Marmelator/red-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1.4k Wiki Activity

RED-5482: wip permissions

Browse Source
This commit is contained in:
Dan Percic 2022-11-05 19:03:31 +02:00
parent 2a60f2bcf4
commit 074881dae8
6 changed files with 60 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/red-ui/src/app/modules/account/account-routing.module.ts
View File

@ -1,11 +1,12 @@
import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router';
import { CompositeRouteGuard, IqserAuthGuard } from '@iqser/common-ui';
import { RouterModule } from '@angular/router';
import { CompositeRouteGuard, IqserAuthGuard, IqserPermissionsGuard, IqserRoutes } from '@iqser/common-ui';
import { RedRoleGuard } from '@users/red-role.guard';
import { BaseAccountScreenComponent } from './base-account-screen/base-account-screen-component';
import { PreferencesComponent } from './screens/preferences/preferences.component';
import { ROLES } from '@users/roles';
const routes: Routes = [
const routes: IqserRoutes = [
{ path: '', redirectTo: 'user-profile', pathMatch: 'full' },
{
path: 'user-profile',
@ -19,10 +20,13 @@ const routes: Routes = [
{
path: 'notifications',
component: BaseAccountScreenComponent,
canActivate: [CompositeRouteGuard],
canActivate: [CompositeRouteGuard, IqserPermissionsGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
requiredRoles: ['RED_USER'],
permissions: {
allow: [ROLES.notifications.write],
redirectTo: '/',
},
},
loadChildren: () => import('./screens/notifications/notifications.module').then(m => m.NotificationsModule),
},

7
apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts
View File

@ -1,6 +1,7 @@
import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
import { ChangeDetectionStrategy, Component } from '@angular/core';
import { UserService } from '@users/user.service';
import { IqserPermissionsService } from '@iqser/common-ui';
import { ROLES } from '@users/roles';
interface NavItem {
readonly label: string;
@ -22,8 +23,8 @@ export class AccountSideNavComponent {
},
{
screen: 'notifications',
hideIf: !this._permissionsService.has(ROLES.notifications.write),
label: _('notifications.label'),
hideIf: !this._userService.currentUser.isUser,
},
{
screen: 'preferences',
@ -31,5 +32,5 @@ export class AccountSideNavComponent {
},
];
constructor(private readonly _userService: UserService) {}
constructor(private readonly _permissionsService: IqserPermissionsService) {}
}

38
apps/red-ui/src/app/modules/admin/admin-routing.module.ts
View File

@ -171,21 +171,26 @@ const routes: IqserRoutes = [
{
path: 'dossier-permissions',
component: BaseAdminScreenComponent,
canActivate: [CompositeRouteGuard],
canActivate: [CompositeRouteGuard, IqserPermissionsGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard, PermissionsGuard],
requiredRoles: ['RED_ADMIN'],
permissionsObject: 'Dossier',
permissions: {
allow: [ROLES.manageAclPermissions],
redirectTo: '/',
},
},
loadChildren: () => import('./screens/permissions/permissions.module').then(m => m.PermissionsModule),
},
{
path: 'license-info',
component: BaseAdminScreenComponent,
canActivate: [CompositeRouteGuard],
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
requiredRoles: ['RED_ADMIN'],
permissions: {
allow: [ROLES.license.readReport],
redirectTo: '/',
},
},
loadChildren: () => import('./screens/license/license.module').then(m => m.LicenseModule),
},
@ -198,10 +203,12 @@ const routes: IqserRoutes = [
component: DigitalSignatureScreenComponent,
},
],
canActivate: [CompositeRouteGuard],
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
requiredRoles: ['RED_ADMIN'],
permissions: {
allow: [ROLES.digitalSignature.read],
redirectTo: '/',
},
},
},
{
@ -213,10 +220,12 @@ const routes: IqserRoutes = [
component: AuditScreenComponent,
},
],
canActivate: [CompositeRouteGuard],
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
requiredRoles: ['RED_ADMIN'],
permissions: {
allow: [ROLES.searchAudit],
redirectTo: '/',
},
},
},
{
@ -228,11 +237,14 @@ const routes: IqserRoutes = [
component: GeneralConfigScreenComponent,
},
],
canActivate: [CompositeRouteGuard],
canActivate: [CompositeRouteGuard, IqserPermissionsGuard],
canDeactivate: [PendingChangesGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
requiredRoles: ['RED_ADMIN'],
permissions: {
allow: [ROLES.generalConfiguration.read, ROLES.smtp.read],
redirectTo: '/',
},
},
},
];

15
apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts
View File

@ -24,7 +24,6 @@ export class AdminSideNavComponent implements OnInit {
@Input() type: AdminSideNavType;
@Input() disabledItems: string[] = [];
readonly translations = adminSideNavTranslations;
readonly currentUser = this._userService.currentUser;
readonly roles = ROLES;
prefix: string;
@ -33,43 +32,43 @@ export class AdminSideNavComponent implements OnInit {
{
screen: 'dossier-templates',
label: _('admin-side-nav.dossier-templates'),
hideIf: !this._permissionsService.has([ROLES.templates.read]),
hideIf: !this._permissionsService.has(ROLES.templates.read),
helpModeKey: 'dossier_templates',
},
{
screen: 'digital-signature',
label: _('admin-side-nav.digital-signature'),
hideIf: !this.currentUser.isAdmin,
hideIf: !this._permissionsService.has(ROLES.digitalSignature.read),
helpModeKey: 'digital_signature',
},
{
screen: 'license-info',
label: _('admin-side-nav.license-information'),
hideIf: !this.currentUser.isAdmin,
hideIf: !this._permissionsService.has(ROLES.license.readReport),
helpModeKey: 'license_information',
},
{
screen: 'audit',
label: _('admin-side-nav.audit'),
hideIf: !this.currentUser.isAdmin,
hideIf: !this._permissionsService.has(ROLES.searchAudit),
helpModeKey: 'audit',
},
{
screen: 'users',
label: _('admin-side-nav.user-management'),
hideIf: !this.currentUser.isUserAdmin,
hideIf: !this._userService.currentUser.isUserAdmin,
helpModeKey: 'user_management',
},
{
screen: 'dossier-permissions',
label: _('dossier-permissions'),
hideIf: !this.currentUser.isAdmin,
hideIf: !this._permissionsService.has(ROLES.manageAclPermissions),
helpModeKey: 'dossier_permissions',
},
{
screen: 'general-config',
label: _('admin-side-nav.configurations'),
hideIf: !this.currentUser.isAdmin,
hideIf: !this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]),
helpModeKey: 'configurations',
},
],

22
apps/red-ui/src/app/users/roles.ts
View File

@ -10,32 +10,38 @@ export const ROLES = {
RED_EXCLUDE_INCLUDE_PAGES: 'red-exclude-include-pages',
RED_GET_RSS: 'red-get-rss',
RED_GET_TENANTS: 'red-get-tenants',
RED_MANAGE_ACL_PERMISSIONS: 'red-manage-acl-permissions',
RED_MANAGE_USER_PREFERENCES: 'red-manage-user-preferences',
RED_MANAGE_VIEWED_PAGES: 'red-manage-viewed-pages',
RED_PROCESS_DOWNLOAD: 'red-process-download',
RED_PROCESS_MANUAL_REDACTION_REQUEST: 'red-process-manual-redaction-request',
RED_READ_DIGITAL_SIGNATURE: 'red-read-digital-signature',
RED_READ_LICENSE: 'red-read-license',
RED_READ_LICENSE_REPORT: 'red-read-license-report',
RED_READ_MANUAL_REDACTIONS: 'red-read-manual-redactions',
RED_READ_RULES: 'red-read-rules',
RED_READ_SMTP_CONFIGURATION: 'red-read-smtp-configuration',
RED_READ_VERSIONS: 'red-read-versions',
RED_REINDEX: 'red-reindex',
RED_REQUEST_REDACTION: 'red-request-redaction',
RED_ROTATE_PAGE: 'red-rotate-page',
RED_SEARCH_AUDIT_LOG: 'red-search-audit-log',
RED_SET_REVIEWER: 'red-set-reviewer',
RED_SET_STATUS_APPROVED: 'red-set-status-approved',
RED_SET_STATUS_UNDER_APPROVAL: 'red-set-status-under-approval',
RED_UPDATE_MY_PROFILE: 'red-update-my-profile',
RED_WRITE_DIGITAL_SIGNATURE: 'red-write-digital-signature',
RED_WRITE_RULES: 'red-write-rules',
RED_WRITE_SMTP_CONFIGURATION: 'red-write-smtp-configuration',
readDownloadStatus: 'red-read-download-status',
readRedactionLog: 'red-read-redaction-log',
search: 'red-search',
searchAudit: 'red-search-audit-log',
manageAclPermissions: 'red-manage-acl-permissions',
smtp: {
read: 'red-read-smtp-configuration',
write: 'red-write-smtp-configuration',
},
license: {
read: 'red-read-license',
readReport: 'red-read-license-report',
},
digitalSignature: {
read: 'red-read-digital-signature',
write: 'red-write-digital-signature',
},
legalBasis: {
read: 'red-read-legal-basis',
write: 'red-write-legal-basis',

2
apps/red-ui/src/app/users/user.service.ts
View File

@ -48,7 +48,7 @@ export class UserService extends IqserUserService<IIqserUser, User> {
return this._post(null, `${this._defaultModelPath}/profile/activate/${user.userId}`, queryParams);
}
protected readonly _rolesFilter = (role: string) => role.startsWith('RED_');
protected readonly _rolesFilter = (role: string) => role.startsWith('RED_') || role.startsWith('red-');
}
export function getCurrentUser() {