Controls for Internal Only sharing

Toggle for folder/file 'internal only' setting
'internal' annotation added

Author: TimCsaky

frontend/src/assets/main.scss

@@ -271,6 +271,21 @@ div:focus-visible {
   }
 }
 
+.p-tag-info {
+  background-color: rgb(224, 242, 254);
+  outline-style: solid;
+  outline-color: $bcbox-primary;
+  outline-width: thin;
+
+  .p-tag-value {
+    color: $bcbox-primary;
+  }
+
+  .p-tag-icon {
+    color: $bcbox-primary
+  }
+}
+
 /* datatable */
 .p-datatable,
 .p-treetable {

frontend/src/components/bucket/BucketIdpToggle.vue

@@ -0,0 +1,138 @@
+<script setup lang="ts">
+import { computed, onMounted, ref, watch } from 'vue';
+
+import { InputSwitch, useConfirm, useToast } from '@/lib/primevue';
+import { usePermissionStore } from '@/store';
+import { Permissions } from '@/utils/constants';
+
+import type { Ref } from 'vue';
+
+// Props
+type Props = {
+  bucketId: string;
+  bucketName: string;
+  bucketPublic: boolean;
+  userId: string;
+};
+
+const props = withDefaults(defineProps<Props>(), {});
+
+// Store
+const permissionStore = usePermissionStore();
+
+// State
+const isInternal: Ref<boolean> = ref(false);
+const fetchBucketInternal = async (): Promise<boolean> => {
+  const bucketIdpPermissions = await permissionStore.fetchBucketIdpPermissions({
+    bucketId: props.bucketId,
+    permCode: 'READ',
+    idp: 'idir'
+  });
+  const hasPerms = (bucketIdpPermissions?.length ?? 0) > 0;
+
+  return hasPerms || props.bucketPublic;
+};
+
+// check bucket for the IDP permission
+const isBucketInternal: Ref<boolean> = ref(false);
+const isParentBucketInternal: Ref<boolean> = ref(false);
+const fetchParentBucketInternal = async (): Promise<boolean> => {
+  const bucketIdpPermissions = await permissionStore.fetchBucketIdpPermissions({
+    bucketId: props.bucketId,
+    permCode: 'READ',
+    idp: 'idir'
+  });
+  return (bucketIdpPermissions?.length ?? 0) > 0;
+};
+
+const isToggleEnabled = computed(() => {
+  return (
+    !isBucketInternal.value &&
+    !props.bucketPublic &&
+    usePermissionStore().isUserElevatedRights() &&
+    permissionStore.isBucketActionAllowed(props.bucketId, props.userId, Permissions.MANAGE)
+  );
+});
+
+// Actions
+const toast = useToast();
+const confirm = useConfirm();
+
+const toggleIdp = async (value: boolean) => {
+  if (value) {
+    confirm.require({
+      message: "Setting this file to 'Internal only' will allow all IDIR users " + 'to view and download it.',
+      header: 'Set file to Internal only?',
+      acceptLabel: 'Set to Internal only',
+      rejectLabel: 'Cancel',
+      accept: () => {
+        permissionStore
+          .addBucketIdpPermission(props.bucketId, 'idir', 'READ')
+          .then(() => {
+            isInternal.value = true;
+            toast.success('File set to Internal only', `"${props.bucketName}" is now Internal only`);
+          })
+          .catch((e) => toast.error('Setting file to Internal only failed', e.response?.data.detail, { life: 0 }));
+      },
+      reject: () => (isInternal.value = false),
+      onHide: () => (isInternal.value = false)
+    });
+  } else
+    confirm.require({
+      message:
+        "Setting this file to private will remove 'Internal only' access. " +
+        'Only users with permissions will be able to view or download the file.',
+      header: 'Set file to private?',
+      acceptLabel: 'Set to private',
+      rejectLabel: 'Cancel',
+      accept: () => {
+        permissionStore
+          .deleteBucketIdpPermission(props.bucketId, 'idir', 'READ')
+          .then(() => {
+            isInternal.value = false;
+            toast.success('File set to private', `"${props.bucketName}" is no longer 'Internal only'`);
+          })
+          .catch((e) => toast.error('Setting file to private failed', e.response?.data.detail, { life: 0 }));
+      },
+      reject: () => (isInternal.value = true),
+      onHide: () => (isInternal.value = true)
+    });
+};
+
+onMounted(async () => {
+  isInternal.value = await fetchBucketInternal();
+  isParentBucketInternal.value = await fetchParentBucketInternal();
+});
+
+watch(props, () => {
+  if (props.bucketPublic === true) isInternal.value = true;
+  else {
+    const perms = permissionStore.getBucketIdpPermissions.filter(
+      (p: any) => p.permCode === Permissions.READ && p.bucketId === props.bucketId && p.idp === 'idir'
+    );
+    if (perms.length > 0) isInternal.value = true;
+    else {
+      isInternal.value = false;
+    }
+  }
+});
+</script>
+
+<template>
+  <span
+    v-tooltip="
+      isToggleEnabled
+        ? ''
+        : props.bucketPublic
+          ? 'Enabled by Public Sharing'
+          : 'Change the folder\'s \'Internal only\' setting to update this file'
+    "
+  >
+    <InputSwitch
+      :model-value="isInternal"
+      aria-label="Toggle to make file Internl only"
+      :disabled="!isToggleEnabled"
+      @update:model-value="toggleIdp($event)"
+    />
+  </span>
+</template>

frontend/src/components/bucket/BucketList.vue

@@ -43,7 +43,11 @@ const closeBucketConfig = () => {
 };
 
 onMounted(async () => {
-  await bucketStore.fetchBuckets({ userId: getUserId.value, objectPerms: true });
+  await bucketStore.fetchBuckets({
+    userId: getUserId.value,
+    idp: 'idir',
+    objectPerms: true
+  });
 });
 </script>
 
@@ -103,7 +107,7 @@ onMounted(async () => {
           {{ bucketConfigTitle }}
         </h3>
 
-        <!-- <Message severity="warn">
+        <Message severity="warn">
           If you intend to share files in your bucket with BCeID or BC Services Card users, please notify
           <a href="mailto:IDIM.Consulting@gov.bc.ca">IDIM.Consulting@gov.bc.ca</a>
           that you plan to use BCBox.
@@ -119,7 +123,7 @@ onMounted(async () => {
           </a>
           (Natural Resource ministries) or your ministry's service desk if you need help with &quot;bucket&quot; storage
           location sources.
-        </Message> -->
+        </Message>
 
         <BucketConfigForm
           :bucket="bucketToUpdate"

frontend/src/components/bucket/BucketPermission.vue

@@ -3,7 +3,7 @@ import { storeToRefs } from 'pinia';
 import { computed, onBeforeMount, ref } from 'vue';
 import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
 
-import BucketPublicToggle from '@/components/bucket/BucketPublicToggle.vue';
+import { BucketPublicToggle, BucketIdpToggle } from '@/components/bucket';
 import BucketPermissionAddUser from '@/components/bucket/BucketPermissionAddUser.vue';
 import { BulkPermission } from '@/components/common';
 import { useAlert } from '@/composables/useAlert';
@@ -82,16 +82,15 @@ onBeforeMount(async () => {
 <template>
   <TabView>
     <TabPanel header="Manage permissions">
+      <h3>Sharing Access</h3>
       <!-- public toggle -->
       <div class="flex pb-3">
         <div class="flex-grow-1">
           <div class="pb-1">
-            <h3>Set to public</h3>
+            <h4>Set to public</h4>
             <p>
-              Making a folder
-              <strong>public</strong>
-              means that all files within it, including those in any subfolders, can be accessed by anyone without
-              requiring authentication.
+              Enabling this shares all files and subfolders. Anyone with the link can view the content without signing
+              in.
             </p>
           </div>
         </div>
@@ -104,6 +103,21 @@ onBeforeMount(async () => {
           :user-id="getUserId"
         />
       </div>
+
+      <div class="flex flex-row pb-3">
+        <div class="flex-grow-1">
+          <h4 class="pb-1">Internl only</h4>
+          <p>Allow all IDIR users to view this flder and its content</p>
+        </div>
+        <BucketIdpToggle
+          v-if="bucket && getUserId"
+          :bucket-id="bucket.bucketId"
+          :bucket-name="bucket.bucketName"
+          :bucket-public="bucket.public"
+          :user-id="getUserId"
+        />
+      </div>
+
       <h3>User Permissions</h3>
       <!-- user search -->
       <div v-if="!showSearchUsers">

frontend/src/components/bucket/BucketTable.vue

@@ -58,6 +58,15 @@ const getBucketPublicStatus = computed(() => {
   };
 });
 
+const getInternalStatus = computed(() => {
+  return (node: BucketTreeNode): boolean => {
+    if (node.data.bucketId) {
+      return permissionStore.getBucketInternal(node.data.bucketId);
+    }
+    return false;
+  };
+});
+
 const emit = defineEmits(['show-bucket-config', 'show-sidebar-info']);
 
 // Actions
@@ -337,6 +346,17 @@ watch(getBuckets, () => {
             icon="pi pi-info-circle"
             class="public-folder"
           />
+
+          <Tag
+            v-if="!getBucketPublicStatus(node) && getInternalStatus(node)"
+            v-tooltip="'Contents of this Folder can be read by anyone internal to government.'"
+            value="Internal"
+            severity="info"
+            rounded
+            icon="pi pi-info-circle"
+            class="ml-2 mb-1 min-w-100"
+          />
+
           <BucketChildConfig
             v-if="permissionStore.isBucketActionAllowed(node.data.bucketId, getUserId, Permissions.CREATE)"
             :parent-bucket="node.data"

frontend/src/components/bucket/index.ts

@@ -3,6 +3,8 @@ export { default as BucketConfigForm } from './BucketConfigForm.vue';
 export { default as BucketList } from './BucketList.vue';
 export { default as BucketPermission } from './BucketPermission.vue';
 export { default as BucketPermissionAddUser } from './BucketPermissionAddUser.vue';
+export { default as BucketPublicToggle } from './BucketPublicToggle.vue';
+export { default as BucketIdpToggle } from './BucketIdpToggle.vue';
 export { default as BucketSidebar } from './BucketSidebar.vue';
 export { default as BucketTable } from './BucketTable.vue';
 export { default as BucketTableBucketName } from './BucketTableBucketName.vue';

frontend/src/components/object/ObjectFileDetails.vue

@@ -65,6 +65,8 @@ const object: Ref<COMSObject | undefined> = ref(undefined);
 const bucketId: Ref<string> = ref('');
 const permissionsVisible: Ref<boolean> = ref(false);
 
+const isInternal = computed(() => permissionStore.getInternal(object.value));
+
 // version stuff
 const bucketVersioningEnabled = computed(() => getIsVersioningEnabled.value(props.objectId));
 const currentVersionId: Ref<string | undefined> = ref(props.versionId);
@@ -170,6 +172,17 @@ onMounted(async () => {
               rounded
               icon="pi pi-info-circle"
             />
+            <Tag
+              v-else-if="isInternal"
+              v-tooltip="
+                'This folder and its contents can be read by anyone internal to government. ' +
+                'Change the settings in &quot;Folder permissions.&quot;'
+              "
+              value="Internal"
+              severity="info"
+              rounded
+              icon="pi pi-info-circle"
+            />
           </span>
         </div>