RED-5482: wip permissions

apps/red-ui/src/app/modules/admin/admin-routing.module.ts

@@ -53,9 +53,13 @@ const dossierTemplateIdRoutes: IqserRoutes = [
     {
         path: 'rules',
         component: BaseDossierTemplateScreenComponent,
-        canActivate: [CompositeRouteGuard],
+        canActivate: [CompositeRouteGuard, IqserPermissionsGuard],
         data: {
             routeGuards: [IqserAuthGuard, RedRoleGuard],
+            permissions: {
+                allow: [ROLES.rules.read],
+                redirectTo: 'info',
+            },
         },
         loadChildren: () => import('./screens/rules/rules.module').then(m => m.RulesModule),
     },

apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts

@@ -87,7 +87,7 @@ export class AdminSideNavComponent implements OnInit {
             {
                 screen: 'rules',
                 label: _('admin-side-nav.rule-editor'),
-                hideIf: !this.userPreferenceService.areDevFeaturesEnabled,
+                hideIf: !this.userPreferenceService.areDevFeaturesEnabled || !this._permissionsService.has(ROLES.rules.read),
             },
             {
                 screen: 'default-colors',

apps/red-ui/src/app/modules/admin/screens/rules/rules-screen/rules-screen.component.html

@@ -1,6 +1,6 @@
 <ngx-monaco-editor (init)="onCodeEditorInit($event)" [(ngModel)]="codeEditorText" [options]="editorOptions"></ngx-monaco-editor>
 
-<div *ngIf="changed && permissionsService.isAdmin() && !isLeaving" class="changes-box">
+<div *ngIf="changed && permissionsService.canEditRules() && !isLeaving" class="changes-box">
     <iqser-icon-button
         (action)="save()"
         [label]="'rules-screen.save-changes' | translate"

apps/red-ui/src/app/modules/admin/screens/rules/rules-screen/rules-screen.component.ts

@@ -7,6 +7,7 @@ import { RulesService } from '../../../services/rules.service';
 import { firstValueFrom } from 'rxjs';
 import { DOSSIER_TEMPLATE_ID } from '@red/domain';
 import { EditorThemeService } from '@services/editor-theme.service';
+import { ComponentCanDeactivate } from '@guards/can-deactivate.guard';
 import ICodeEditor = monaco.editor.ICodeEditor;
 import IModelDeltaDecoration = monaco.editor.IModelDeltaDecoration;
 import IStandaloneEditorConstructionOptions = monaco.editor.IStandaloneEditorConstructionOptions;
@@ -17,13 +18,13 @@ import IStandaloneEditorConstructionOptions = monaco.editor.IStandaloneEditorCon
     styleUrls: ['./rules-screen.component.scss'],
     changeDetection: ChangeDetectionStrategy.OnPush,
 })
-export class RulesScreenComponent implements OnInit {
+export class RulesScreenComponent implements OnInit, ComponentCanDeactivate {
     readonly iconButtonTypes = IconButtonTypes;
     readonly editorOptions: IStandaloneEditorConstructionOptions = {
         theme: 'vs',
         language: 'java',
         automaticLayout: true,
-        readOnly: !this.permissionsService.isAdmin(),
+        readOnly: !this.permissionsService.canEditRules(),
     };
 
     initialLines: string[] = [];

apps/red-ui/src/app/modules/pdf-viewer/services/viewer-header.service.ts

@@ -2,7 +2,7 @@ import { Inject, Injectable } from '@angular/core';
 import { IHeaderElement, RotationTypes } from '@red/domain';
 import { HeaderElements, HeaderElementType } from '../../file-preview/utils/constants';
 import { TranslateService } from '@ngx-translate/core';
-import { BASE_HREF_FN, BaseHrefFn } from '@iqser/common-ui';
+import { BASE_HREF_FN, BaseHrefFn, IqserPermissionsService } from '@iqser/common-ui';
 import { TooltipsService } from './tooltips.service';
 import { PageRotationService } from './page-rotation.service';
 import { PdfViewer } from './pdf-viewer.service';
@@ -10,10 +10,10 @@ import { ROTATION_ACTION_BUTTONS, ViewerEvents } from '../utils/constants';
 import { FilesMapService } from '@services/files/files-map.service';
 import { REDDocumentViewer } from './document-viewer.service';
 import { UserPreferenceService } from '@users/user-preference.service';
-import { ActivatedRoute, Router } from '@angular/router';
 import { Observable, Subject } from 'rxjs';
 import { ViewerEvent } from '../utils/types';
 import { ReadableRedactionsService } from './readable-redactions.service';
+import { ROLES } from '@users/roles';
 
 const divider: IHeaderElement = {
     type: 'divider',
@@ -30,8 +30,8 @@ export class ViewerHeaderService {
         [HeaderElements.LOAD_ALL_ANNOTATIONS, false],
         [HeaderElements.COMPARE_BUTTON, true],
         [HeaderElements.CLOSE_COMPARE_BUTTON, false],
-        [HeaderElements.ROTATE_LEFT_BUTTON, true],
+        [HeaderElements.ROTATE_LEFT_BUTTON, false],
-        [HeaderElements.ROTATE_RIGHT_BUTTON, true],
+        [HeaderElements.ROTATE_RIGHT_BUTTON, false],
         [HeaderElements.APPLY_ROTATION, false],
         [HeaderElements.DISCARD_ROTATION, false],
     ]);
@@ -48,8 +48,7 @@ export class ViewerHeaderService {
         private readonly _tooltipsService: TooltipsService,
         private readonly _readableRedactionsService: ReadableRedactionsService,
         private readonly _userPreferenceService: UserPreferenceService,
-        private readonly _activatedRoute: ActivatedRoute,
+        private readonly _iqserPermissionsService: IqserPermissionsService,
-        private readonly _router: Router,
     ) {
         this.events$ = this.#events$.asObservable();
     }
@@ -216,6 +215,10 @@ export class ViewerHeaderService {
 
         this.updateElements();
 
+        if (this._iqserPermissionsService.has(ROLES.files.rotatePage)) {
+            this.enable([HeaderElements.ROTATE_LEFT_BUTTON, HeaderElements.ROTATE_RIGHT_BUTTON]);
+        }
+
         if (this._userPreferenceService.areDevFeaturesEnabled) {
             this.enable([HeaderElements.LOAD_ALL_ANNOTATIONS]);
         }

apps/red-ui/src/app/modules/pdf-viewer/utils/constants.ts

@@ -6,11 +6,7 @@ export const ROTATION_ACTION_BUTTONS = [HeaderElements.APPLY_ROTATION, HeaderEle
 
 export const TEXT_POPUPS_TO_TOGGLE = [TextPopups.ADD_REDACTION, TextPopups.ADD_RECTANGLE, TextPopups.ADD_FALSE_POSITIVE];
 
-export const HEADER_ITEMS_TO_TOGGLE = [
+export const HEADER_ITEMS_TO_TOGGLE = [HeaderElements.SHAPE_TOOL_GROUP_BUTTON];
-    HeaderElements.SHAPE_TOOL_GROUP_BUTTON,
-    HeaderElements.ROTATE_LEFT_BUTTON,
-    HeaderElements.ROTATE_RIGHT_BUTTON,
-];
 
 export const ALLOWED_ACTIONS_WHEN_PAGE_EXCLUDED: string[] = [
     TextPopups.ADD_RECTANGLE,

apps/red-ui/src/app/modules/shared-dossiers/components/file-actions/file-actions.component.ts

@@ -154,10 +154,10 @@ export class FileActionsComponent implements OnChanges {
             },
             {
                 type: ActionTypes.downloadBtn,
-                show: true,
                 files: [this.file],
                 dossier: this.dossier,
                 tooltipClass: 'small',
+                show: this._permissionsService.canDownloadRedactedFile(),
             },
             {
                 type: ActionTypes.circleBtn,

apps/red-ui/src/app/services/permissions.service.ts

@@ -151,7 +151,7 @@ export class PermissionsService {
     canOcrFile(file: File | File[], dossier: Dossier): boolean {
         const files = file instanceof File ? [file] : file;
         return (
-            this._iqserPermissionsService.has(ROLES.files.delete) &&
+            this._iqserPermissionsService.has(ROLES.files.reanalyze) &&
             files.reduce((acc, _file) => this._canOcrFile(_file, dossier) && acc, true)
         );
     }
@@ -200,7 +200,10 @@ export class PermissionsService {
 
     isReadyForApproval(file: File | File[], dossier: Dossier): boolean {
         const files = file instanceof File ? [file] : file;
-        return files.reduce((acc, _file) => this._isReadyForApproval(_file, dossier) && acc, true);
+        return (
+            this._iqserPermissionsService.has(ROLES.files.setApproved) &&
+            files.reduce((acc, _file) => this._isReadyForApproval(_file, dossier) && acc, true)
+        );
     }
 
     canSetUnderApproval(file: File | File[], dossier: Dossier): boolean {
@@ -333,6 +336,14 @@ export class PermissionsService {
         );
     }
 
+    canDownloadRedactedFile() {
+        return this._iqserPermissionsService.has(ROLES.files.processDownload);
+    }
+
+    canEditRules() {
+        return this._iqserPermissionsService.has(ROLES.rules.write) && this.isAdmin();
+    }
+
     private _canDeleteEntity(entity: Dictionary): boolean {
         return !entity.systemManaged;
     }

apps/red-ui/src/app/users/roles.ts

@@ -2,13 +2,9 @@ export const ROLES = {
     RED_CREATE_TENANT: 'red-create-tenant',
     RED_DEPLOYMENT_INFO: 'red-deployment-info',
     RED_GET_TENANTS: 'red-get-tenants',
-    RED_PROCESS_DOWNLOAD: 'red-process-download',
     RED_PROCESS_MANUAL_REDACTION_REQUEST: 'red-process-manual-redaction-request',
-    RED_READ_RULES: 'red-read-rules',
     RED_READ_VERSIONS: 'red-read-versions',
     RED_REINDEX: 'red-reindex',
-    RED_ROTATE_PAGE: 'red-rotate-page',
-    RED_WRITE_RULES: 'red-write-rules',
     managePreferences: 'red-manage-user-preferences',
     updateMyProfile: 'red-update-my-profile',
     getRss: 'red-get-rss',
@@ -21,6 +17,10 @@ export const ROLES = {
     search: 'red-search',
     searchAudit: 'red-search-audit-log',
     manageAclPermissions: 'red-manage-acl-permissions',
+    rules: {
+        read: 'red-read-rules',
+        write: 'red-write-rules',
+    },
     redactions: {
         write: 'red-add-redaction',
         readManual: 'red-read-manual-redactions',
@@ -89,6 +89,7 @@ export const ROLES = {
     files: {
         delete: 'red-delete-file',
         readStatus: 'red-read-file-status',
+        processDownload: 'red-process-download',
         downloadAnnotated: 'red-download-annotated-file',
         downloadOriginal: 'red-download-original-file',
         downloadRedacted: 'red-download-redacted-file',
@@ -97,6 +98,7 @@ export const ROLES = {
         upload: 'red-upload-file',
         setApproved: 'red-set-status-approved',
         setUnderApproval: 'red-set-status-under-approval',
+        rotatePage: 'red-rotate-page',
     },
     templates: {
         read: 'red-read-dossier-templates',