Hide the edit/add buttons for fields the user can't update

Currently the /registrar-settings backend endpoint will fail to update any
OWNER fields that a non-OWNER tries to change.

However, the front-end (soy, js) still allow non-OWNERs to try and change
these fields (there's the "edit" or "add" button, and it only fails when you try to "save")

This CL changes the front-end to remove the ability for non-OWNERs to even try
and change these fields. However, it will still let them *view* these fields as
it has interesting and important information.

-------------------------------

In addition - it changes the webdriver tests to include the "edit buttons". Those were never tested before, and now we will test to see if they are indeed displayed or not.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=223845883
This commit is contained in:
guyben 2018-12-03 12:51:37 -08:00 committed by jianglai
parent f980a25b32
commit a3a60075a0
19 changed files with 118 additions and 74 deletions

View file

@ -102,27 +102,25 @@
/** Appbar add/back, edit/cancel appbar. */
{template .appbarButtons}
<div id="reg-app-buttons" class="{css('kd-buttonbar')} {css('left')}">
<button id="reg-app-btn-add"
<button id="reg-app-btn-add"
type="button"
class="{css('kd-button')} {css('kd-button-submit')} {css('hidden')}">
Add</button>
<div id="reg-app-btns-edit" class="{css('hidden')}">
<button id="reg-app-btn-edit"
type="button"
class="{css('kd-button')} {css('kd-button-submit')} {css('hidden')}">
Add</button>
<div id="reg-app-btns-edit" class="{css('hidden')}">
<button id="reg-app-btn-edit"
type="button"
class="{css('kd-button')} {css('kd-button-submit')}">
Edit</button>
<button id="reg-app-btn-back" type="button" class="{css('kd-button')}">
Back</button>
</div>
<div id="reg-app-btns-save" class="{css('hidden')}">
<button id="reg-app-btn-save"
type="button"
class="{css('kd-button')} {css('kd-button-submit')}">
Save</button>
<button id="reg-app-btn-cancel" type="button" class="{css('kd-button')}">
Cancel</button>
</div>
class="{css('kd-button')} {css('kd-button-submit')}">
Edit</button>
<button id="reg-app-btn-back" type="button" class="{css('kd-button')}">
Back</button>
</div>
<div id="reg-app-btns-save" class="{css('hidden')}">
<button id="reg-app-btn-save"
type="button"
class="{css('kd-button')} {css('kd-button-submit')}">
Save</button>
<button id="reg-app-btn-cancel" type="button" class="{css('kd-button')}">
Cancel</button>
</div>
{/template}

View file

@ -18,14 +18,9 @@
/** Registrar admin settings page for view and edit. */
{template .settings}
{@param clientId: string}
{@param allowedTlds: list<string>}
{@param readonly: bool}
<form name="item" class="{css('item')} {css('registrar')}">
<h1>Administrator settings for {$clientId}</h1>
{if $readonly}
<p>Use the 'Edit' button above to switch to enable editing the information below.
{/if}
<h1>Administrator settings</h1>
<table>
<tr class="{css('kd-settings-pane-section')}">
<td>

View file

@ -25,6 +25,7 @@
{@param clientId: string} /** Registrar client identifier. */
{@param allClientIds: list<string>} /** All registrar client identifiers for the user. */
{@param isAdmin: bool}
{@param isOwner: bool}
{@param username: string} /** Arbitrary username to display. */
{@param logoutUrl: string} /** Generated URL for logging out of Google. */
{@param productName: string} /** Name to display for this software product. */
@ -40,7 +41,17 @@
{/call}
{call registry.soy.console.googlebar data="all" /}
<div id="reg-app">
<div id="reg-appbar" class="{css('kd-appbar')}"></div>
<div id="reg-appbar" class="{css('kd-appbar')}">
<div class="{css('kd-description')}">
Accessing <span class="{css('kd-value')}">{$clientId}</span> as{sp}
{if $isOwner}<span class="{css('kd-value')}">Owner</span>{/if}
{if $isAdmin}<span class="{css('kd-value')}">Admin</span>{/if}
{if length($allClientIds) > 1}
{sp}(Switch registrar: {call .clientIdSelect_ data="all" /})
{/if}
</div>
<div id="reg-app-buttons" class="{css('kd-buttonbar')} {css('left')}"></div>
</div>
{call .navbar_ data="all" /}
<div id="reg-content-and-footer">
<div id="reg-content">
@ -65,6 +76,7 @@
registry.registrar.main({$xsrfToken},
{$clientId},
{if $isAdmin}true{else}false{/if},
{if $isOwner}true{else}false{/if},
{$productName},
{$integrationEmail},
{$supportEmail},
@ -78,22 +90,9 @@
/** Sidebar nav. Ids on each elt for testing only. */
{template .navbar_ visibility="private"}
{@param clientId: string} /** Registrar client identifier. */
{@param allClientIds: list<string>}
{@param isAdmin: bool}
<div id="reg-nav" class="{css('kd-content-sidebar')}">
<form>
<select name="clientId"
id="select-client-id"
class="{css('kd-button')} {css('kd-button-submit')}"
onchange='this.form.submit()'>
<option value="">[auto select]</option>
{for $id in $allClientIds}
<option value="{$id}" {if $id == $clientId}selected{/if}>{$id}</option>
{/for}
</select>
</form>
<ul id="reg-navlist">
<li>
<a href="#">Home</a>
@ -120,6 +119,24 @@
{/template}
/** Drop-down selection for the clientId. */
{template .clientIdSelect_}
{@param clientId: string} /** Registrar client identifier. */
{@param allClientIds: list<string>}
<form>
<select name="clientId"
id="select-client-id"
class="{css('kd-button')} {css('kd-button-submit')}"
onchange='this.form.submit()'>
<option value="">[auto select]</option>
{for $id in $allClientIds}
<option value="{$id}" {if $id == $clientId}selected{/if}>{$id}</option>
{/for}
</select>
</form>
{/template}
/**
* Feature disabled
*/

View file

@ -25,9 +25,6 @@
{@param readonly: bool}
<form name="item" class="{css('item')} {css('registrar')}">
<h1>Security settings</h1>
{if $readonly}
<p>Use the 'Edit' button above to switch to enable editing the information below.
{/if}
<table>
<tr class="{css('kd-settings-pane-section')}">
<td>