CM-323, remove the reliance on rss role, base access on granular watermark.read permission.

apps/red-ui/src/app/app-routing.module.ts

@@ -117,7 +117,6 @@ const mainRoutes: IqserRoutes = [
                     Roles.any,
                     Roles.templates.read,
                     Roles.fileAttributes.readConfig,
-                    Roles.watermarks.read,
                     Roles.dictionaryTypes.read,
                     Roles.colors.read,
                     Roles.states.read,
@@ -181,7 +180,6 @@ const mainRoutes: IqserRoutes = [
                     Roles.any,
                     Roles.templates.read,
                     Roles.fileAttributes.readConfig,
-                    Roles.watermarks.read,
                     Roles.dictionaryTypes.read,
                     Roles.colors.read,
                     Roles.states.read,

apps/red-ui/src/app/modules/admin/shared/components/admin-side-nav/admin-side-nav.component.ts

@@ -107,7 +107,7 @@ export class AdminSideNavComponent implements OnInit {
                 screen: 'watermarks',
                 label: _('admin-side-nav.watermarks'),
                 helpModeKey: 'watermarks',
-                show: !this._permissionsService.has(Roles.getRss),
+                show: this._permissionsService.has(Roles.watermarks.read),
             },
             {
                 screen: 'file-attributes',

apps/red-ui/src/app/modules/shared-dossiers/dialogs/edit-dossier-dialog/download-package/edit-dossier-download-package.component.html

@@ -18,7 +18,7 @@
             formControlName="downloadFileTypes"
         ></redaction-select>
     </div>
-    <ng-container *deny="roles.getRss">
+    <ng-container *allow="roles.watermarks.read">
         <p class="heading">{{ 'dossier-watermark-selector.heading' | translate }}</p>
         <ng-container *ngIf="ctx.existsWatermarks; else noWatermarks">
             <redaction-watermark-selector

apps/red-ui/src/app/services/entity-services/watermark.service.ts

@@ -1,10 +1,11 @@
 import { inject, Injectable } from '@angular/core';
-import { GenericService, QueryParam } from '@iqser/common-ui';
+import { GenericService, IqserPermissionsService, QueryParam } from '@iqser/common-ui';
 import { IWatermark, Watermark } from '@red/domain';
-import { firstValueFrom, forkJoin, Observable } from 'rxjs';
+import { firstValueFrom, forkJoin, Observable, of } from 'rxjs';
 import { map, tap } from 'rxjs/operators';
 import { WatermarksMapService } from '@services/entity-services/watermarks-map.service';
 import { mapEach } from '@iqser/common-ui/lib/utils';
+import { Roles } from '@users/roles';
 
 interface IsUsedResponse {
     value: boolean;
@@ -14,9 +15,11 @@ interface IsUsedResponse {
     providedIn: 'root',
 })
 export class WatermarkService extends GenericService<IWatermark> {
-    readonly #watermarksMapService = inject(WatermarksMapService);
     protected readonly _defaultModelPath = 'watermark';
 
+    readonly #watermarksMapService = inject(WatermarksMapService);
+    readonly #allowed = inject(IqserPermissionsService).has(Roles.watermarks.read);
+
     async deleteWatermark(dossierTemplateId: string, watermarkId: number) {
         await firstValueFrom(super.delete(null, `${this._defaultModelPath}/${watermarkId}`));
         return firstValueFrom(this.loadForDossierTemplate(dossierTemplateId));
@@ -37,6 +40,9 @@ export class WatermarkService extends GenericService<IWatermark> {
     }
 
     loadAll(dossierTemplateIds: string[]): Observable<Watermark[]> {
+        if (!this.#allowed) {
+            return of([]);
+        }
         return forkJoin(dossierTemplateIds.map(id => this.loadForDossierTemplate(id))).pipe(map(arrays => [].concat(...arrays)));
     }