From f6f8f7f5a63b744435fcc6af01308811317bdb7a Mon Sep 17 00:00:00 2001
From: monsieurswag <mael.joumier@intuitem.com>
Date: Tue, 9 Apr 2024 02:09:52 +0200
Subject: [PATCH 1/4] Remove the user list from the navigation sidebar for
 non-admin users

---
 .../src/lib/components/SideBar/SideBarNavigation.svelte   | 8 ++++++++
 frontend/src/lib/components/SideBar/navData.ts            | 3 ++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/frontend/src/lib/components/SideBar/SideBarNavigation.svelte b/frontend/src/lib/components/SideBar/SideBarNavigation.svelte
index 06890c727..b6ace36fc 100644
--- a/frontend/src/lib/components/SideBar/SideBarNavigation.svelte
+++ b/frontend/src/lib/components/SideBar/SideBarNavigation.svelte
@@ -25,11 +25,19 @@
 	// }
 
 	const user = $page.data.user;
+	const user_groups = new Set(user.user_groups.map(user_group => user_group[0]));
 
 	const items = navData.items
 		.map((item) => {
 			// Check and filter the sub-items based on user permissions
 			const filteredSubItems = item.items.filter((subItem) => {
+				if (subItem.user_groups) {
+					if (!subItem.user_groups.some(
+						user_group => user_groups.has(user_group)
+					)) {
+						return false;
+					}
+				}
 				if (subItem.permissions) {
 					return subItem.permissions.some((permission) =>
 						Object.hasOwn(user.permissions, permission)
diff --git a/frontend/src/lib/components/SideBar/navData.ts b/frontend/src/lib/components/SideBar/navData.ts
index c2e25b686..b5587a67d 100644
--- a/frontend/src/lib/components/SideBar/navData.ts
+++ b/frontend/src/lib/components/SideBar/navData.ts
@@ -137,7 +137,8 @@ export const navData = {
 				{
 					name: 'users',
 					fa_icon: 'fa-solid fa-user',
-					href: '/users'
+					href: '/users',
+					user_groups: ["Global - Administrator"]
 				},
 				{
 					name: 'userGroups',

From ce049bd68ebb36f85cf22e9ad30672bbb973d04e Mon Sep 17 00:00:00 2001
From: monsieurswag <mael.joumier@intuitem.com>
Date: Thu, 11 Apr 2024 07:05:51 +0200
Subject: [PATCH 2/4] The non admin users can no longer access the user list of
 the application

---
 backend/core/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/core/views.py b/backend/core/views.py
index b53230040..32dd97f80 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -832,6 +832,8 @@ class UserViewSet(BaseModelViewSet):
     search_fields = ["email", "first_name", "last_name"]
 
     def get_queryset(self):
+        if not self.request.user.is_admin() :
+            return User.objects.none()
         # TODO: Implement a proper filter for the queryset
         return User.objects.all()
 

From 52e25d42d41bec3378fbefa47dbbaf9a1728acb6 Mon Sep 17 00:00:00 2001
From: monsieurswag <mael.joumier@intuitem.com>
Date: Thu, 11 Apr 2024 08:23:24 +0200
Subject: [PATCH 3/4] Remove the user group list from the navigation sidebar
 for non-admin users

---
 frontend/src/lib/components/SideBar/navData.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/frontend/src/lib/components/SideBar/navData.ts b/frontend/src/lib/components/SideBar/navData.ts
index b5587a67d..ad804d0e6 100644
--- a/frontend/src/lib/components/SideBar/navData.ts
+++ b/frontend/src/lib/components/SideBar/navData.ts
@@ -143,7 +143,8 @@ export const navData = {
 				{
 					name: 'userGroups',
 					fa_icon: 'fa-solid fa-users',
-					href: '/user-groups'
+					href: '/user-groups',
+					user_groups: ["Global - Administrator"]
 				},
 				{
 					name: 'roleAssignments',

From 71661dfe79f9cc6fd7e345e92fb7be4668861cca Mon Sep 17 00:00:00 2001
From: monsieurswag <mael.joumier@intuitem.com>
Date: Thu, 11 Apr 2024 08:52:29 +0200
Subject: [PATCH 4/4] Display a 403 error page when a non-admin user try to
 access the user list view or the user-groups list view

---
 frontend/src/lib/components/SideBar/navData.ts   |  7 +++++++
 .../(app)/[model=urlmodel]/+layout.server.ts     | 16 ++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/frontend/src/lib/components/SideBar/navData.ts b/frontend/src/lib/components/SideBar/navData.ts
index ad804d0e6..59bb8510c 100644
--- a/frontend/src/lib/components/SideBar/navData.ts
+++ b/frontend/src/lib/components/SideBar/navData.ts
@@ -190,3 +190,10 @@ export const navData = {
 		}
 	]
 };
+
+export const modelNavData = navData.items.reduce((acc, navMenu) => {
+	return [...acc,...navMenu.items];
+}, []).reduce((acc, item) => {
+	acc[item.href.substring(1)] = item;
+	return acc;
+}, {});
diff --git a/frontend/src/routes/(app)/[model=urlmodel]/+layout.server.ts b/frontend/src/routes/(app)/[model=urlmodel]/+layout.server.ts
index 7cd8313c2..998bc9829 100644
--- a/frontend/src/routes/(app)/[model=urlmodel]/+layout.server.ts
+++ b/frontend/src/routes/(app)/[model=urlmodel]/+layout.server.ts
@@ -1,12 +1,24 @@
 import { BASE_API_URL } from '$lib/utils/constants';
 import { listViewFields } from '$lib/utils/table';
 import { tableSourceMapper, type TableSource } from '@skeletonlabs/skeleton';
-
+import { modelNavData } from '$lib/components/SideBar/navData';
+import { error } from '@sveltejs/kit';
 import { CUSTOM_MODEL_FETCH_MAP } from '$lib/utils/crud';
 import type { urlModel } from '$lib/utils/types';
 import type { LayoutServerLoad } from './$types';
 
-export const load = (async ({ fetch, params }) => {
+export const load = (async ({ fetch, params, locals }) => {
+	const modelData = modelNavData[params.model];
+
+	if (locals.user && modelData.user_groups) {
+		const user_groups = new Set(locals.user.user_groups.map(user_group => user_group[0]));
+		if (!modelData.user_groups.some(
+			user_group => user_groups.has(user_group)
+		)) {
+			return error(403, "You are not allowed to access this page.");
+		}
+	}
+
 	let data = null;
 	if (Object.prototype.hasOwnProperty.call(CUSTOM_MODEL_FETCH_MAP, params.model)) {
 		const fetch_function = CUSTOM_MODEL_FETCH_MAP[params.model];