fix: cleanup

i18n/en.pot

@@ -5,8 +5,8 @@ msgstr ""
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
-"POT-Creation-Date: 2024-03-27T09:03:25.496Z\n"
-"PO-Revision-Date: 2024-03-27T09:03:25.496Z\n"
+"POT-Creation-Date: 2024-12-12T11:59:53.609Z\n"
+"PO-Revision-Date: 2024-12-12T11:59:53.610Z\n"
 
 msgid "Yes"
 msgstr "Yes"
@@ -167,12 +167,31 @@ msgstr "Code is already taken"
 msgid "There was a problem whilst checking the availability of this group code"
 msgstr "There was a problem whilst checking the availability of this group code"
 
-msgid "Only show selected metadata authorities"
-msgstr "Only show selected metadata authorities"
+msgid ""
+"You cannot assign this role because you are assigned to this role, and your "
+"system does not allow you to assign roles of which you are a member."
+msgstr ""
+"You cannot assign this role because you are assigned to this role, and your "
+"system does not allow you to assign roles of which you are a member."
+
+msgid "You cannot assign this role because it has authorities that you do not have."
+msgstr "You cannot assign this role because it has authorities that you do not have."
+
+msgid "There are no legacy or nonstandard authorities assigned to this user role."
+msgstr "There are no legacy or nonstandard authorities assigned to this user role."
+
+msgid "Remove"
+msgstr "Remove"
 
 msgid "Authority"
 msgstr "Authority"
 
+msgid "Remove authority"
+msgstr "Remove authority"
+
+msgid "Only show selected metadata authorities"
+msgstr "Only show selected metadata authorities"
+
 msgid "Add/Update Public"
 msgstr "Add/Update Public"
 
@@ -233,6 +252,16 @@ msgstr "Available system authorities"
 msgid "Selected system authorities"
 msgstr "Selected system authorities"
 
+msgid "Legacy and nonstandard authorities"
+msgstr "Legacy and nonstandard authorities"
+
+msgid ""
+"Authorities not recognized as standard authorities. These authorities may "
+"be legacy authorities if you have upgraded versions."
+msgstr ""
+"Authorities not recognized as standard authorities. These authorities may "
+"be legacy authorities if you have upgraded versions."
+
 msgid "All (Full authority)"
 msgstr "All (Full authority)"
 
@@ -574,6 +603,9 @@ msgstr "Available user roles"
 msgid "User roles this user is assigned"
 msgstr "User roles this user is assigned"
 
+msgid "You do not have permission to assign certain user roles"
+msgstr "You do not have permission to assign certain user roles"
+
 msgid "User groups this user is a member of"
 msgstr "User groups this user is a member of"
 
@@ -980,6 +1012,12 @@ msgstr "Last login"
 msgid "Status"
 msgstr "Status"
 
+msgid "Verified"
+msgstr "Verified"
+
+msgid "Not verified"
+msgstr "Not verified"
+
 msgid "Disabled"
 msgstr "Disabled"
 
@@ -1042,3 +1080,6 @@ msgstr "Interests"
 
 msgid "Birthday"
 msgstr "Birthday"
+
+msgid "Could not load system information."
+msgstr "Could not load system information."

package.json

@@ -18,9 +18,9 @@
         "cypress:live": "start-server-and-test 'yarn start:nobrowser' http://localhost:3000 'yarn cypress open --env networkMode=live'"
     },
     "dependencies": {
-        "@dhis2/app-runtime": "^3.9.0",
-        "@dhis2/d2-i18n": "^1.1.0",
-        "@dhis2/ui": "^8.12.1",
+        "@dhis2/app-runtime": "^3.12.0",
+        "@dhis2/d2-i18n": "^1.1.3",
+        "@dhis2/ui": "9.15.0",
         "classnames": "^2.3.1",
         "lodash-es": "^4.17.21",
         "memoize-one": "^6.0.0",
@@ -34,7 +34,7 @@
     "devDependencies": {
         "@badeball/cypress-cucumber-preprocessor": "^20.0.7",
         "@cypress/webpack-preprocessor": "^6.0.2",
-        "@dhis2/cli-app-scripts": "^10.3.1",
+        "@dhis2/cli-app-scripts": "^11.7.5",
         "@dhis2/cli-style": "^10.4.1",
         "@dhis2/cypress-commands": "10.0.6",
         "@dhis2/cypress-plugins": "10.0.6",

src/AppWrapper.js

@@ -4,13 +4,15 @@ import { CssVariables } from '@dhis2/ui'
 import React from 'react'
 import App from './App.js'
 import { CurrentUserProvider } from './components/CurrentUserProvider.js'
-import { ReferrerProvider } from './providers/index.js'
+import { ReferrerProvider, SystemProvider } from './providers/index.js'
 
 const AppWrapper = () => (
     <CurrentUserProvider>
         <ReferrerProvider>
-            <CssVariables spacers colors theme />
-            <App />
+            <SystemProvider>
+                <CssVariables spacers colors theme />
+                <App />
+            </SystemProvider>
         </ReferrerProvider>
     </CurrentUserProvider>
 )

src/components/CurrentUserProvider.js

@@ -135,6 +135,7 @@ const CurrentUserProvider = ({ children }) => {
             AUTH_LOOKUP.ROLE_CREATE.has(auth)
         ),
         refresh: refetch,
+        hasAllAuthority: data.me.authorities.includes('ALL'),
     }
 
     return (

src/components/RoleForm/AssignmentRestrictionsWarning.js

@@ -0,0 +1,96 @@
+import i18n from '@dhis2/d2-i18n'
+import { IconChevronDown24, IconChevronUp24, NoticeBox } from '@dhis2/ui'
+import PropTypes from 'prop-types'
+import React, { useState } from 'react'
+import { useSystemInformation } from '../../providers/index.js'
+import styles from './AssignmentRestrictionsWarning.module.css'
+
+export const AssignmentRestrictionWarning = ({
+    currentUser,
+    roleId,
+    roleAuthorities,
+}) => {
+    const [detailsExpanded, setDetailsExpanded] = useState(false)
+
+    // check if user is able to assign this role if they are a member
+    const {
+        userRoleIds,
+        authorities: userAuthorities,
+        hasAllAuthority,
+    } = currentUser
+    const { usersCanAssignOwnUserRoles, authorityIdToNameMap } =
+        useSystemInformation()
+    const cannotAssignThisRole =
+        !hasAllAuthority &&
+        !usersCanAssignOwnUserRoles &&
+        userRoleIds.includes(roleId)
+
+    // check if role has authorities that user does not have
+    const authoritiesUserDoesNotHave = hasAllAuthority
+        ? []
+        : roleAuthorities.filter(
+              (roleAuth) => !userAuthorities.includes(roleAuth)
+          )
+
+    if (!cannotAssignThisRole && authoritiesUserDoesNotHave.length === 0) {
+        return null
+    }
+
+    return (
+        <NoticeBox className={styles.noticeBox}>
+            {cannotAssignThisRole && (
+                <div>
+                    {i18n.t(
+                        'You cannot assign this role because you are assigned to this role, and your system does not allow you to assign roles of which you are a member.'
+                    )}
+                </div>
+            )}
+            {authoritiesUserDoesNotHave?.length > 0 && (
+                <div>
+                    <div className={styles.missingRolesMessage}>
+                        <span>
+                            {i18n.t(
+                                'You cannot assign this role because it has authorities that you do not have.'
+                            )}
+                        </span>
+                        <div
+                            onClick={() => {
+                                setDetailsExpanded((prev) => !prev)
+                            }}
+                        >
+                            {detailsExpanded ? (
+                                <IconChevronUp24 />
+                            ) : (
+                                <IconChevronDown24 />
+                            )}
+                        </div>
+                    </div>
+
+                    {detailsExpanded && (
+                        <ul>
+                            {authoritiesUserDoesNotHave
+                                .sort((a, b) =>
+                                    (
+                                        authorityIdToNameMap.get(a) ?? a
+                                    ).localeCompare(
+                                        authorityIdToNameMap.get(b) ?? b
+                                    )
+                                )
+                                .map((auth) => (
+                                    <li key={auth.id}>
+                                        {authorityIdToNameMap.get(auth) ?? auth}
+                                    </li>
+                                ))}
+                        </ul>
+                    )}
+                </div>
+            )}
+        </NoticeBox>
+    )
+}
+
+AssignmentRestrictionWarning.propTypes = {
+    roleId: PropTypes.string.isRequired,
+    currentUser: PropTypes.object,
+    roleAuthorities: PropTypes.arrayOf(PropTypes.string),
+}

src/components/RoleForm/AssignmentRestrictionsWarning.module.css

@@ -0,0 +1,13 @@
+.noticeBox {
+    max-width: 700px;
+    margin-bottom: var(--spacers-dp16);
+}
+
+.noticeBox > div {
+    margin-block-end: var(--spacers-dp8);
+}
+
+.missingRolesMessage {
+    display: flex;
+    align-items: center;
+}