Controls for Internal Only sharing

Toggle for folder/file 'internal only' setting
'internal' annotation added

Author: TimCsaky

frontend/src/assets/main.scss

@@ -271,6 +271,21 @@ div:focus-visible {
   }
 }
 
+.p-tag-info {
+  background-color: rgb(224, 242, 254);
+  outline-style: solid;
+  outline-color: $bcbox-primary;
+  outline-width: thin;
+
+  .p-tag-value {
+    color: $bcbox-primary;
+  }
+
+  .p-tag-icon {
+    color: $bcbox-primary
+  }
+}
+
 /* datatable */
 .p-datatable,
 .p-treetable {

frontend/src/components/bucket/BucketIdpToggle.vue

@@ -0,0 +1,138 @@
+<script setup lang="ts">
+import { computed, onMounted, ref, watch } from 'vue';
+
+import { InputSwitch, useConfirm, useToast } from '@/lib/primevue';
+import { usePermissionStore } from '@/store';
+import { Permissions } from '@/utils/constants';
+
+import type { Ref } from 'vue';
+
+// Props
+type Props = {
+  bucketId: string;
+  bucketName: string;
+  bucketPublic: boolean;
+  userId: string;
+};
+
+const props = withDefaults(defineProps<Props>(), {});
+
+// Store
+const permissionStore = usePermissionStore();
+
+// State
+const isInternal: Ref<boolean> = ref(false);
+const fetchBucketInternal = async (): Promise<boolean> => {
+  const bucketIdpPermissions = await permissionStore.fetchBucketIdpPermissions({
+    bucketId: props.bucketId,
+    permCode: 'READ',
+    idp: 'idir'
+  });
+  const hasPerms = (bucketIdpPermissions?.length ?? 0) > 0;
+
+  return hasPerms || props.bucketPublic;
+};
+
+// check bucket for the IDP permission
+const isBucketInternal: Ref<boolean> = ref(false);
+const isParentBucketInternal: Ref<boolean> = ref(false);
+const fetchParentBucketInternal = async (): Promise<boolean> => {
+  const bucketIdpPermissions = await permissionStore.fetchBucketIdpPermissions({
+    bucketId: props.bucketId,
+    permCode: 'READ',
+    idp: 'idir'
+  });
+  return (bucketIdpPermissions?.length ?? 0) > 0;
+};
+
+const isToggleEnabled = computed(() => {
+  return (
+    !isBucketInternal.value &&
+    !props.bucketPublic &&
+    usePermissionStore().isUserElevatedRights() &&
+    permissionStore.isBucketActionAllowed(props.bucketId, props.userId, Permissions.MANAGE)
+  );
+});
+
+// Actions
+const toast = useToast();
+const confirm = useConfirm();
+
+const toggleIdp = async (value: boolean) => {
+  if (value) {
+    confirm.require({
+      message: "Setting this file to 'Internal only' will allow all IDIR users " + 'to view and download it.',
+      header: 'Set file to Internal only?',
+      acceptLabel: 'Set to Internal only',
+      rejectLabel: 'Cancel',
+      accept: () => {
+        permissionStore
+          .addBucketIdpPermission(props.bucketId, 'idir', 'READ')
+          .then(() => {
+            isInternal.value = true;
+            toast.success('File set to Internal only', `"${props.bucketName}" is now Internal only`);
+          })
+          .catch((e) => toast.error('Setting file to Internal only failed', e.response?.data.detail, { life: 0 }));
+      },
+      reject: () => (isInternal.value = false),
+      onHide: () => (isInternal.value = false)
+    });
+  } else
+    confirm.require({
+      message:
+        "Setting this file to private will remove 'Internal only' access. " +
+        'Only users with permissions will be able to view or download the file.',
+      header: 'Set file to private?',
+      acceptLabel: 'Set to private',
+      rejectLabel: 'Cancel',
+      accept: () => {
+        permissionStore
+          .deleteBucketIdpPermission(props.bucketId, 'idir', 'READ')
+          .then(() => {
+            isInternal.value = false;
+            toast.success('File set to private', `"${props.bucketName}" is no longer 'Internal only'`);
+          })
+          .catch((e) => toast.error('Setting file to private failed', e.response?.data.detail, { life: 0 }));
+      },
+      reject: () => (isInternal.value = true),
+      onHide: () => (isInternal.value = true)
+    });
+};
+
+onMounted(async () => {
+  isInternal.value = await fetchBucketInternal();
+  isParentBucketInternal.value = await fetchParentBucketInternal();
+});
+
+watch(props, () => {
+  if (props.bucketPublic === true) isInternal.value = true;
+  else {
+    const perms = permissionStore.getBucketIdpPermissions.filter(
+      (p: any) => p.permCode === Permissions.READ && p.bucketId === props.bucketId && p.idp === 'idir'
+    );
+    if (perms.length > 0) isInternal.value = true;
+    else {
+      isInternal.value = false;
+    }
+  }
+});
+</script>
+
+<template>
+  <span
+    v-tooltip="
+      isToggleEnabled
+        ? ''
+        : props.bucketPublic
+          ? 'Enabled by Public Sharing'
+          : 'Change the folder\'s \'Internal only\' setting to update this file'
+    "
+  >
+    <InputSwitch
+      :model-value="isInternal"
+      aria-label="Toggle to make file Internl only"
+      :disabled="!isToggleEnabled"
+      @update:model-value="toggleIdp($event)"
+    />
+  </span>
+</template>

frontend/src/components/bucket/BucketPermission.vue

@@ -3,7 +3,7 @@ import { storeToRefs } from 'pinia';
 import { computed, onBeforeMount, ref } from 'vue';
 import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
 
-import BucketPublicToggle from '@/components/bucket/BucketPublicToggle.vue';
+import { BucketPublicToggle, BucketIdpToggle } from '@/components/bucket';
 import BucketPermissionAddUser from '@/components/bucket/BucketPermissionAddUser.vue';
 import { BulkPermission } from '@/components/common';
 import { useAlert } from '@/composables/useAlert';
@@ -82,16 +82,15 @@ onBeforeMount(async () => {
 <template>
   <TabView>
     <TabPanel header="Manage permissions">
+      <h3>Sharing Access</h3>
       <!-- public toggle -->
       <div class="flex pb-3">
         <div class="flex-grow-1">
           <div class="pb-1">
-            <h3>Set to public</h3>
+            <h4>Set to public</h4>
             <p>
-              Making a folder
-              <strong>public</strong>
-              means that all files within it, including those in any subfolders, can be accessed by anyone without
-              requiring authentication.
+              Enabling this shares all files and subfolders. Anyone with the link can view the content without signing
+              in.
             </p>
           </div>
         </div>
@@ -104,6 +103,21 @@ onBeforeMount(async () => {
           :user-id="getUserId"
         />
       </div>
+
+      <div class="flex flex-row pb-3">
+        <div class="flex-grow-1">
+          <h4 class="pb-1">Internl only</h4>
+          <p>Allow all IDIR users to view this flder and its content</p>
+        </div>
+        <BucketIdpToggle
+          v-if="bucket && getUserId"
+          :bucket-id="bucket.bucketId"
+          :bucket-name="bucket.bucketName"
+          :bucket-public="bucket.public"
+          :user-id="getUserId"
+        />
+      </div>
+
       <h3>User Permissions</h3>
       <!-- user search -->
       <div v-if="!showSearchUsers">

frontend/src/components/bucket/index.ts

@@ -3,6 +3,8 @@ export { default as BucketConfigForm } from './BucketConfigForm.vue';
 export { default as BucketList } from './BucketList.vue';
 export { default as BucketPermission } from './BucketPermission.vue';
 export { default as BucketPermissionAddUser } from './BucketPermissionAddUser.vue';
+export { default as BucketPublicToggle } from './BucketPublicToggle.vue';
+export { default as BucketIdpToggle } from './BucketIdpToggle.vue';
 export { default as BucketSidebar } from './BucketSidebar.vue';
 export { default as BucketTable } from './BucketTable.vue';
 export { default as BucketTableBucketName } from './BucketTableBucketName.vue';

frontend/src/components/object/ObjectFileDetails.vue

@@ -65,6 +65,8 @@ const object: Ref<COMSObject | undefined> = ref(undefined);
 const bucketId: Ref<string> = ref('');
 const permissionsVisible: Ref<boolean> = ref(false);
 
+const isInternal = computed(() => permissionStore.getInternal(object.value));
+
 // version stuff
 const bucketVersioningEnabled = computed(() => getIsVersioningEnabled.value(props.objectId));
 const currentVersionId: Ref<string | undefined> = ref(props.versionId);
@@ -170,6 +172,17 @@ onMounted(async () => {
               rounded
               icon="pi pi-info-circle"
             />
+            <Tag
+              v-else-if="isInternal"
+              v-tooltip="
+                'This folder and its contents can be read by anyone internal to government. ' +
+                'Change the settings in &quot;Folder permissions.&quot;'
+              "
+              value="Internal"
+              severity="info"
+              rounded
+              icon="pi pi-info-circle"
+            />
           </span>
         </div>
 

frontend/src/components/object/ObjectIdpToggle.vue

@@ -0,0 +1,125 @@
+<script setup lang="ts">
+import { computed, onMounted } from 'vue';
+
+import { InputSwitch, useConfirm, useToast } from '@/lib/primevue';
+import { useBucketStore, usePermissionStore } from '@/store';
+import { Permissions } from '@/utils/constants';
+
+import type { Ref } from 'vue';
+
+// Props
+type Props = {
+  bucketId: string;
+  objectId: string;
+  objectName: string;
+  objectPublic: boolean;
+  userId: string;
+};
+
+const props = withDefaults(defineProps<Props>(), {});
+
+// ---- State:
+const permissionStore = usePermissionStore();
+const bucketStore = useBucketStore();
+
+// has object IDP permission
+const isObjectInternal = computed(() => permissionStore.getObjectInternal(props.objectId));
+// has bucket IDP permission
+const isBucketInternal = computed(() => permissionStore.getBucketInternal(props.bucketId));
+// is public
+const isPublic: Ref<boolean> = computed(() => {
+  const bucketIsPublic = bucketStore.getBucket(props.bucketId)?.public ?? false;
+  return bucketIsPublic || props.objectPublic;
+});
+
+// value for toggle
+const switchVal: Ref<boolean> = computed(() => {
+  return isObjectInternal.value || isBucketInternal.value || isPublic.value;
+});
+
+const isToggleEnabled = computed(() => {
+  return (
+    !isBucketInternal.value &&
+    !isPublic.value &&
+    usePermissionStore().isUserElevatedRights() &&
+    permissionStore.isObjectActionAllowed(props.objectId, props.userId, Permissions.MANAGE, props.bucketId as string)
+  );
+});
+
+// Actions
+const toast = useToast();
+const confirm = useConfirm();
+
+const toggleIdp = async (value: boolean) => {
+  if (value) {
+    confirm.require({
+      message: "Setting this file to 'Internal only' will allow all IDIR users " + 'to view and download it.',
+      header: 'Set file to Internal only?',
+      acceptLabel: 'Set to Internal only',
+      rejectLabel: 'Cancel',
+      accept: () => {
+        permissionStore
+          .addObjectIdpPermission(props.objectId, 'idir', 'READ')
+          .then(() => {
+            switchVal.value = true;
+            toast.success('File set to Internal only', `"${props.objectName}" is now Internal only`);
+          })
+          .catch((e) => toast.error('Setting file to Internal only failed', e.response?.data.detail, { life: 0 }));
+      },
+      reject: () => (switchVal.value = false),
+      onHide: () => (switchVal.value = false)
+    });
+  } else
+    confirm.require({
+      message:
+        "Setting this file to private will remove 'Internal only' access. " +
+        'Only users with permissions will be able to view or download the file.',
+      header: 'Set file to private?',
+      acceptLabel: 'Set to private',
+      rejectLabel: 'Cancel',
+      accept: () => {
+        permissionStore
+          .deleteObjectIdpPermission(props.objectId, 'idir', 'READ')
+          .then(() => {
+            switchVal.value = false;
+            toast.success('File set to private', `"${props.objectName}" is no longer 'Internal only'`);
+          })
+          .catch((e) => toast.error('Setting file to private failed', e.response?.data.detail, { life: 0 }));
+      },
+      reject: () => (switchVal.value = true),
+      onHide: () => (switchVal.value = true)
+    });
+};
+
+onMounted(async () => {
+  await permissionStore.fetchObjectIdpPermissions({
+    objectId: props.objectId,
+    permCode: 'READ',
+    idp: 'idir'
+  });
+  await permissionStore.fetchBucketIdpPermissions({
+    bucketId: props.bucketId,
+    permCode: 'READ',
+    idp: 'idir'
+  });
+});
+</script>
+
+<template>
+  <span
+    v-tooltip="
+      isToggleEnabled
+        ? ''
+        : isPublic
+          ? 'Enabled by Public Sharing'
+          : 'Change the folder\'s \'Internal only\' setting to update this file'
+    "
+  >
+    <InputSwitch
+      :model-value="switchVal"
+      aria-label="Toggle to make file Internl only"
+      :disabled="!isToggleEnabled"
+      @update:model-value="toggleIdp($event)"
+    />
+  </span>
+</template>