Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix: add org level permissions to new org #707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rofe wants to merge 5 commits into
base: main
Choose a base branch
from
+68 −2
Open

fix: add org level permissions to new org #707

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
670c130
fix: add org level permissions to new org
rofe Dec 18, 2025
85fd82b
feat: auto submit form if org and site are provided (#708)
kptdobe Dec 18, 2025
b464cb0
fix: add org level permissions to new org
rofe Dec 19, 2025
059b58f
chore: pr feedback
rofe Dec 19, 2025
d814263
Merge branch 'main' into i415
rofe Dec 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 68 additions & 2 deletions blocks/start/start.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,39 @@ const AEM_TEMPLATES = [
},
];

const ORG_CONFIG = {
data: {
total: 2,
limit: 2,
offset: 0,
data: [{ key: '', value: '' }],
':colWidths': [169, 169],
},
permissions: {
total: 2,
limit: 2,
offset: 0,
data: [
{
path: 'CONFIG',
groups: '$EMAIL$',
actions: 'write',
comments: 'The ability to set configurations for an org.',
},
{
path: '/ + **',
groups: '$EMAIL$',
actions: 'write',
comments: 'The ability to create content.',
},
],
':colWidths': [169, 169, 169, 300],
},
':names': ['data', 'permissions'],
':version': 3,
':type': 'multi-sheet',
};

class DaStart extends LitElement {
static properties = {
activeStep: { state: true },
Expand Down Expand Up @@ -140,9 +173,41 @@ class DaStart extends LitElement {

async submitForm(e) {
e.preventDefault();

// Check if user is signed in
if (!window.adobeIMS?.isSignedInUser()) {
this._errorText = 'You need to sign in first.';
return;
}

this._loading = true;
const opts = { method: 'PUT' };
const resp = await daFetch(e.target.action, opts);

// Check if this is a new org and add org-level permissions
const orgUrl = e.target.action.substring(0, e.target.action.lastIndexOf('/'));
const orgCheckResp = await daFetch(orgUrl);
if (orgCheckResp.status === 404) {
// Check if user has an email address
const { email } = await window.adobeIMS.getProfile();
if (!email) {
this._errorText = 'Make sure your profile contains an email address.';
return;
}

const orgConfigJson = JSON.stringify(ORG_CONFIG).replace('$EMAIL$', email);
const body = new FormData([['config', orgConfigJson]]);

const orgResp = await daFetch(orgUrl, { method: 'PUT', body });
if (!orgResp.ok) {
if (orgResp.status === 401 || orgResp.status === 403) {
Copy link
Contributor

@kptdobe kptdobe Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this really happen ?

Copy link
Contributor Author

@rofe rofe Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought it prudent to check for... unless we fully trust the window.adobeIMS.isSignedInUser() above?

Copy link
Contributor

@kptdobe kptdobe Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was more thinking on the api side. If you have a token, the config api should let you in. At least for the moment...

Copy link
Contributor Author

@rofe rofe Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the org already exists with different permissions?

Copy link
Member

@auniverseaway auniverseaway Dec 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's technically possible to get 401, but we gate /start to require sign in...

<meta name="signin" content="on">

If you were ever to put this block on another page (drafts), and don't set the meta prop, 401 would actually hit in daFetch and punt you to sign in and also preempt you from getting 401 here.

So it's not likely, but if we ever wanted defer all 401s to the UI view using daFetch, this would for sure hit in the future.

this._errorText = 'You are not authorized to create this org. Check your permissions.';
} else {
this._errorText = 'The org could not be created. Check the console logs or contact an administrator.';
}
return;
}
}

const resp = await daFetch(e.target.action, { method: 'PUT' });
this._loading = false;
if (!resp.ok) {
if (resp.status === 401 || resp.status === 403) {
Expand All @@ -152,6 +217,7 @@ class DaStart extends LitElement {
}
return;
}

this.goToNextStep(e);
}

Expand Down
Loading