RED-5482: fix access
This commit is contained in:
parent
f042c86791
commit
f6a590ac54
@ -138,6 +138,7 @@ const routes: IqserRoutes = [
|
||||
ROLES.colors.read,
|
||||
ROLES.states.read,
|
||||
ROLES.notifications.read,
|
||||
'RED_USER',
|
||||
],
|
||||
redirectTo: '/auth-error',
|
||||
},
|
||||
@ -197,6 +198,7 @@ const routes: IqserRoutes = [
|
||||
ROLES.states.read,
|
||||
ROLES.notifications.read,
|
||||
ROLES.dossiers.read,
|
||||
'RED_USER',
|
||||
],
|
||||
redirectTo: {
|
||||
[ROLES.any]: '/auth-error',
|
||||
|
||||
@ -24,7 +24,7 @@ const routes: IqserRoutes = [
|
||||
data: {
|
||||
routeGuards: [IqserAuthGuard, RedRoleGuard],
|
||||
permissions: {
|
||||
allow: [ROLES.notifications.write],
|
||||
allow: [ROLES.notifications.write, 'RED_USER'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
<iqser-side-nav [title]="'account-settings' | translate">
|
||||
<ng-container *ngFor="let item of items">
|
||||
<div
|
||||
*ngIf="!item.hideIf"
|
||||
*ngIf="item.show"
|
||||
[iqserHelpMode]="'user_account'"
|
||||
[routerLinkActiveOptions]="{ exact: false }"
|
||||
[routerLink]="'../' + item.screen"
|
||||
class="item"
|
||||
routerLinkActive="active"
|
||||
[iqserHelpMode]="'user_account'"
|
||||
>
|
||||
{{ item.label | translate }}
|
||||
</div>
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
|
||||
import { ChangeDetectionStrategy, Component } from '@angular/core';
|
||||
import { IqserPermissionsService } from '@iqser/common-ui';
|
||||
import { getCurrentUser, IqserPermissionsService } from '@iqser/common-ui';
|
||||
import { ROLES } from '@users/roles';
|
||||
import { User } from '@red/domain';
|
||||
|
||||
interface NavItem {
|
||||
readonly label: string;
|
||||
readonly screen: string;
|
||||
readonly hideIf?: boolean;
|
||||
readonly show?: boolean;
|
||||
}
|
||||
|
||||
@Component({
|
||||
@ -16,23 +17,27 @@ interface NavItem {
|
||||
changeDetection: ChangeDetectionStrategy.OnPush,
|
||||
})
|
||||
export class AccountSideNavComponent {
|
||||
readonly currentUser = getCurrentUser<User>();
|
||||
readonly items: NavItem[] = [
|
||||
{
|
||||
screen: 'user-profile',
|
||||
label: _('user-profile'),
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'notifications',
|
||||
hideIf: !this._permissionsService.has(ROLES.notifications.write),
|
||||
show: this.currentUser.isUser && this._permissionsService.has(ROLES.notifications.write),
|
||||
label: _('notifications.label'),
|
||||
},
|
||||
{
|
||||
screen: 'preferences',
|
||||
label: _('preferences-screen.label'),
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'warnings-preferences',
|
||||
label: _('preferences-screen.warnings-label'),
|
||||
show: true,
|
||||
},
|
||||
];
|
||||
|
||||
|
||||
@ -151,6 +151,7 @@ const routes: IqserRoutes = [
|
||||
canActivate: [CompositeRouteGuard, IqserPermissionsGuard],
|
||||
data: {
|
||||
routeGuards: [IqserAuthGuard, RedRoleGuard, DossierTemplatesGuard],
|
||||
requiredRoles: ['RED_MANAGER', 'RED_ADMIN'],
|
||||
permissions: {
|
||||
allow: [ROLES.templates.read],
|
||||
redirectTo: '/',
|
||||
@ -170,7 +171,7 @@ const routes: IqserRoutes = [
|
||||
data: {
|
||||
routeGuards: [IqserAuthGuard, RedRoleGuard],
|
||||
permissions: {
|
||||
allow: [ROLES.users.read],
|
||||
allow: [ROLES.users.read, 'RED_USER_ADMIN'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
@ -183,7 +184,7 @@ const routes: IqserRoutes = [
|
||||
routeGuards: [IqserAuthGuard, RedRoleGuard, PermissionsGuard],
|
||||
permissionsObject: 'Dossier',
|
||||
permissions: {
|
||||
allow: [ROLES.manageAclPermissions],
|
||||
allow: [ROLES.manageAclPermissions, 'RED_ADMIN'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
@ -195,7 +196,7 @@ const routes: IqserRoutes = [
|
||||
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
|
||||
data: {
|
||||
permissions: {
|
||||
allow: [ROLES.license.readReport],
|
||||
allow: [ROLES.license.readReport, 'RED_ADMIN'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
@ -213,7 +214,7 @@ const routes: IqserRoutes = [
|
||||
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
|
||||
data: {
|
||||
permissions: {
|
||||
allow: [ROLES.digitalSignature.read],
|
||||
allow: [ROLES.digitalSignature.read, 'RED_ADMIN'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
@ -230,7 +231,7 @@ const routes: IqserRoutes = [
|
||||
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
|
||||
data: {
|
||||
permissions: {
|
||||
allow: [ROLES.searchAudit],
|
||||
allow: [ROLES.searchAudit, 'RED_ADMIN'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
@ -249,7 +250,7 @@ const routes: IqserRoutes = [
|
||||
data: {
|
||||
routeGuards: [IqserAuthGuard, RedRoleGuard],
|
||||
permissions: {
|
||||
allow: [ROLES.generalConfiguration.read, ROLES.smtp.read],
|
||||
allow: [ROLES.generalConfiguration.read, ROLES.smtp.read, 'RED_ADMIN'],
|
||||
redirectTo: '/',
|
||||
},
|
||||
},
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
<iqser-side-nav [title]="translations[type] | translate">
|
||||
<ng-container *ngFor="let item of items[type]">
|
||||
<a
|
||||
*ngIf="!item.hideIf"
|
||||
*ngIf="item.show"
|
||||
[class.disabled]="isDisabled(item.screen)"
|
||||
[iqserHelpMode]="item.helpModeKey"
|
||||
[routerLinkActiveOptions]="{ exact: false }"
|
||||
[routerLink]="prefix + item.screen"
|
||||
[iqserHelpMode]="item.helpModeKey"
|
||||
class="item"
|
||||
routerLinkActive="active"
|
||||
>
|
||||
|
||||
@ -2,7 +2,6 @@ import { Component, HostBinding, Input, OnInit } from '@angular/core';
|
||||
import { UserPreferenceService } from '@users/user-preference.service';
|
||||
import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
|
||||
import { adminSideNavTranslations } from '@translations/admin-side-nav-translations';
|
||||
import { UserService } from '@users/user.service';
|
||||
import { ActivatedRoute } from '@angular/router';
|
||||
import { AdminSideNavType, AdminSideNavTypes, ENTITY_TYPE, User } from '@red/domain';
|
||||
import { ROLES } from '@users/roles';
|
||||
@ -11,7 +10,7 @@ import { getCurrentUser, IqserPermissionsService } from '@iqser/common-ui';
|
||||
interface NavItem {
|
||||
readonly label: string;
|
||||
readonly screen: string;
|
||||
readonly hideIf?: boolean;
|
||||
readonly show?: boolean;
|
||||
readonly helpModeKey?: string;
|
||||
}
|
||||
|
||||
@ -33,43 +32,43 @@ export class AdminSideNavComponent implements OnInit {
|
||||
{
|
||||
screen: 'dossier-templates',
|
||||
label: _('admin-side-nav.dossier-templates'),
|
||||
hideIf: !this.currentUser.isManager && !this.currentUser.isAdmin && !this._permissionsService.has(ROLES.templates.read),
|
||||
show: (this.currentUser.isManager || this.currentUser.isAdmin) && this._permissionsService.has(ROLES.templates.read),
|
||||
helpModeKey: 'dossier_templates',
|
||||
},
|
||||
{
|
||||
screen: 'digital-signature',
|
||||
label: _('admin-side-nav.digital-signature'),
|
||||
hideIf: !this._permissionsService.has(ROLES.digitalSignature.read),
|
||||
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.digitalSignature.read),
|
||||
helpModeKey: 'digital_signature',
|
||||
},
|
||||
{
|
||||
screen: 'license-info',
|
||||
label: _('admin-side-nav.license-information'),
|
||||
hideIf: !this._permissionsService.has(ROLES.license.readReport),
|
||||
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.license.readReport),
|
||||
helpModeKey: 'license_information',
|
||||
},
|
||||
{
|
||||
screen: 'audit',
|
||||
label: _('admin-side-nav.audit'),
|
||||
hideIf: !this._permissionsService.has(ROLES.searchAudit),
|
||||
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.searchAudit),
|
||||
helpModeKey: 'audit',
|
||||
},
|
||||
{
|
||||
screen: 'users',
|
||||
label: _('admin-side-nav.user-management'),
|
||||
hideIf: !this._permissionsService.has(ROLES.users.read) && !this._userService.currentUser.isUserAdmin,
|
||||
show: this.currentUser.isUserAdmin && this._permissionsService.has(ROLES.users.read),
|
||||
helpModeKey: 'user_management',
|
||||
},
|
||||
{
|
||||
screen: 'dossier-permissions',
|
||||
label: _('dossier-permissions'),
|
||||
hideIf: !this._permissionsService.has(ROLES.manageAclPermissions),
|
||||
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.manageAclPermissions),
|
||||
helpModeKey: 'dossier_permissions',
|
||||
},
|
||||
{
|
||||
screen: 'general-config',
|
||||
label: _('admin-side-nav.configurations'),
|
||||
hideIf: !this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]),
|
||||
show: this.currentUser.isAdmin && this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]),
|
||||
helpModeKey: 'configurations',
|
||||
},
|
||||
],
|
||||
@ -78,52 +77,59 @@ export class AdminSideNavComponent implements OnInit {
|
||||
screen: 'info',
|
||||
label: _('admin-side-nav.dossier-template-info'),
|
||||
helpModeKey: 'dossier_templates_info',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'entities',
|
||||
label: _('admin-side-nav.entities'),
|
||||
helpModeKey: 'entities',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'rules',
|
||||
label: _('admin-side-nav.rule-editor'),
|
||||
hideIf: !this.userPreferenceService.areDevFeaturesEnabled || !this._permissionsService.has(ROLES.rules.read),
|
||||
show: this.userPreferenceService.areDevFeaturesEnabled && this._permissionsService.has(ROLES.rules.read),
|
||||
},
|
||||
{
|
||||
screen: 'default-colors',
|
||||
label: _('admin-side-nav.default-colors'),
|
||||
helpModeKey: 'default_colors',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'watermarks',
|
||||
label: _('admin-side-nav.watermarks'),
|
||||
helpModeKey: 'watermarks',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'file-attributes',
|
||||
label: _('admin-side-nav.file-attributes'),
|
||||
helpModeKey: 'file_attributes',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'dossier-attributes',
|
||||
label: _('admin-side-nav.dossier-attributes'),
|
||||
helpModeKey: 'dossier_attributes',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'dossier-states',
|
||||
label: _('admin-side-nav.dossier-states'),
|
||||
helpModeKey: 'dossier_states',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'reports',
|
||||
label: _('admin-side-nav.reports'),
|
||||
hideIf: !this._permissionsService.has([ROLES.reportTemplates.read]),
|
||||
show: this._permissionsService.has([ROLES.reportTemplates.read]),
|
||||
helpModeKey: 'reports',
|
||||
},
|
||||
{
|
||||
screen: 'justifications',
|
||||
label: _('admin-side-nav.justifications'),
|
||||
hideIf: !this._permissionsService.has([ROLES.legalBasis.read]),
|
||||
show: this._permissionsService.has([ROLES.legalBasis.read]),
|
||||
helpModeKey: 'justifications',
|
||||
},
|
||||
],
|
||||
@ -131,27 +137,30 @@ export class AdminSideNavComponent implements OnInit {
|
||||
{
|
||||
screen: 'info',
|
||||
label: _('admin-side-nav.entity-info'),
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'dictionary',
|
||||
label: _('admin-side-nav.dictionary'),
|
||||
helpModeKey: 'dictionary_entity',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'false-positive',
|
||||
label: _('admin-side-nav.false-positive'),
|
||||
helpModeKey: 'false_recommendations_entity',
|
||||
show: true,
|
||||
},
|
||||
{
|
||||
screen: 'false-recommendations',
|
||||
label: _('admin-side-nav.false-recommendations'),
|
||||
helpModeKey: 'false_recommendations_entity',
|
||||
show: true,
|
||||
},
|
||||
],
|
||||
};
|
||||
|
||||
constructor(
|
||||
private readonly _userService: UserService,
|
||||
private readonly _permissionsService: IqserPermissionsService,
|
||||
private readonly _route: ActivatedRoute,
|
||||
readonly userPreferenceService: UserPreferenceService,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user