diff --git a/apps/red-ui/src/app/modules/account/account-routing.module.ts b/apps/red-ui/src/app/modules/account/account-routing.module.ts index 2889feb73..2c3c7d4db 100644 --- a/apps/red-ui/src/app/modules/account/account-routing.module.ts +++ b/apps/red-ui/src/app/modules/account/account-routing.module.ts @@ -1,11 +1,12 @@ import { NgModule } from '@angular/core'; -import { RouterModule, Routes } from '@angular/router'; -import { CompositeRouteGuard, IqserAuthGuard } from '@iqser/common-ui'; +import { RouterModule } from '@angular/router'; +import { CompositeRouteGuard, IqserAuthGuard, IqserPermissionsGuard, IqserRoutes } from '@iqser/common-ui'; import { RedRoleGuard } from '@users/red-role.guard'; import { BaseAccountScreenComponent } from './base-account-screen/base-account-screen-component'; import { PreferencesComponent } from './screens/preferences/preferences.component'; +import { ROLES } from '@users/roles'; -const routes: Routes = [ +const routes: IqserRoutes = [ { path: '', redirectTo: 'user-profile', pathMatch: 'full' }, { path: 'user-profile', @@ -19,10 +20,13 @@ const routes: Routes = [ { path: 'notifications', component: BaseAccountScreenComponent, - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard], - requiredRoles: ['RED_USER'], + permissions: { + allow: [ROLES.notifications.write], + redirectTo: '/', + }, }, loadChildren: () => import('./screens/notifications/notifications.module').then(m => m.NotificationsModule), }, diff --git a/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts b/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts index dff976f63..360a7eca9 100644 --- a/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts +++ b/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts @@ -1,6 +1,7 @@ import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker'; import { ChangeDetectionStrategy, Component } from '@angular/core'; -import { UserService } from '@users/user.service'; +import { IqserPermissionsService } from '@iqser/common-ui'; +import { ROLES } from '@users/roles'; interface NavItem { readonly label: string; @@ -22,8 +23,8 @@ export class AccountSideNavComponent { }, { screen: 'notifications', + hideIf: !this._permissionsService.has(ROLES.notifications.write), label: _('notifications.label'), - hideIf: !this._userService.currentUser.isUser, }, { screen: 'preferences', @@ -31,5 +32,5 @@ export class AccountSideNavComponent { }, ]; - constructor(private readonly _userService: UserService) {} + constructor(private readonly _permissionsService: IqserPermissionsService) {} } diff --git a/apps/red-ui/src/app/modules/admin/admin-routing.module.ts b/apps/red-ui/src/app/modules/admin/admin-routing.module.ts index 2aa034638..79053bcd6 100644 --- a/apps/red-ui/src/app/modules/admin/admin-routing.module.ts +++ b/apps/red-ui/src/app/modules/admin/admin-routing.module.ts @@ -171,21 +171,26 @@ const routes: IqserRoutes = [ { path: 'dossier-permissions', component: BaseAdminScreenComponent, - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard, PermissionsGuard], - requiredRoles: ['RED_ADMIN'], permissionsObject: 'Dossier', + permissions: { + allow: [ROLES.manageAclPermissions], + redirectTo: '/', + }, }, loadChildren: () => import('./screens/permissions/permissions.module').then(m => m.PermissionsModule), }, { path: 'license-info', component: BaseAdminScreenComponent, - canActivate: [CompositeRouteGuard], + canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard], data: { - routeGuards: [IqserAuthGuard, RedRoleGuard], - requiredRoles: ['RED_ADMIN'], + permissions: { + allow: [ROLES.license.readReport], + redirectTo: '/', + }, }, loadChildren: () => import('./screens/license/license.module').then(m => m.LicenseModule), }, @@ -198,10 +203,12 @@ const routes: IqserRoutes = [ component: DigitalSignatureScreenComponent, }, ], - canActivate: [CompositeRouteGuard], + canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard], data: { - routeGuards: [IqserAuthGuard, RedRoleGuard], - requiredRoles: ['RED_ADMIN'], + permissions: { + allow: [ROLES.digitalSignature.read], + redirectTo: '/', + }, }, }, { @@ -213,10 +220,12 @@ const routes: IqserRoutes = [ component: AuditScreenComponent, }, ], - canActivate: [CompositeRouteGuard], + canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard], data: { - routeGuards: [IqserAuthGuard, RedRoleGuard], - requiredRoles: ['RED_ADMIN'], + permissions: { + allow: [ROLES.searchAudit], + redirectTo: '/', + }, }, }, { @@ -228,11 +237,14 @@ const routes: IqserRoutes = [ component: GeneralConfigScreenComponent, }, ], - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], canDeactivate: [PendingChangesGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard], - requiredRoles: ['RED_ADMIN'], + permissions: { + allow: [ROLES.generalConfiguration.read, ROLES.smtp.read], + redirectTo: '/', + }, }, }, ]; diff --git a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts index e48aa54bb..abd6ffbf9 100644 --- a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts +++ b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts @@ -24,7 +24,6 @@ export class AdminSideNavComponent implements OnInit { @Input() type: AdminSideNavType; @Input() disabledItems: string[] = []; readonly translations = adminSideNavTranslations; - readonly currentUser = this._userService.currentUser; readonly roles = ROLES; prefix: string; @@ -33,43 +32,43 @@ export class AdminSideNavComponent implements OnInit { { screen: 'dossier-templates', label: _('admin-side-nav.dossier-templates'), - hideIf: !this._permissionsService.has([ROLES.templates.read]), + hideIf: !this._permissionsService.has(ROLES.templates.read), helpModeKey: 'dossier_templates', }, { screen: 'digital-signature', label: _('admin-side-nav.digital-signature'), - hideIf: !this.currentUser.isAdmin, + hideIf: !this._permissionsService.has(ROLES.digitalSignature.read), helpModeKey: 'digital_signature', }, { screen: 'license-info', label: _('admin-side-nav.license-information'), - hideIf: !this.currentUser.isAdmin, + hideIf: !this._permissionsService.has(ROLES.license.readReport), helpModeKey: 'license_information', }, { screen: 'audit', label: _('admin-side-nav.audit'), - hideIf: !this.currentUser.isAdmin, + hideIf: !this._permissionsService.has(ROLES.searchAudit), helpModeKey: 'audit', }, { screen: 'users', label: _('admin-side-nav.user-management'), - hideIf: !this.currentUser.isUserAdmin, + hideIf: !this._userService.currentUser.isUserAdmin, helpModeKey: 'user_management', }, { screen: 'dossier-permissions', label: _('dossier-permissions'), - hideIf: !this.currentUser.isAdmin, + hideIf: !this._permissionsService.has(ROLES.manageAclPermissions), helpModeKey: 'dossier_permissions', }, { screen: 'general-config', label: _('admin-side-nav.configurations'), - hideIf: !this.currentUser.isAdmin, + hideIf: !this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]), helpModeKey: 'configurations', }, ], diff --git a/apps/red-ui/src/app/users/roles.ts b/apps/red-ui/src/app/users/roles.ts index ba543e8c9..b34e25361 100644 --- a/apps/red-ui/src/app/users/roles.ts +++ b/apps/red-ui/src/app/users/roles.ts @@ -10,32 +10,38 @@ export const ROLES = { RED_EXCLUDE_INCLUDE_PAGES: 'red-exclude-include-pages', RED_GET_RSS: 'red-get-rss', RED_GET_TENANTS: 'red-get-tenants', - RED_MANAGE_ACL_PERMISSIONS: 'red-manage-acl-permissions', RED_MANAGE_USER_PREFERENCES: 'red-manage-user-preferences', RED_MANAGE_VIEWED_PAGES: 'red-manage-viewed-pages', RED_PROCESS_DOWNLOAD: 'red-process-download', RED_PROCESS_MANUAL_REDACTION_REQUEST: 'red-process-manual-redaction-request', - RED_READ_DIGITAL_SIGNATURE: 'red-read-digital-signature', - RED_READ_LICENSE: 'red-read-license', - RED_READ_LICENSE_REPORT: 'red-read-license-report', RED_READ_MANUAL_REDACTIONS: 'red-read-manual-redactions', RED_READ_RULES: 'red-read-rules', - RED_READ_SMTP_CONFIGURATION: 'red-read-smtp-configuration', RED_READ_VERSIONS: 'red-read-versions', RED_REINDEX: 'red-reindex', RED_REQUEST_REDACTION: 'red-request-redaction', RED_ROTATE_PAGE: 'red-rotate-page', - RED_SEARCH_AUDIT_LOG: 'red-search-audit-log', RED_SET_REVIEWER: 'red-set-reviewer', RED_SET_STATUS_APPROVED: 'red-set-status-approved', RED_SET_STATUS_UNDER_APPROVAL: 'red-set-status-under-approval', RED_UPDATE_MY_PROFILE: 'red-update-my-profile', - RED_WRITE_DIGITAL_SIGNATURE: 'red-write-digital-signature', RED_WRITE_RULES: 'red-write-rules', - RED_WRITE_SMTP_CONFIGURATION: 'red-write-smtp-configuration', readDownloadStatus: 'red-read-download-status', readRedactionLog: 'red-read-redaction-log', search: 'red-search', + searchAudit: 'red-search-audit-log', + manageAclPermissions: 'red-manage-acl-permissions', + smtp: { + read: 'red-read-smtp-configuration', + write: 'red-write-smtp-configuration', + }, + license: { + read: 'red-read-license', + readReport: 'red-read-license-report', + }, + digitalSignature: { + read: 'red-read-digital-signature', + write: 'red-write-digital-signature', + }, legalBasis: { read: 'red-read-legal-basis', write: 'red-write-legal-basis', diff --git a/apps/red-ui/src/app/users/user.service.ts b/apps/red-ui/src/app/users/user.service.ts index a95eef3fc..e89bc91a0 100644 --- a/apps/red-ui/src/app/users/user.service.ts +++ b/apps/red-ui/src/app/users/user.service.ts @@ -48,7 +48,7 @@ export class UserService extends IqserUserService { return this._post(null, `${this._defaultModelPath}/profile/activate/${user.userId}`, queryParams); } - protected readonly _rolesFilter = (role: string) => role.startsWith('RED_'); + protected readonly _rolesFilter = (role: string) => role.startsWith('RED_') || role.startsWith('red-'); } export function getCurrentUser() {