDown />
@@ -82,10 +73,6 @@ const MobileNav = ({ session, onOpen, mode, setMode, ...rest }) => {
               bg={useColorModeValue("white", "gray.900")}
               borderColor={useColorModeValue("gray.200", "gray.700")}
             >
-              <MenuItem onClick={toggleMode}>
-                Switch to {mode === "mentor" ? "Mentee" : "Mentor"} view
-              </MenuItem>
-              <MenuDivider />
               <MenuItem onClick={() => signOut()}>Sign out</MenuItem>
             </MenuList>
           </Menu>

components/Sidebar/SidebarContent.js

@@ -14,6 +14,9 @@ import {
 } from "react-icons/fi";
 import useSWR from "swr";
 import NavItem from "./NavItem";
+import { useSession } from "next-auth/react";
+import { doesUserHaveRole } from "../../utils/session";
+import { MENTOR_ROLE, MENTEE_ROLE } from "../../constants";
 
 const fetcher = (...args) => fetch(...args).then((res) => res.json());
 
@@ -27,9 +30,13 @@ const SidebarContent = ({ onClose, mode, ...rest }) => {
   const requestsCount = requestsData?.count || 0;
   const applicationsCount = applicationsData?.count || 0;
   const menteesCount = menteesData?.count || 0;
-  const MentorLinkItems = [
+  const { data: session } = useSession()
+
+  const GeneralLinkItems = [
     { name: "Your profile", icon: FiUser, href: "/profile" },
-    { name: "Preferences", icon: FiSliders, href: "/preferences" },
+  ]
+
+  const MentorLinkItems = [
     {
       name: "Requests",
       icon: FiInbox,
@@ -40,8 +47,8 @@ const SidebarContent = ({ onClose, mode, ...rest }) => {
   ];
 
   const MenteeLinkItems = [
-    { name: "Your profile", icon: FiUser, href: "/profile" },
     { name: "Find a mentor", icon: FiSearch, href: "/mentors" },
+    { name: "Preferences", icon: FiSliders, href: "/preferences" },
     { name: "Applications", icon: FiInbox, href: "/applications", tag: () => applicationsCount, },
     { name: "Mentorships", icon: FiUsers, href: "/mentorships", tag: () => mentorshipsCount, },
   ];
@@ -56,6 +63,12 @@ const SidebarContent = ({ onClose, mode, ...rest }) => {
     links = mode === "mentor" ? MentorLinkItems : MenteeLinkItems;
   }
 
+
+  // TODO: handle admins
+  const shouldRenderMentorLinks = profileData?.published && doesUserHaveRole(session, MENTOR_ROLE)
+
+  const shouldRenderMenteeLinks = profileData?.published && doesUserHaveRole(session, MENTEE_ROLE)
+
   return (
     <Box
       transition="3s ease"
@@ -77,7 +90,75 @@ const SidebarContent = ({ onClose, mode, ...rest }) => {
           onClick={onClose}
         />
       </Flex>
-      <Flex h="14" alignItems="center" mx="8" justifyContent="space-between">
+      <Box mt={50}>
+        {GeneralLinkItems.map((link) => (
+          <NavItem
+            key={link.name}
+            icon={link.icon}
+            href={link.href}
+            bg={mode === "mentor" ? "brand.blue" : "brand.green"}
+          >
+            {link.name}
+            {link.tag && link.tag() > 0 && (
+              <Tag size="sm" colorScheme="teal" ml={2}>
+                {link.tag()}
+              </Tag>
+            )}
+          </NavItem>
+        ))}
+      </Box>
+      {shouldRenderMentorLinks &&
+        <>
+          <Flex h="14" alignItems="center" mx="8" justifyContent="space-between">
+            <Text textColor="white" fontSize="xl" fontWeight="normal">
+              Mentor
+            </Text>
+          </Flex>
+          <Box>
+            {MentorLinkItems.map((link) => (
+              <NavItem
+                key={link.name}
+                icon={link.icon}
+                href={link.href}
+                bg={mode === "mentor" ? "brand.blue" : "brand.green"}
+              >
+                {link.name}
+                {link.tag && link.tag() > 0 && (
+                  <Tag size="sm" colorScheme="teal" ml={2}>
+                    {link.tag()}
+                  </Tag>
+                )}
+              </NavItem>
+            ))}
+          </Box>
+        </>
+      }
+      {shouldRenderMenteeLinks &&
+        <>
+          <Flex h="14" alignItems="center" mx="8" justifyContent="space-between">
+            <Text textColor="white" fontSize="xl" fontWeight="normal">
+              Mentee
+            </Text>
+          </Flex>
+          <Box>
+            {MenteeLinkItems.map((link) => (
+              <NavItem
+                key={link.name}
+                icon={link.icon}
+                href={link.href}
+                bg={mode === "mentor" ? "brand.blue" : "brand.green"}
+              >
+                {link.name}
+                {link.tag && link.tag() > 0 && (
+                  <Tag size="sm" colorScheme="teal" ml={2}>
+                    {link.tag()}
+                  </Tag>
+                )}
+              </NavItem>
+            ))}
+          </Box>
+        </>}
+      {/* <Flex h="14" alignItems="center" mx="8" justifyContent="space-between">
         <Text textColor="white" fontSize="2xl" fontWeight="normal">
           {mode}
         </Text>
@@ -104,7 +185,7 @@ const SidebarContent = ({ onClose, mode, ...rest }) => {
             tupu.io <ExternalLinkIcon mx="2px" />
           </Link>
         </NavItem>
-      </Box>
+      </Box> */}
     </Box>
   );
 };

components/Sidebar/index.js

@@ -7,7 +7,7 @@ import SigninPass from "../auth/SigninPass";
 import MobileNav from "./MobileNav";
 import SidebarContent from "./SidebarContent";
 
-export default function SidebarWithHeader({ mode, setMode, children }) {
+export default function SidebarWithHeader({ children }) {
   const { data: session } = useSession();
   const { isOpen, onOpen, onClose } = useDisclosure();
   const router = useRouter();
@@ -22,13 +22,11 @@ export default function SidebarWithHeader({ mode, setMode, children }) {
     return <SigninPass />;
   }
 
-  console.log(session);
 
   return (
     <Box minH="100vh" bg="gray.100">
       <SidebarContent
         onClose={() => onClose}
-        mode={mode}
         display={{ base: "none", md: "block" }}
       />
       <Drawer
@@ -41,14 +39,12 @@ export default function SidebarWithHeader({ mode, setMode, children }) {
         size="full"
       >
         <DrawerContent>
-          <SidebarContent mode={mode} onClose={onClose} />
+          <SidebarContent onClose={onClose} />
         </DrawerContent>
       </Drawer>
       <MobileNav
         session={session}
         onOpen={onOpen}
-        mode={mode}
-        setMode={setMode}
       />
       <Box ml={{ base: 0, md: 60 }} p="4">
         {children}

constants/index.js

@@ -1 +1,2 @@
-export * from './api-constants'
+export * from './api-constants'
+export * from './roles-constants'

constants/roles-constants.js

@@ -0,0 +1,4 @@
+export const ADMIN_ROLE = 'admin'
+export const MENTOR_ROLE = 'mentor'
+export const MENTEE_ROLE = 'mentee'
+export const TEST_ROLE = 'test'