From 8b6f59b0f082531fea2e71e38890493cc38aaed5 Mon Sep 17 00:00:00 2001
From: alex <alex@roese.dev>
Date: Sun, 25 Jun 2023 16:15:29 +0200
Subject: [PATCH] user can only change roles and delete users with roles below
 his role

---
 src/Pages/AllUsers/index.js | 128 ++++++++++++++++++++----------------
 1 file changed, 71 insertions(+), 57 deletions(-)

diff --git a/src/Pages/AllUsers/index.js b/src/Pages/AllUsers/index.js
index b06fd87..f53e829 100644
--- a/src/Pages/AllUsers/index.js
+++ b/src/Pages/AllUsers/index.js
@@ -73,74 +73,88 @@ export default function AllUsers() {
             {hasPermission(
               webSocketContext.User.Permissions,
               Constants.PERMISSIONS.ALL_USERS.ACTION.CHANGE_ROLE
-            ) && (
-              <Popconfirm
-                title="Change role to"
-                okText="Change"
-                onConfirm={() => onRoleChangeConfirm(record.key)}
-                okButtonProps={{
-                  disabled:
-                    selectedRoleId ===
-                    webSocketContext.AllUsers.find(
-                      (user) => user.Id === record.key
-                    ).RoleId,
-                }}
-                description={
-                  <Select
-                    style={{ width: 250 }}
-                    getPopupContainer={(node) => node.parentNode}
-                    defaultValue={
-                      webSocketContext.AllUsers.find(
-                        (user) => user.Id === record.key
-                      ).RoleId
-                    }
-                    value={selectedRoleId}
-                    onChange={(e) => setSelectedRoleId(e)}
-                  >
-                    {webSocketContext.AllRoles.map((role) => (
-                      <Select.Option key={role.Id}>
-                        {role.DisplayName}
-                      </Select.Option>
-                    ))}
-                  </Select>
-                }
-              >
-                <Link
-                  to="#"
-                  onClick={() => {
-                    setSelectedRoleId(
-                      webSocketContext.AllUsers.find(
-                        (user) => user.Id === record.key
-                      ).RoleId
-                    );
-                  }}
-                >
-                  Change role
-                </Link>
-              </Popconfirm>
-            )}
-
-            {console.log(
-              webSocketContext.User.RoleId,
-              webSocketContext.AllRoles.find(
+            ) &&
+              (webSocketContext.AllRoles.find(
                 (role) => role.Id === webSocketContext.User.RoleId
-              ).SortingOrder,
+              ).SortingOrder <
+                webSocketContext.AllRoles.find(
+                  (role) => role.Id === record._roleId
+                ).SortingOrder ||
+                webSocketContext.AllRoles.find(
+                  (role) => role.Id === webSocketContext.User.RoleId
+                ).Master) && (
+                <Popconfirm
+                  title="Change role to"
+                  okText="Change"
+                  onConfirm={() => onRoleChangeConfirm(record.key)}
+                  okButtonProps={{
+                    disabled:
+                      selectedRoleId ===
+                      webSocketContext.AllUsers.find(
+                        (user) => user.Id === record.key
+                      ).RoleId,
+                  }}
+                  description={
+                    <Select
+                      style={{ width: 250 }}
+                      getPopupContainer={(node) => node.parentNode}
+                      defaultValue={
+                        webSocketContext.AllUsers.find(
+                          (user) => user.Id === record.key
+                        ).RoleId
+                      }
+                      value={selectedRoleId}
+                      onChange={(e) => setSelectedRoleId(e)}
+                    >
+                      {webSocketContext.AllRoles.map((role) => {
+                        if (
+                          webSocketContext.AllRoles.find(
+                            (role) => role.Id === webSocketContext.User.RoleId
+                          ).Master ||
+                          webSocketContext.AllRoles.find(
+                            (role) => role.Id === webSocketContext.User.RoleId
+                          ).SortingOrder < role.SortingOrder
+                        ) {
+                          return (
+                            <Select.Option key={role.Id}>
+                              {role.DisplayName}
+                            </Select.Option>
+                          );
+                        }
 
-              webSocketContext.AllRoles.find(
-                (role) => role.Id === record._roleId
-              ).SortingOrder
-            )}
+                        return null;
+                      })}
+                    </Select>
+                  }
+                >
+                  <Link
+                    to="#"
+                    onClick={() => {
+                      setSelectedRoleId(
+                        webSocketContext.AllUsers.find(
+                          (user) => user.Id === record.key
+                        ).RoleId
+                      );
+                    }}
+                  >
+                    Change role
+                  </Link>
+                </Popconfirm>
+              )}
 
             {hasPermission(
               webSocketContext.User.Permissions,
               Constants.PERMISSIONS.ALL_USERS.ACTION.DELETE_USER
             ) &&
-              webSocketContext.AllRoles.find(
+              (webSocketContext.AllRoles.find(
                 (role) => role.Id === webSocketContext.User.RoleId
               ).SortingOrder <
                 webSocketContext.AllRoles.find(
                   (role) => role.Id === record._roleId
-                ).SortingOrder && (
+                ).SortingOrder ||
+                webSocketContext.AllRoles.find(
+                  (role) => role.Id === webSocketContext.User.RoleId
+                ).Master) && (
                 <Popconfirm
                   placement="top"
                   okText="Delete user"