From c4917731d734509ec0e4150a35cff221951167da Mon Sep 17 00:00:00 2001
From: Valentin Mihai <valentin@devplant.ro>
Date: Tue, 19 Jul 2022 13:30:49 +0300
Subject: [PATCH] RED-4661 - RED_USER_ADMIN should not be able to delete
 RED_ADMINs

---
 .../user-details/user-details.component.html     |  2 +-
 .../user-details/user-details.component.ts       | 16 +++++++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.html b/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.html
index 2eeaa6155..24bb4ea3d 100644
--- a/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.html
+++ b/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.html
@@ -52,7 +52,7 @@
 
         <iqser-icon-button
             (action)="delete()"
-            *ngIf="user && user.id !== userService.currentUser.id"
+            *ngIf="!disabledDelete(user)"
             [label]="'add-edit-user.actions.delete' | translate"
             [type]="iconButtonTypes.dark"
             icon="iqser:trash"
diff --git a/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.ts b/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.ts
index d2e70fda3..73b7148c1 100644
--- a/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.ts
+++ b/apps/red-ui/src/app/modules/admin/dialogs/add-edit-user-dialog/user-details/user-details.component.ts
@@ -33,7 +33,7 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
         private readonly _toaster: Toaster,
         private readonly _dialogService: AdminDialogService,
         private readonly _loadingService: LoadingService,
-        readonly userService: UserService,
+        private readonly _userService: UserService,
     ) {
         super();
     }
@@ -68,12 +68,12 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
     }
 
     shouldBeDisabled(role: string): boolean {
-        const isCurrentAdminUser = this.user && this.user.isAdmin && this.user.id === this.userService.currentUser.id;
+        const isCurrentAdminUser = this.user && this.user.isAdmin && this.user.id === this._userService.currentUser.id;
         return (
             // RED_ADMIN can't remove own RED_ADMIN role
             (role === 'RED_ADMIN' && isCurrentAdminUser) ||
             // only RED_ADMINs can edit RED_ADMIN roles
-            (role === 'RED_ADMIN' && !this.userService.currentUser.isAdmin) ||
+            (role === 'RED_ADMIN' && !this._userService.currentUser.isAdmin) ||
             Object.keys(this._ROLE_REQUIREMENTS).reduce(
                 (value, key) => value || (role === this._ROLE_REQUIREMENTS[key] && this.user?.roles.includes(key)),
                 false,
@@ -86,7 +86,7 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
         const userData: IProfileUpdateRequest = { ...this.form.getRawValue(), roles: this.activeRoles };
 
         if (!this.user) {
-            await firstValueFrom(this.userService.create(userData))
+            await firstValueFrom(this._userService.create(userData))
                 .then(() => {
                     this.closeDialog.emit(true);
                 })
@@ -99,7 +99,7 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
                     this._loadingService.stop();
                 });
         } else {
-            await firstValueFrom(this.userService.updateProfile(userData, this.user.id));
+            await firstValueFrom(this._userService.updateProfile(userData, this.user.id));
             this.closeDialog.emit(true);
         }
     }
@@ -119,6 +119,12 @@ export class UserDetailsComponent extends BaseFormComponent implements OnChanges
         }
     }
 
+    disabledDelete(user: User): boolean {
+        const userAdmin = user.roles.includes('RED_ADMIN');
+        const currentUserAdmin = this._userService.currentUser.roles.includes('RED_ADMIN');
+        return user.id === this._userService.currentUser.id || (userAdmin && !currentUserAdmin);
+    }
+
     private _getForm(): UntypedFormGroup {
         return this._formBuilder.group({
             firstName: [this.user?.firstName, Validators.required],