Marmelator/red-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1.4k Wiki Activity

RED-4661 - RED_USER_ADMIN should not be able to delete RED_ADMINs

Browse Source
This commit is contained in:
Valentin Mihai 2022-07-19 13:30:49 +03:00
parent c313185a36
commit c4917731d7
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.html
View File

@ -52,7 +52,7 @@
<iqser-icon-button
(action)="delete()"
*ngIf="user && user.id !== userService.currentUser.id"
*ngIf="!disabledDelete(user)"
[label]="'add-edit-user.actions.delete' | translate"
[type]="iconButtonTypes.dark"
icon="iqser:trash"

16
apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.ts
View File

@ -33,7 +33,7 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
private readonly _toaster: Toaster,
private readonly _dialogService: AdminDialogService,
private readonly _loadingService: LoadingService,
readonly userService: UserService,
private readonly _userService: UserService,
) {
super();
}
@ -68,12 +68,12 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
}
shouldBeDisabled(role: string): boolean {
const isCurrentAdminUser = this.user && this.user.isAdmin && this.user.id === this.userService.currentUser.id;
const isCurrentAdminUser = this.user && this.user.isAdmin && this.user.id === this._userService.currentUser.id;
return (
// RED_ADMIN can't remove own RED_ADMIN role
(role === 'RED_ADMIN' && isCurrentAdminUser) ||
// only RED_ADMINs can edit RED_ADMIN roles
(role === 'RED_ADMIN' && !this.userService.currentUser.isAdmin) ||
(role === 'RED_ADMIN' && !this._userService.currentUser.isAdmin) ||
Object.keys(this._ROLE_REQUIREMENTS).reduce(
(value, key) => value || (role === this._ROLE_REQUIREMENTS[key] && this.user?.roles.includes(key)),
false,
@ -86,7 +86,7 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
const userData: IProfileUpdateRequest = { ...this.form.getRawValue(), roles: this.activeRoles };
if (!this.user) {
await firstValueFrom(this.userService.create(userData))
await firstValueFrom(this._userService.create(userData))
.then(() => {
this.closeDialog.emit(true);
})
@ -99,7 +99,7 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
this._loadingService.stop();
});
} else {
await firstValueFrom(this.userService.updateProfile(userData, this.user.id));
await firstValueFrom(this._userService.updateProfile(userData, this.user.id));
this.closeDialog.emit(true);
}
}
@ -119,6 +119,12 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
}
}
disabledDelete(user: User): boolean {
const userAdmin = user.roles.includes('RED_ADMIN');
const currentUserAdmin = this._userService.currentUser.roles.includes('RED_ADMIN');
return user.id === this._userService.currentUser.id || (userAdmin && !currentUserAdmin);
}
private _getForm(): UntypedFormGroup {
return this._formBuilder.group({
firstName: [this.user?.firstName, Validators.required],