From 993afca3936fb0f8cc73d1e5baf23a8a593be079 Mon Sep 17 00:00:00 2001
From: lakikowolfe <loren.wolfe@sagebase.org>
Date: Thu, 21 Mar 2024 16:38:35 -0700
Subject: [PATCH] restrict administration tab

---
 R/app_server.R | 34 +++++++++++++++++++++-------------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/R/app_server.R b/R/app_server.R
index a11c95b..33d66f4 100644
--- a/R/app_server.R
+++ b/R/app_server.R
@@ -30,15 +30,18 @@ app_server <- function( input, output, session ) {
     httr::authenticate(app$key, app$secret, type = "basic"),
     config = list()
     )
-  # Stop the code if anything other than 2XX status code is returned
   
+  # Stop the code if anything other than 2XX status code is returned
   httr::stop_for_status(req, task = "get an access token")
   token_response <- httr::content(req, type = NULL)
   access_token <- token_response$access_token
   
   session$userData$access_token <- access_token
   
+  # hide things
+  # sidebar
   shinyjs::hide(selector = ".sidebar-menu")
+  shinyjs::hide(selector = "a[data-value='tab_administrator']")
   
   # SET UP REACTIVE VALUES  ###################################################
   
@@ -89,28 +92,33 @@ app_server <- function( input, output, session ) {
       color="#424874"
     )
 
-    # show sidebar tabs
+    # show sidebar menu
     shinyjs::show(selector = ".sidebar-menu")
     
-    # update reactiveVals
-    selected_dcc_config_list$synapse_asset_view(
-      mod_select_dcc_out()$selected_dcc_config$dcc$synapse_asset_view
-    )
-    selected_dcc_config_list$manifest_dataset_id(
-      mod_select_dcc_out()$selected_dcc_config$dcc$manifest_dataset_id
-    )
-    selected_dcc_config_list$schema_url(
-      mod_select_dcc_out()$selected_dcc_config$dcc$data_model_url
+    # check user's access
+    # show admin tab if user has ADMIN access to data flow manifest
+    manifest_admin_perm <- dfamodules::synapse_access(
+      id = selected_dcc_config()$dcc$manifest_dataset_id,
+      access = "CHANGE_PERMISSIONS",
+      auth = access_token
     )
     
+    print(manifest_admin_perm)
+    
+    if (isTRUE(manifest_admin_perm)) {
+      shinyjs::show(selector = "a[data-value='tab_administrator']")
+    } else {
+      shinyjs::hide(selector = "a[data-value='tab_administrator']")
+    }
+    
     # Check that user has appropriate permissions to use DFA
     # User must have DOWNLOAD access to the DFA manifest.
-    manifest_perm <- dfamodules::synapse_access(
+    manifest_download_perm <- dfamodules::synapse_access(
       id = selected_dcc_config()$dcc$manifest_dataset_id,
       access = "DOWNLOAD",
       auth = access_token
     )
-    if (!isTRUE(manifest_perm)) {
+    if (!isTRUE(manifest_download_perm)) {
       shinypop::nx_report_error(
         title = "Permission error",
         message = tagList(