RED-5482: fix access

This commit is contained in:
Dan Percic 2022-11-17 13:11:33 +02:00
parent f042c86791
commit f6a590ac54
7 changed files with 44 additions and 27 deletions

View File

@ -138,6 +138,7 @@ const routes: IqserRoutes = [
ROLES.colors.read,
ROLES.states.read,
ROLES.notifications.read,
'RED_USER',
],
redirectTo: '/auth-error',
},
@ -197,6 +198,7 @@ const routes: IqserRoutes = [
ROLES.states.read,
ROLES.notifications.read,
ROLES.dossiers.read,
'RED_USER',
],
redirectTo: {
[ROLES.any]: '/auth-error',

View File

@ -24,7 +24,7 @@ const routes: IqserRoutes = [
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
permissions: {
allow: [ROLES.notifications.write],
allow: [ROLES.notifications.write, 'RED_USER'],
redirectTo: '/',
},
},

View File

@ -1,12 +1,12 @@
<iqser-side-nav [title]="'account-settings' | translate">
<ng-container *ngFor="let item of items">
<div
*ngIf="!item.hideIf"
*ngIf="item.show"
[iqserHelpMode]="'user_account'"
[routerLinkActiveOptions]="{ exact: false }"
[routerLink]="'../' + item.screen"
class="item"
routerLinkActive="active"
[iqserHelpMode]="'user_account'"
>
{{ item.label | translate }}
</div>

View File

@ -1,12 +1,13 @@
import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
import { ChangeDetectionStrategy, Component } from '@angular/core';
import { IqserPermissionsService } from '@iqser/common-ui';
import { getCurrentUser, IqserPermissionsService } from '@iqser/common-ui';
import { ROLES } from '@users/roles';
import { User } from '@red/domain';
interface NavItem {
readonly label: string;
readonly screen: string;
readonly hideIf?: boolean;
readonly show?: boolean;
}
@Component({
@ -16,23 +17,27 @@ interface NavItem {
changeDetection: ChangeDetectionStrategy.OnPush,
})
export class AccountSideNavComponent {
readonly currentUser = getCurrentUser<User>();
readonly items: NavItem[] = [
{
screen: 'user-profile',
label: _('user-profile'),
show: true,
},
{
screen: 'notifications',
hideIf: !this._permissionsService.has(ROLES.notifications.write),
show: this.currentUser.isUser && this._permissionsService.has(ROLES.notifications.write),
label: _('notifications.label'),
},
{
screen: 'preferences',
label: _('preferences-screen.label'),
show: true,
},
{
screen: 'warnings-preferences',
label: _('preferences-screen.warnings-label'),
show: true,
},
];

View File

@ -151,6 +151,7 @@ const routes: IqserRoutes = [
canActivate: [CompositeRouteGuard, IqserPermissionsGuard],
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard, DossierTemplatesGuard],
requiredRoles: ['RED_MANAGER', 'RED_ADMIN'],
permissions: {
allow: [ROLES.templates.read],
redirectTo: '/',
@ -170,7 +171,7 @@ const routes: IqserRoutes = [
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
permissions: {
allow: [ROLES.users.read],
allow: [ROLES.users.read, 'RED_USER_ADMIN'],
redirectTo: '/',
},
},
@ -183,7 +184,7 @@ const routes: IqserRoutes = [
routeGuards: [IqserAuthGuard, RedRoleGuard, PermissionsGuard],
permissionsObject: 'Dossier',
permissions: {
allow: [ROLES.manageAclPermissions],
allow: [ROLES.manageAclPermissions, 'RED_ADMIN'],
redirectTo: '/',
},
},
@ -195,7 +196,7 @@ const routes: IqserRoutes = [
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
data: {
permissions: {
allow: [ROLES.license.readReport],
allow: [ROLES.license.readReport, 'RED_ADMIN'],
redirectTo: '/',
},
},
@ -213,7 +214,7 @@ const routes: IqserRoutes = [
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
data: {
permissions: {
allow: [ROLES.digitalSignature.read],
allow: [ROLES.digitalSignature.read, 'RED_ADMIN'],
redirectTo: '/',
},
},
@ -230,7 +231,7 @@ const routes: IqserRoutes = [
canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard],
data: {
permissions: {
allow: [ROLES.searchAudit],
allow: [ROLES.searchAudit, 'RED_ADMIN'],
redirectTo: '/',
},
},
@ -249,7 +250,7 @@ const routes: IqserRoutes = [
data: {
routeGuards: [IqserAuthGuard, RedRoleGuard],
permissions: {
allow: [ROLES.generalConfiguration.read, ROLES.smtp.read],
allow: [ROLES.generalConfiguration.read, ROLES.smtp.read, 'RED_ADMIN'],
redirectTo: '/',
},
},

View File

@ -1,11 +1,11 @@
<iqser-side-nav [title]="translations[type] | translate">
<ng-container *ngFor="let item of items[type]">
<a
*ngIf="!item.hideIf"
*ngIf="item.show"
[class.disabled]="isDisabled(item.screen)"
[iqserHelpMode]="item.helpModeKey"
[routerLinkActiveOptions]="{ exact: false }"
[routerLink]="prefix + item.screen"
[iqserHelpMode]="item.helpModeKey"
class="item"
routerLinkActive="active"
>

View File

@ -2,7 +2,6 @@ import { Component, HostBinding, Input, OnInit } from '@angular/core';
import { UserPreferenceService } from '@users/user-preference.service';
import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker';
import { adminSideNavTranslations } from '@translations/admin-side-nav-translations';
import { UserService } from '@users/user.service';
import { ActivatedRoute } from '@angular/router';
import { AdminSideNavType, AdminSideNavTypes, ENTITY_TYPE, User } from '@red/domain';
import { ROLES } from '@users/roles';
@ -11,7 +10,7 @@ import { getCurrentUser, IqserPermissionsService } from '@iqser/common-ui';
interface NavItem {
readonly label: string;
readonly screen: string;
readonly hideIf?: boolean;
readonly show?: boolean;
readonly helpModeKey?: string;
}
@ -33,43 +32,43 @@ export class AdminSideNavComponent implements OnInit {
{
screen: 'dossier-templates',
label: _('admin-side-nav.dossier-templates'),
hideIf: !this.currentUser.isManager && !this.currentUser.isAdmin && !this._permissionsService.has(ROLES.templates.read),
show: (this.currentUser.isManager || this.currentUser.isAdmin) && this._permissionsService.has(ROLES.templates.read),
helpModeKey: 'dossier_templates',
},
{
screen: 'digital-signature',
label: _('admin-side-nav.digital-signature'),
hideIf: !this._permissionsService.has(ROLES.digitalSignature.read),
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.digitalSignature.read),
helpModeKey: 'digital_signature',
},
{
screen: 'license-info',
label: _('admin-side-nav.license-information'),
hideIf: !this._permissionsService.has(ROLES.license.readReport),
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.license.readReport),
helpModeKey: 'license_information',
},
{
screen: 'audit',
label: _('admin-side-nav.audit'),
hideIf: !this._permissionsService.has(ROLES.searchAudit),
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.searchAudit),
helpModeKey: 'audit',
},
{
screen: 'users',
label: _('admin-side-nav.user-management'),
hideIf: !this._permissionsService.has(ROLES.users.read) && !this._userService.currentUser.isUserAdmin,
show: this.currentUser.isUserAdmin && this._permissionsService.has(ROLES.users.read),
helpModeKey: 'user_management',
},
{
screen: 'dossier-permissions',
label: _('dossier-permissions'),
hideIf: !this._permissionsService.has(ROLES.manageAclPermissions),
show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.manageAclPermissions),
helpModeKey: 'dossier_permissions',
},
{
screen: 'general-config',
label: _('admin-side-nav.configurations'),
hideIf: !this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]),
show: this.currentUser.isAdmin && this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]),
helpModeKey: 'configurations',
},
],
@ -78,52 +77,59 @@ export class AdminSideNavComponent implements OnInit {
screen: 'info',
label: _('admin-side-nav.dossier-template-info'),
helpModeKey: 'dossier_templates_info',
show: true,
},
{
screen: 'entities',
label: _('admin-side-nav.entities'),
helpModeKey: 'entities',
show: true,
},
{
screen: 'rules',
label: _('admin-side-nav.rule-editor'),
hideIf: !this.userPreferenceService.areDevFeaturesEnabled || !this._permissionsService.has(ROLES.rules.read),
show: this.userPreferenceService.areDevFeaturesEnabled && this._permissionsService.has(ROLES.rules.read),
},
{
screen: 'default-colors',
label: _('admin-side-nav.default-colors'),
helpModeKey: 'default_colors',
show: true,
},
{
screen: 'watermarks',
label: _('admin-side-nav.watermarks'),
helpModeKey: 'watermarks',
show: true,
},
{
screen: 'file-attributes',
label: _('admin-side-nav.file-attributes'),
helpModeKey: 'file_attributes',
show: true,
},
{
screen: 'dossier-attributes',
label: _('admin-side-nav.dossier-attributes'),
helpModeKey: 'dossier_attributes',
show: true,
},
{
screen: 'dossier-states',
label: _('admin-side-nav.dossier-states'),
helpModeKey: 'dossier_states',
show: true,
},
{
screen: 'reports',
label: _('admin-side-nav.reports'),
hideIf: !this._permissionsService.has([ROLES.reportTemplates.read]),
show: this._permissionsService.has([ROLES.reportTemplates.read]),
helpModeKey: 'reports',
},
{
screen: 'justifications',
label: _('admin-side-nav.justifications'),
hideIf: !this._permissionsService.has([ROLES.legalBasis.read]),
show: this._permissionsService.has([ROLES.legalBasis.read]),
helpModeKey: 'justifications',
},
],
@ -131,27 +137,30 @@ export class AdminSideNavComponent implements OnInit {
{
screen: 'info',
label: _('admin-side-nav.entity-info'),
show: true,
},
{
screen: 'dictionary',
label: _('admin-side-nav.dictionary'),
helpModeKey: 'dictionary_entity',
show: true,
},
{
screen: 'false-positive',
label: _('admin-side-nav.false-positive'),
helpModeKey: 'false_recommendations_entity',
show: true,
},
{
screen: 'false-recommendations',
label: _('admin-side-nav.false-recommendations'),
helpModeKey: 'false_recommendations_entity',
show: true,
},
],
};
constructor(
private readonly _userService: UserService,
private readonly _permissionsService: IqserPermissionsService,
private readonly _route: ActivatedRoute,
readonly userPreferenceService: UserPreferenceService,