diff --git a/app/frontend/src/components/forms/manage/ManageLayout.vue b/app/frontend/src/components/forms/manage/ManageLayout.vue index 63fabee11..779b4e2f0 100644 --- a/app/frontend/src/components/forms/manage/ManageLayout.vue +++ b/app/frontend/src/components/forms/manage/ManageLayout.vue @@ -5,10 +5,11 @@ import { useI18n } from 'vue-i18n'; import ManageForm from '~/components/forms/manage/ManageForm.vue'; import ManageFormActions from '~/components/forms/manage/ManageFormActions.vue'; +import { useNotificationStore } from '~/store/notification'; import { useFormStore } from '~/store/form'; import { FormPermissions } from '~/utils/constants'; -const { locale } = useI18n({ useScope: 'global' }); +const { locale, t } = useI18n({ useScope: 'global' }); const properties = defineProps({ f: { @@ -19,6 +20,8 @@ const properties = defineProps({ const loading = ref(true); +const notificationStore = useNotificationStore(); + const { form, permissions, isRTL } = storeToRefs(useFormStore()); onMounted(async () => { @@ -26,10 +29,15 @@ onMounted(async () => { const formStore = useFormStore(); - await Promise.all([ - formStore.fetchForm(properties.f), - formStore.getFormPermissionsForUser(properties.f), - ]); + await formStore.fetchForm(properties.f); + + if (formStore.form.versions) { + await formStore.getFormPermissionsForUser(properties.f); + } else { + notificationStore.addNotification({ + text: t('trans.baseSecure.401UnAuthorizedErrMsg'), + }); + } if (permissions.value.includes(FormPermissions.DESIGN_READ)) await formStore.fetchDrafts(properties.f); diff --git a/app/src/forms/form/controller.js b/app/src/forms/form/controller.js index 9c3bd5b1b..fd64a6b92 100644 --- a/app/src/forms/form/controller.js +++ b/app/src/forms/form/controller.js @@ -112,7 +112,7 @@ module.exports = { }, readForm: async (req, res, next) => { try { - const response = await service.readForm(req.params.formId, req.query); + const response = await service.readForm(req.params.formId, req.query, req.currentUser); res.status(200).json(response); } catch (error) { next(error); diff --git a/app/src/forms/form/service.js b/app/src/forms/form/service.js index b611ecc50..069cf474c 100644 --- a/app/src/forms/form/service.js +++ b/app/src/forms/form/service.js @@ -3,6 +3,7 @@ const { ref } = require('objection'); const uuid = require('uuid'); const { EmailTypes, ScheduleType } = require('../common/constants'); const eventService = require('../event/eventService'); +const authService = require('../auth/service'); const moment = require('moment'); const { DocumentTemplate, @@ -380,16 +381,30 @@ const service = { } }, - readForm: (formId, params = {}) => { + readForm: async (formId, params = {}, currentUser = null) => { params = queryUtils.defaultActiveOnly(params); - return Form.query() + + let hasPermissionsForVersions = true; + // Making an assumption that user is turned away before this if it's protected and they're not logged in + if (currentUser !== null && currentUser !== undefined) { + const forms = await authService.getUserForms(currentUser, { + ...params, + active: true, + formId: formId, + }); + hasPermissionsForVersions = forms.some((f) => f.permissions.includes(Permissions.DESIGN_CREATE)); + } + + const query = Form.query() .findById(formId) .modify('filterActive', params.active) .allowGraph('[formMetadata,identityProviders,versions]') .withGraphFetched('formMetadata') - .withGraphFetched('identityProviders(orderDefault)') - .withGraphFetched('versions(selectWithoutSchema, orderVersionDescending)') - .throwIfNotFound(); + .withGraphFetched('identityProviders(orderDefault)'); + if (hasPermissionsForVersions) { + query.withGraphFetched('versions(selectWithoutSchema, orderVersionDescending)'); + } + return query.throwIfNotFound(); }, readFormOptions: (formId, params = {}) => {