diff --git a/apps/red-ui/src/app/app-routing.module.ts b/apps/red-ui/src/app/app-routing.module.ts index 0de22ee9c..8605d0a88 100644 --- a/apps/red-ui/src/app/app-routing.module.ts +++ b/apps/red-ui/src/app/app-routing.module.ts @@ -1,5 +1,12 @@ import { AuthErrorComponent } from '@components/auth-error/auth-error.component'; -import { CompositeRouteGuard, CustomRouteReuseStrategy, IqserAuthGuard, IqserPermissionsGuard, IqserRoutes } from '@iqser/common-ui'; +import { + CompositeRouteGuard, + CustomRouteReuseStrategy, + DEFAULT_REDIRECT_KEY, + IqserAuthGuard, + IqserPermissionsGuard, + IqserRoutes, +} from '@iqser/common-ui'; import { RedRoleGuard } from '@users/red-role.guard'; import { BaseScreenComponent } from '@components/base-screen/base-screen.component'; import { RouteReuseStrategy, RouterModule } from '@angular/router'; @@ -17,6 +24,74 @@ import { DossierFilesGuard } from '@guards/dossier-files-guard'; import { WebViewerLoadedGuard } from './modules/pdf-viewer/services/webviewer-loaded.guard'; import { ROLES } from '@users/roles'; +const dossierTemplateIdRoutes: IqserRoutes = [ + { + path: `${DOSSIERS_ROUTE}`, + children: [ + { + path: `:${DOSSIER_ID}`, + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], + data: { + routeGuards: [DossierFilesGuard], + breadcrumbs: [BreadcrumbTypes.dossierTemplate, BreadcrumbTypes.dossier], + dossiersService: ACTIVE_DOSSIERS_SERVICE, + permissions: { + allow: [ROLES.dossierAttributes.read, ROLES.dossierAttributes.readConfig], + redirectTo: '/auth-error', + }, + }, + loadChildren: () => import('./modules/dossier-overview/dossier-overview.module').then(m => m.DossierOverviewModule), + }, + { + path: `:${DOSSIER_ID}/file/:${FILE_ID}`, + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], + data: { + routeGuards: [DossierFilesGuard, WebViewerLoadedGuard], + breadcrumbs: [BreadcrumbTypes.dossierTemplate, BreadcrumbTypes.dossier, BreadcrumbTypes.file], + dossiersService: ACTIVE_DOSSIERS_SERVICE, + permissions: { + allow: [ROLES.readRedactionLog, ROLES.files.downloadOriginal, ROLES.highlights.read], + redirectTo: '/auth-error', + }, + }, + loadChildren: () => import('./modules/file-preview/file-preview.module').then(m => m.FilePreviewModule), + }, + { + path: '', + pathMatch: 'full', + loadChildren: () => import('./modules/dossiers-listing/dossiers-listing.module').then(m => m.DossiersListingModule), + data: { + breadcrumbs: [BreadcrumbTypes.dossierTemplate], + }, + }, + ], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], + data: { + routeGuards: [DossiersGuard], + dossiersService: ACTIVE_DOSSIERS_SERVICE, + permissions: { + allow: [ROLES.files.readStatus], + redirectTo: '/auth-error', + }, + }, + }, + { + path: `${ARCHIVE_ROUTE}`, + loadChildren: () => import('./modules/archive/archive.module').then(m => m.ArchiveModule), + canActivate: [CompositeRouteGuard, WebViewerLoadedGuard], + data: { + routeGuards: [FeaturesGuard, DossiersGuard], + dossiersService: ARCHIVED_DOSSIERS_SERVICE, + features: [DOSSIERS_ARCHIVE], + }, + }, + { + path: '**', + redirectTo: `${DOSSIERS_ROUTE}`, + pathMatch: 'full', + }, +]; + const routes: IqserRoutes = [ { path: '', @@ -39,6 +114,13 @@ const routes: IqserRoutes = [ { path: 'admin', loadChildren: () => import('./modules/admin/admin.module').then(m => m.AdminModule), + canActivate: [IqserPermissionsGuard], + data: { + permissions: { + allow: [ROLES.templates.read], + redirectTo: '/auth-error', + }, + }, }, { path: 'dashboard', @@ -48,6 +130,7 @@ const routes: IqserRoutes = [ routeGuards: [IqserAuthGuard, RedRoleGuard, DossierTemplatesGuard, DashboardGuard], permissions: { allow: [ + ROLES.any, ROLES.templates.read, ROLES.fileAttributes.readConfig, ROLES.watermarks.read, @@ -63,94 +146,49 @@ const routes: IqserRoutes = [ { path: 'downloads', component: DownloadsListScreenComponent, - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard], + permissions: { + allow: ROLES.readDownloadStatus, + redirectTo: '/auth-error', + }, }, }, { path: 'search', loadChildren: () => import('./modules/search/search.module').then(m => m.SearchModule), - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard], - requiredRoles: ['RED_USER'], + permissions: { + allow: [ROLES.search], + redirectTo: '/auth-error', + }, }, }, { path: 'trash', loadChildren: () => import('./modules/trash/trash.module').then(m => m.TrashModule), - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard, DossiersGuard, TrashGuard], - requiredRoles: ['RED_USER'], dossiersService: ACTIVE_DOSSIERS_SERVICE, + permissions: { + allow: [ROLES.dossiers.read, ROLES.files.readStatus], + redirectTo: '/auth-error', + }, }, }, { path: `:${DOSSIER_TEMPLATE_ID}`, - children: [ - { - path: `${DOSSIERS_ROUTE}`, - children: [ - { - path: `:${DOSSIER_ID}`, - canActivate: [CompositeRouteGuard], - data: { - routeGuards: [DossierFilesGuard], - breadcrumbs: [BreadcrumbTypes.dossierTemplate, BreadcrumbTypes.dossier], - dossiersService: ACTIVE_DOSSIERS_SERVICE, - }, - loadChildren: () => - import('./modules/dossier-overview/dossier-overview.module').then(m => m.DossierOverviewModule), - }, - { - path: `:${DOSSIER_ID}/file/:${FILE_ID}`, - canActivate: [CompositeRouteGuard], - data: { - routeGuards: [DossierFilesGuard, WebViewerLoadedGuard], - breadcrumbs: [BreadcrumbTypes.dossierTemplate, BreadcrumbTypes.dossier, BreadcrumbTypes.file], - dossiersService: ACTIVE_DOSSIERS_SERVICE, - }, - loadChildren: () => import('./modules/file-preview/file-preview.module').then(m => m.FilePreviewModule), - }, - { - path: '', - pathMatch: 'full', - loadChildren: () => - import('./modules/dossiers-listing/dossiers-listing.module').then(m => m.DossiersListingModule), - data: { - breadcrumbs: [BreadcrumbTypes.dossierTemplate], - }, - }, - ], - canActivate: [CompositeRouteGuard], - data: { - routeGuards: [DossiersGuard], - dossiersService: ACTIVE_DOSSIERS_SERVICE, - }, - }, - { - path: `${ARCHIVE_ROUTE}`, - loadChildren: () => import('./modules/archive/archive.module').then(m => m.ArchiveModule), - canActivate: [CompositeRouteGuard, WebViewerLoadedGuard], - data: { - routeGuards: [FeaturesGuard, DossiersGuard], - dossiersService: ARCHIVED_DOSSIERS_SERVICE, - features: [DOSSIERS_ARCHIVE], - }, - }, - { - path: '**', - redirectTo: `${DOSSIERS_ROUTE}`, - pathMatch: 'full', - }, - ], + children: dossierTemplateIdRoutes, canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard, DossierTemplatesGuard, DashboardGuard, DossierTemplateExistsGuard], permissions: { allow: [ + ROLES.any, ROLES.templates.read, ROLES.fileAttributes.readConfig, ROLES.watermarks.read, @@ -160,7 +198,10 @@ const routes: IqserRoutes = [ ROLES.notifications.read, ROLES.dossiers.read, ], - redirectTo: '/', + redirectTo: { + [ROLES.any]: '/auth-error', + [DEFAULT_REDIRECT_KEY]: '/', + }, }, }, }, diff --git a/apps/red-ui/src/app/components/base-screen/base-screen.component.html b/apps/red-ui/src/app/components/base-screen/base-screen.component.html index cfb80afa6..1789ad6aa 100644 --- a/apps/red-ui/src/app/components/base-screen/base-screen.component.html +++ b/apps/red-ui/src/app/components/base-screen/base-screen.component.html @@ -1,14 +1,16 @@
-
+ +
+ -
+
+ {{ item.name | translate }} diff --git a/apps/red-ui/src/app/components/base-screen/base-screen.component.ts b/apps/red-ui/src/app/components/base-screen/base-screen.component.ts index 5ac61bdd1..77c4a418e 100644 --- a/apps/red-ui/src/app/components/base-screen/base-screen.component.ts +++ b/apps/red-ui/src/app/components/base-screen/base-screen.component.ts @@ -7,10 +7,11 @@ import { TranslateService } from '@ngx-translate/core'; import { SpotlightSearchAction } from '@components/spotlight-search/spotlight-search-action'; import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker'; import { filter, map, startWith } from 'rxjs/operators'; -import { shareDistinctLast } from '@iqser/common-ui'; +import { IqserPermissionsService, shareDistinctLast } from '@iqser/common-ui'; import { BreadcrumbsService } from '@services/breadcrumbs.service'; import { FeaturesService } from '@services/features.service'; import { ARCHIVE_ROUTE, DOSSIERS_ARCHIVE, DOSSIERS_ROUTE } from '@red/domain'; +import { ROLES } from '@users/roles'; interface MenuItem { readonly id: string; @@ -29,6 +30,7 @@ const isSearchScreen: (url: string) => boolean = url => url.includes('/search'); styleUrls: ['./base-screen.component.scss'], }) export class BaseScreenComponent { + readonly roles = ROLES; readonly currentUser = this.userService.currentUser; readonly userMenuItems: readonly MenuItem[] = [ { @@ -41,19 +43,19 @@ export class BaseScreenComponent { id: 'admin', name: _('top-bar.navigation-items.my-account.children.admin'), routerLink: '/main/admin', - show: this.currentUser.isManager || this.currentUser.isUserAdmin, + show: this._permissionsService.has([ROLES.templates.read]), }, { id: 'downloads', name: _('top-bar.navigation-items.my-account.children.downloads'), routerLink: '/main/downloads', - show: this.currentUser.isUser, + show: this._permissionsService.has(ROLES.readDownloadStatus), }, { id: 'trash', name: _('top-bar.navigation-items.my-account.children.trash'), routerLink: '/main/trash', - show: this.currentUser.isUser, + show: this._permissionsService.has([ROLES.dossiers.read, ROLES.files.readStatus]), }, ]; readonly searchActions: readonly SpotlightSearchAction[] = [ @@ -87,6 +89,7 @@ export class BaseScreenComponent { private readonly _router: Router, private readonly _translateService: TranslateService, private readonly _featuresService: FeaturesService, + private readonly _permissionsService: IqserPermissionsService, readonly userService: UserService, readonly userPreferenceService: UserPreferenceService, readonly titleService: Title, diff --git a/apps/red-ui/src/app/modules/admin/admin-routing.module.ts b/apps/red-ui/src/app/modules/admin/admin-routing.module.ts index 81597e8d8..2aa034638 100644 --- a/apps/red-ui/src/app/modules/admin/admin-routing.module.ts +++ b/apps/red-ui/src/app/modules/admin/admin-routing.module.ts @@ -1,5 +1,5 @@ import { NgModule } from '@angular/core'; -import { CompositeRouteGuard, IqserAuthGuard } from '@iqser/common-ui'; +import { CompositeRouteGuard, IqserAuthGuard, IqserPermissionsGuard, IqserRoutes } from '@iqser/common-ui'; import { RedRoleGuard } from '@users/red-role.guard'; import { EntitiesListingScreenComponent } from './screens/entities-listing/entities-listing-screen.component'; import { PendingChangesGuard } from '@guards/can-deactivate.guard'; @@ -8,7 +8,7 @@ import { DefaultColorsScreenComponent } from './screens/default-colors/default-c import { UserListingScreenComponent } from './screens/user-listing/user-listing-screen.component'; import { DigitalSignatureScreenComponent } from './screens/digital-signature/digital-signature-screen.component'; import { AuditScreenComponent } from './screens/audit/audit-screen.component'; -import { RouterModule, Routes } from '@angular/router'; +import { RouterModule } from '@angular/router'; import { DossierAttributesListingScreenComponent } from './screens/dossier-attributes-listing/dossier-attributes-listing-screen.component'; import { GeneralConfigScreenComponent } from './screens/general-config/general-config-screen.component'; import { BaseAdminScreenComponent } from './base-admin-screen/base-admin-screen.component'; @@ -20,11 +20,11 @@ import { EntityExistsGuard } from '@guards/entity-exists-guard.service'; import { DossierStatesListingScreenComponent } from './screens/dossier-states-listing/dossier-states-listing-screen.component'; import { BaseEntityScreenComponent } from './base-entity-screen/base-entity-screen.component'; import { PermissionsGuard } from '@guards/permissions-guard'; +import { ROLES } from '@users/roles'; -const dossierTemplateIdRoutes: Routes = [ +const dossierTemplateIdRoutes: IqserRoutes = [ { path: 'info', - canActivate: [CompositeRouteGuard], component: BaseDossierTemplateScreenComponent, loadChildren: () => import('./screens/info/dossier-template-info.module').then(m => m.DossierTemplateInfoModule), }, @@ -75,11 +75,14 @@ const dossierTemplateIdRoutes: Routes = [ { path: 'reports', component: BaseDossierTemplateScreenComponent, - canActivate: [CompositeRouteGuard], - data: { - routeGuards: [IqserAuthGuard, RedRoleGuard], - }, loadChildren: () => import('./screens/reports/reports.module').then(m => m.ReportsModule), + canActivate: [IqserAuthGuard, IqserPermissionsGuard], + data: { + permissions: { + allow: [ROLES.reportTemplates.read], + redirectTo: '/auth-error', + }, + }, }, { path: 'dossier-attributes', @@ -108,20 +111,23 @@ const dossierTemplateIdRoutes: Routes = [ { path: 'justifications', component: BaseDossierTemplateScreenComponent, - canActivate: [CompositeRouteGuard], loadChildren: () => import('./screens/justifications/justifications.module').then(m => m.JustificationsModule), + canActivate: [IqserPermissionsGuard], + data: { + permissions: { + allow: [ROLES.legalBasis.read], + redirectTo: '/auth-error', + }, + }, }, { path: '', redirectTo: 'info', pathMatch: 'full' }, ]; -const dossierTemplatesRoutes: Routes = [ +const dossierTemplatesRoutes: IqserRoutes = [ { path: '', component: BaseAdminScreenComponent, - canActivate: [CompositeRouteGuard], - data: { - routeGuards: [IqserAuthGuard, RedRoleGuard], - }, + canActivate: [IqserAuthGuard], loadChildren: () => import('./screens/dossier-templates-listing/dossier-templates-listing.module').then(m => m.DossierTemplatesListingModule), }, @@ -133,15 +139,18 @@ const dossierTemplatesRoutes: Routes = [ }, ]; -const routes: Routes = [ +const routes: IqserRoutes = [ { path: '', redirectTo: 'dossier-templates', pathMatch: 'full' }, { path: 'dossier-templates', children: dossierTemplatesRoutes, - canActivate: [CompositeRouteGuard], + canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard, DossierTemplatesGuard], - requiredRoles: ['RED_MANAGER', 'RED_ADMIN'], + permissions: { + allow: [ROLES.templates.read], + redirectTo: '/', + }, }, }, { diff --git a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts index cb30b0a66..e48aa54bb 100644 --- a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts +++ b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts @@ -5,6 +5,8 @@ import { adminSideNavTranslations } from '@translations/admin-side-nav-translati import { UserService } from '@users/user.service'; import { ActivatedRoute } from '@angular/router'; import { AdminSideNavType, AdminSideNavTypes, ENTITY_TYPE } from '@red/domain'; +import { ROLES } from '@users/roles'; +import { IqserPermissionsService } from '@iqser/common-ui'; interface NavItem { readonly label: string; @@ -23,6 +25,7 @@ export class AdminSideNavComponent implements OnInit { @Input() disabledItems: string[] = []; readonly translations = adminSideNavTranslations; readonly currentUser = this._userService.currentUser; + readonly roles = ROLES; prefix: string; readonly items: { readonly [key in AdminSideNavType]: NavItem[] } = { @@ -30,7 +33,7 @@ export class AdminSideNavComponent implements OnInit { { screen: 'dossier-templates', label: _('admin-side-nav.dossier-templates'), - hideIf: !this.currentUser.isManager && !this.currentUser.isAdmin, + hideIf: !this._permissionsService.has([ROLES.templates.read]), helpModeKey: 'dossier_templates', }, { @@ -114,11 +117,13 @@ export class AdminSideNavComponent implements OnInit { { screen: 'reports', label: _('admin-side-nav.reports'), + hideIf: !this._permissionsService.has([ROLES.reportTemplates.read]), helpModeKey: 'reports', }, { screen: 'justifications', label: _('admin-side-nav.justifications'), + hideIf: !this._permissionsService.has([ROLES.legalBasis.read]), helpModeKey: 'justifications', }, ], @@ -147,6 +152,7 @@ export class AdminSideNavComponent implements OnInit { constructor( private readonly _userService: UserService, + private readonly _permissionsService: IqserPermissionsService, private readonly _route: ActivatedRoute, readonly userPreferenceService: UserPreferenceService, ) {} diff --git a/apps/red-ui/src/app/modules/dossier-overview/components/screen-header/dossier-overview-screen-header.component.html b/apps/red-ui/src/app/modules/dossier-overview/components/screen-header/dossier-overview-screen-header.component.html index 3aeac614a..9713de260 100644 --- a/apps/red-ui/src/app/modules/dossier-overview/components/screen-header/dossier-overview-screen-header.component.html +++ b/apps/red-ui/src/app/modules/dossier-overview/components/screen-header/dossier-overview-screen-header.component.html @@ -37,7 +37,7 @@ (); readonly circleButtonTypes = CircleButtonTypes; + readonly roles = ROLES; actionConfigs: List; constructor( diff --git a/apps/red-ui/src/app/modules/dossier-overview/dossier-overview.module.ts b/apps/red-ui/src/app/modules/dossier-overview/dossier-overview.module.ts index 179573a10..bbd8b101c 100644 --- a/apps/red-ui/src/app/modules/dossier-overview/dossier-overview.module.ts +++ b/apps/red-ui/src/app/modules/dossier-overview/dossier-overview.module.ts @@ -8,6 +8,7 @@ import { IqserIconsModule, IqserListingModule, IqserLoadingModule, + IqserPermissionsModule, IqserScrollbarModule, IqserSharedModule, IqserUsersModule, @@ -61,6 +62,7 @@ const routes: Routes = [ IqserLoadingModule, IqserSharedModule, IqserScrollbarModule, + IqserPermissionsModule, ], }) export class DossierOverviewModule {} diff --git a/apps/red-ui/src/app/users/roles.ts b/apps/red-ui/src/app/users/roles.ts index 5920fb42f..ba543e8c9 100644 --- a/apps/red-ui/src/app/users/roles.ts +++ b/apps/red-ui/src/app/users/roles.ts @@ -1,24 +1,13 @@ export const ROLES = { RED_ADD_COMMENT: 'red-add-comment', RED_ADD_REDACTION: 'red-add-redaction', - RED_CONVERT_HIGHLIGHTS: 'red-convert-highlights', RED_CREATE_TENANT: 'red-create-tenant', RED_DELETE_COMMENT: 'red-delete-comment', - RED_DELETE_FILE: 'red-delete-file', - RED_DELETE_HIGHLIGHTS: 'red-delete-highlights', RED_DELETE_IMPORTED_REDACTIONS: 'red-delete-imported-redactions', RED_DELETE_MANUAL_REDACTION: 'red-delete-manual-redaction', - RED_DELETE_REPORT_TEMPLATE: 'red-delete-report-template', RED_DEPLOYMENT_INFO: 'red-deployment-info', - RED_DOWNLOAD_ANNOTATED_FILE: 'red-download-annotated-file', - RED_DOWNLOAD_ORIGINAL_FILE: 'red-download-original-file', - RED_DOWNLOAD_REDACTED_FILE: 'red-download-redacted-file', - RED_DOWNLOAD_REDACTION_PREVIEW_FILE: 'red-download-redaction-preview-file', - RED_DOWNLOAD_REPORT_TEMPLATE: 'red-download-report-template', RED_EXCLUDE_INCLUDE_FILE: 'red-exclude-include-file', RED_EXCLUDE_INCLUDE_PAGES: 'red-exclude-include-pages', - RED_GET_HIGHLIGHTS: 'red-get-highlights', - RED_GET_REPORT_TEMPLATES: 'red-get-report-templates', RED_GET_RSS: 'red-get-rss', RED_GET_TENANTS: 'red-get-tenants', RED_MANAGE_ACL_PERMISSIONS: 'red-manage-acl-permissions', @@ -26,38 +15,43 @@ export const ROLES = { RED_MANAGE_VIEWED_PAGES: 'red-manage-viewed-pages', RED_PROCESS_DOWNLOAD: 'red-process-download', RED_PROCESS_MANUAL_REDACTION_REQUEST: 'red-process-manual-redaction-request', - RED_PROCESS_TEXTHIGHLIGHTS: 'red-process-texthighlights', RED_READ_DIGITAL_SIGNATURE: 'red-read-digital-signature', - RED_READ_DOSSIER_ATTRIBUTES: 'red-read-dossier-attributes', - RED_READ_DOSSIER_ATTRIBUTES_CONFIG: 'red-read-dossier-attributes-config', - RED_READ_DOWNLOAD_STATUS: 'red-read-download-status', - RED_READ_FILE_STATUS: 'red-read-file-status', - RED_READ_LEGAL_BASIS: 'red-read-legal-basis', RED_READ_LICENSE: 'red-read-license', RED_READ_LICENSE_REPORT: 'red-read-license-report', RED_READ_MANUAL_REDACTIONS: 'red-read-manual-redactions', - RED_READ_REDACTION_LOG: 'red-read-redaction-log', RED_READ_RULES: 'red-read-rules', RED_READ_SMTP_CONFIGURATION: 'red-read-smtp-configuration', RED_READ_VERSIONS: 'red-read-versions', - RED_REANALYZE_FILE: 'red-reanalyze-file', RED_REINDEX: 'red-reindex', RED_REQUEST_REDACTION: 'red-request-redaction', RED_ROTATE_PAGE: 'red-rotate-page', - RED_SEARCH: 'red-search', RED_SEARCH_AUDIT_LOG: 'red-search-audit-log', RED_SET_REVIEWER: 'red-set-reviewer', RED_SET_STATUS_APPROVED: 'red-set-status-approved', RED_SET_STATUS_UNDER_APPROVAL: 'red-set-status-under-approval', RED_UPDATE_MY_PROFILE: 'red-update-my-profile', - RED_UPLOAD_FILE: 'red-upload-file', - RED_UPLOAD_REPORT_TEMPLATE: 'red-upload-report-template', RED_WRITE_DIGITAL_SIGNATURE: 'red-write-digital-signature', - RED_WRITE_DOSSIER_ATTRIBUTES: 'red-write-dossier-attributes', - RED_WRITE_DOSSIER_ATTRIBUTES_CONFIG: 'red-write-dossier-attributes-config', - RED_WRITE_LEGAL_BASIS: 'red-write-legal-basis', RED_WRITE_RULES: 'red-write-rules', RED_WRITE_SMTP_CONFIGURATION: 'red-write-smtp-configuration', + readDownloadStatus: 'red-read-download-status', + readRedactionLog: 'red-read-redaction-log', + search: 'red-search', + legalBasis: { + read: 'red-read-legal-basis', + write: 'red-write-legal-basis', + }, + reportTemplates: { + read: 'red-get-report-templates', + upload: 'red-upload-report-template', + download: 'red-download-report-template', + delete: 'red-delete-report-template', + }, + highlights: { + read: 'red-get-highlights', + delete: 'red-delete-highlights', + convert: 'red-convert-highlights', + process: 'red-process-texthighlights', + }, watermarks: { write: 'red-write-watermark', read: 'red-read-watermark', @@ -83,6 +77,16 @@ export const ROLES = { delete: 'red-delete-dossier-dictionary-entry', }, }, + files: { + delete: 'red-delete-file', + readStatus: 'red-read-file-status', + downloadAnnotated: 'red-download-annotated-file', + downloadOriginal: 'red-download-original-file', + downloadRedacted: 'red-download-redacted-file', + downloadPreview: 'red-download-redaction-preview-file', + reanalyze: 'red-reanalyze-file', + upload: 'red-upload-file', + }, templates: { read: 'red-read-dossier-templates', write: 'red-write-dossier-templates', @@ -96,6 +100,12 @@ export const ROLES = { readConfig: 'red-read-file-attributes-config', writeConfig: 'red-write-file-attributes-config', }, + dossierAttributes: { + read: 'red-read-dossier-attributes', + write: 'red-write-dossier-attributes', + readConfig: 'red-read-dossier-attributes-config', + writeConfig: 'red-write-dossier-attributes-config', + }, dictionaryEntries: { write: 'red-add-dictionary-entry', delete: 'red-delete-dictionary-entry',