Improve checks for API user permissions

2025-04-28 05:26:47 +00:00 · 2022-06-03 20:42:25 +10:00 · 2022-06-03 20:42:25 +10:00 · 21e7a976ee
commit 21e7a976ee
parent c8fa6bd992
3 changed files with 11 additions and 3 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -60,6 +60,7 @@ jobs:
          invoke import-fixtures
          invoke server -a 127.0.0.1:12345 &
          invoke wait
          sleep 30
      - name: Unit Tests
        run: |
          flutter test --coverage
--- a/lib/api.dart
+++ b/lib/api.dart
@ -497,7 +497,7 @@ class InvenTreeAPI {
  /*
   * Request the user roles (permissions) from the InvenTree server
   */
-  Future<void> getUserRoles() async {
+  Future<bool> getUserRoles() async {
    roles.clear();
@ -511,7 +511,7 @@ class InvenTreeAPI {
    final response = await get(_URL_GET_ROLES, expectedStatusCode: 200);
    if (!response.successful()) {
-      return;
+      return false;
    }
    var data = response.asMap();
@ -519,6 +519,10 @@ class InvenTreeAPI {
    if (data.containsKey("roles")) {
      // Save a local copy of the user roles
      roles = (response.data["roles"] ?? {}) as Map<String, dynamic>;
      return true;
    } else {
      return false;
    }
  }
--- a/test/api_test.dart
+++ b/test/api_test.dart
@ -129,10 +129,13 @@ void main() {
      assert(api.supportsNotifications);
      assert(api.supportsPoReceive);
      // Ensure we can request (and receive) user roles
      assert(await api.getUserRoles());
      // Check available permissions
      assert(api.checkPermission("part", "change"));
      assert(api.checkPermission("stocklocation", "delete"));
-      assert(api.checkPermission("part", "weirdpermission"));
+      assert(!api.checkPermission("part", "weirdpermission"));
      assert(api.checkPermission("blah", "bloo"));
    });