From 4119713acea53167d776424cb19c0c8c35ee9609 Mon Sep 17 00:00:00 2001 From: Matt Gibson Date: Wed, 28 Jul 2021 11:40:01 -0500 Subject: [PATCH] Validate permissions before API calls (#1098) Manage users is required to list provider users. If this permission is missing the event is listed as done by the provider name --- .../organizations/manage/events.component.ts | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/src/app/organizations/manage/events.component.ts b/src/app/organizations/manage/events.component.ts index 2d81b9e5f47..d428c5e1a26 100644 --- a/src/app/organizations/manage/events.component.ts +++ b/src/app/organizations/manage/events.component.ts @@ -59,12 +59,19 @@ export class EventsComponent extends BaseEventsComponent implements OnInit { this.orgUsersUserIdMap.set(u.userId, { name: name, email: u.email }); }); - if (this.organization.providerId != null && (await this.userService.getProvider(this.organization.providerId)) != null) { - const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId); - providerUsersResponse.data.forEach(u => { - const name = this.userNamePipe.transform(u); - this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email }); - }); + if (this.organization.providerId != null) { + try { + const provider = await this.userService.getProvider(this.organization.providerId); + if (provider != null && (await this.userService.getProvider(this.organization.providerId)).canManageUsers) { + const providerUsersResponse = await this.apiService.getProviderUsers(this.organization.providerId); + providerUsersResponse.data.forEach(u => { + const name = this.userNamePipe.transform(u); + this.orgUsersUserIdMap.set(u.userId, { name: `${name} (${this.organization.providerName})`, email: u.email }); + }); + } + } catch (e) { + this.logService.warning(e); + } } await this.loadEvents(true);