From 2a72f3a4d99c1722e34a014c2d6a6b49f4b6e80e Mon Sep 17 00:00:00 2001 From: Valentin Mihai Date: Mon, 18 Jul 2022 19:20:22 +0300 Subject: [PATCH] RED-4661 - RED_USER_ADMIN should not be able to delete RED_ADMINs --- .../user-listing-screen.component.html | 2 +- .../user-listing-screen.component.ts | 16 +++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/apps/red-ui/src/app/modules/admin/screens/user-listing/user-listing-screen.component.html b/apps/red-ui/src/app/modules/admin/screens/user-listing/user-listing-screen.component.html index aabf5e7e7..09310f37b 100644 --- a/apps/red-ui/src/app/modules/admin/screens/user-listing/user-listing-screen.component.html +++ b/apps/red-ui/src/app/modules/admin/screens/user-listing/user-listing-screen.component.html @@ -73,7 +73,7 @@ implement readonly translations = rolesTranslations; readonly iconButtonTypes = IconButtonTypes; readonly circleButtonTypes = CircleButtonTypes; - readonly currentUser = this.userService.currentUser; + readonly currentUser = this._userService.currentUser; readonly canDeleteSelected$ = this.#canDeleteSelected$; readonly tableHeaderLabel = _('user-listing.table-header.title'); readonly tableColumnConfigs: TableColumnConfig[] = [ @@ -58,14 +58,14 @@ export class UserListingScreenComponent extends ListingComponent implement action: (): void => this.openAddEditUserDialog(), type: IconButtonTypes.primary, icon: 'iqser:plus', - disabled$: this.userService.currentUser$.pipe(map(user => !user.isAdmin)), + disabled$: this._userService.currentUser$.pipe(map(user => !user.isAdmin)), }, ]; collapsedDetails = false; chartConfig: DonutChartConfig[] = []; constructor( - readonly userService: UserService, + private readonly _userService: UserService, private readonly _loadingService: LoadingService, private readonly _dialogService: AdminDialogService, private readonly _translateService: TranslateService, @@ -110,7 +110,7 @@ export class UserListingScreenComponent extends ListingComponent implement async toggleActive(user: User) { this._loadingService.start(); const requestBody = { ...user, roles: user.isActive ? [] : ['RED_USER'] }; - await firstValueFrom(this.userService.updateProfile(requestBody, user.id)); + await firstValueFrom(this._userService.updateProfile(requestBody, user.id)); await this.#loadData(); } @@ -119,7 +119,7 @@ export class UserListingScreenComponent extends ListingComponent implement } async #loadData() { - await firstValueFrom(this.userService.loadAll()); + await firstValueFrom(this._userService.loadAll()); this.#computeStats(); this._loadingService.stop(); } @@ -145,4 +145,10 @@ export class UserListingScreenComponent extends ListingComponent implement }; this.filterService.addFilterGroups([roleFiltersGroup]); } + + deleteDisabled(user: User): boolean { + const userAdmin = user.roles.includes('RED_ADMIN'); + const currentUserAdmin = this._userService.currentUser.roles.includes('RED_ADMIN'); + return user.id === this._userService.currentUser.id || (userAdmin && !currentUserAdmin); + } }