From f6a590ac5434478bd90ff3861e2995059b703547 Mon Sep 17 00:00:00 2001 From: Dan Percic Date: Thu, 17 Nov 2022 13:11:33 +0200 Subject: [PATCH] RED-5482: fix access --- apps/red-ui/src/app/app-routing.module.ts | 2 ++ .../modules/account/account-routing.module.ts | 2 +- .../account-side-nav.component.html | 4 +-- .../account-side-nav.component.ts | 11 ++++-- .../app/modules/admin/admin-routing.module.ts | 13 +++---- .../admin-side-nav.component.html | 4 +-- .../admin-side-nav.component.ts | 35 ++++++++++++------- 7 files changed, 44 insertions(+), 27 deletions(-) diff --git a/apps/red-ui/src/app/app-routing.module.ts b/apps/red-ui/src/app/app-routing.module.ts index 8bd0e3eba..0389c4309 100644 --- a/apps/red-ui/src/app/app-routing.module.ts +++ b/apps/red-ui/src/app/app-routing.module.ts @@ -138,6 +138,7 @@ const routes: IqserRoutes = [ ROLES.colors.read, ROLES.states.read, ROLES.notifications.read, + 'RED_USER', ], redirectTo: '/auth-error', }, @@ -197,6 +198,7 @@ const routes: IqserRoutes = [ ROLES.states.read, ROLES.notifications.read, ROLES.dossiers.read, + 'RED_USER', ], redirectTo: { [ROLES.any]: '/auth-error', diff --git a/apps/red-ui/src/app/modules/account/account-routing.module.ts b/apps/red-ui/src/app/modules/account/account-routing.module.ts index 8e6dcc586..a3cfdffae 100644 --- a/apps/red-ui/src/app/modules/account/account-routing.module.ts +++ b/apps/red-ui/src/app/modules/account/account-routing.module.ts @@ -24,7 +24,7 @@ const routes: IqserRoutes = [ data: { routeGuards: [IqserAuthGuard, RedRoleGuard], permissions: { - allow: [ROLES.notifications.write], + allow: [ROLES.notifications.write, 'RED_USER'], redirectTo: '/', }, }, diff --git a/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.html b/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.html index 87a5ed131..b4ab4e40d 100644 --- a/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.html +++ b/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.html @@ -1,12 +1,12 @@
{{ item.label | translate }}
diff --git a/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts b/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts index 5a44887ad..716c65f39 100644 --- a/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts +++ b/apps/red-ui/src/app/modules/account/account-side-nav/account-side-nav.component.ts @@ -1,12 +1,13 @@ import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker'; import { ChangeDetectionStrategy, Component } from '@angular/core'; -import { IqserPermissionsService } from '@iqser/common-ui'; +import { getCurrentUser, IqserPermissionsService } from '@iqser/common-ui'; import { ROLES } from '@users/roles'; +import { User } from '@red/domain'; interface NavItem { readonly label: string; readonly screen: string; - readonly hideIf?: boolean; + readonly show?: boolean; } @Component({ @@ -16,23 +17,27 @@ interface NavItem { changeDetection: ChangeDetectionStrategy.OnPush, }) export class AccountSideNavComponent { + readonly currentUser = getCurrentUser(); readonly items: NavItem[] = [ { screen: 'user-profile', label: _('user-profile'), + show: true, }, { screen: 'notifications', - hideIf: !this._permissionsService.has(ROLES.notifications.write), + show: this.currentUser.isUser && this._permissionsService.has(ROLES.notifications.write), label: _('notifications.label'), }, { screen: 'preferences', label: _('preferences-screen.label'), + show: true, }, { screen: 'warnings-preferences', label: _('preferences-screen.warnings-label'), + show: true, }, ]; diff --git a/apps/red-ui/src/app/modules/admin/admin-routing.module.ts b/apps/red-ui/src/app/modules/admin/admin-routing.module.ts index 14ac83c6c..23456dd05 100644 --- a/apps/red-ui/src/app/modules/admin/admin-routing.module.ts +++ b/apps/red-ui/src/app/modules/admin/admin-routing.module.ts @@ -151,6 +151,7 @@ const routes: IqserRoutes = [ canActivate: [CompositeRouteGuard, IqserPermissionsGuard], data: { routeGuards: [IqserAuthGuard, RedRoleGuard, DossierTemplatesGuard], + requiredRoles: ['RED_MANAGER', 'RED_ADMIN'], permissions: { allow: [ROLES.templates.read], redirectTo: '/', @@ -170,7 +171,7 @@ const routes: IqserRoutes = [ data: { routeGuards: [IqserAuthGuard, RedRoleGuard], permissions: { - allow: [ROLES.users.read], + allow: [ROLES.users.read, 'RED_USER_ADMIN'], redirectTo: '/', }, }, @@ -183,7 +184,7 @@ const routes: IqserRoutes = [ routeGuards: [IqserAuthGuard, RedRoleGuard, PermissionsGuard], permissionsObject: 'Dossier', permissions: { - allow: [ROLES.manageAclPermissions], + allow: [ROLES.manageAclPermissions, 'RED_ADMIN'], redirectTo: '/', }, }, @@ -195,7 +196,7 @@ const routes: IqserRoutes = [ canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard], data: { permissions: { - allow: [ROLES.license.readReport], + allow: [ROLES.license.readReport, 'RED_ADMIN'], redirectTo: '/', }, }, @@ -213,7 +214,7 @@ const routes: IqserRoutes = [ canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard], data: { permissions: { - allow: [ROLES.digitalSignature.read], + allow: [ROLES.digitalSignature.read, 'RED_ADMIN'], redirectTo: '/', }, }, @@ -230,7 +231,7 @@ const routes: IqserRoutes = [ canActivate: [IqserAuthGuard, IqserPermissionsGuard, RedRoleGuard], data: { permissions: { - allow: [ROLES.searchAudit], + allow: [ROLES.searchAudit, 'RED_ADMIN'], redirectTo: '/', }, }, @@ -249,7 +250,7 @@ const routes: IqserRoutes = [ data: { routeGuards: [IqserAuthGuard, RedRoleGuard], permissions: { - allow: [ROLES.generalConfiguration.read, ROLES.smtp.read], + allow: [ROLES.generalConfiguration.read, ROLES.smtp.read, 'RED_ADMIN'], redirectTo: '/', }, }, diff --git a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.html b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.html index 98317bb98..149cd22f7 100644 --- a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.html +++ b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.html @@ -1,11 +1,11 @@ diff --git a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts index abf9ed78a..5fe8c41b8 100644 --- a/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts +++ b/apps/red-ui/src/app/modules/admin/admin-side-nav/admin-side-nav.component.ts @@ -2,7 +2,6 @@ import { Component, HostBinding, Input, OnInit } from '@angular/core'; import { UserPreferenceService } from '@users/user-preference.service'; import { marker as _ } from '@biesbjerg/ngx-translate-extract-marker'; import { adminSideNavTranslations } from '@translations/admin-side-nav-translations'; -import { UserService } from '@users/user.service'; import { ActivatedRoute } from '@angular/router'; import { AdminSideNavType, AdminSideNavTypes, ENTITY_TYPE, User } from '@red/domain'; import { ROLES } from '@users/roles'; @@ -11,7 +10,7 @@ import { getCurrentUser, IqserPermissionsService } from '@iqser/common-ui'; interface NavItem { readonly label: string; readonly screen: string; - readonly hideIf?: boolean; + readonly show?: boolean; readonly helpModeKey?: string; } @@ -33,43 +32,43 @@ export class AdminSideNavComponent implements OnInit { { screen: 'dossier-templates', label: _('admin-side-nav.dossier-templates'), - hideIf: !this.currentUser.isManager && !this.currentUser.isAdmin && !this._permissionsService.has(ROLES.templates.read), + show: (this.currentUser.isManager || this.currentUser.isAdmin) && this._permissionsService.has(ROLES.templates.read), helpModeKey: 'dossier_templates', }, { screen: 'digital-signature', label: _('admin-side-nav.digital-signature'), - hideIf: !this._permissionsService.has(ROLES.digitalSignature.read), + show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.digitalSignature.read), helpModeKey: 'digital_signature', }, { screen: 'license-info', label: _('admin-side-nav.license-information'), - hideIf: !this._permissionsService.has(ROLES.license.readReport), + show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.license.readReport), helpModeKey: 'license_information', }, { screen: 'audit', label: _('admin-side-nav.audit'), - hideIf: !this._permissionsService.has(ROLES.searchAudit), + show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.searchAudit), helpModeKey: 'audit', }, { screen: 'users', label: _('admin-side-nav.user-management'), - hideIf: !this._permissionsService.has(ROLES.users.read) && !this._userService.currentUser.isUserAdmin, + show: this.currentUser.isUserAdmin && this._permissionsService.has(ROLES.users.read), helpModeKey: 'user_management', }, { screen: 'dossier-permissions', label: _('dossier-permissions'), - hideIf: !this._permissionsService.has(ROLES.manageAclPermissions), + show: this.currentUser.isAdmin && this._permissionsService.has(ROLES.manageAclPermissions), helpModeKey: 'dossier_permissions', }, { screen: 'general-config', label: _('admin-side-nav.configurations'), - hideIf: !this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]), + show: this.currentUser.isAdmin && this._permissionsService.has([ROLES.generalConfiguration.read, ROLES.smtp.read]), helpModeKey: 'configurations', }, ], @@ -78,52 +77,59 @@ export class AdminSideNavComponent implements OnInit { screen: 'info', label: _('admin-side-nav.dossier-template-info'), helpModeKey: 'dossier_templates_info', + show: true, }, { screen: 'entities', label: _('admin-side-nav.entities'), helpModeKey: 'entities', + show: true, }, { screen: 'rules', label: _('admin-side-nav.rule-editor'), - hideIf: !this.userPreferenceService.areDevFeaturesEnabled || !this._permissionsService.has(ROLES.rules.read), + show: this.userPreferenceService.areDevFeaturesEnabled && this._permissionsService.has(ROLES.rules.read), }, { screen: 'default-colors', label: _('admin-side-nav.default-colors'), helpModeKey: 'default_colors', + show: true, }, { screen: 'watermarks', label: _('admin-side-nav.watermarks'), helpModeKey: 'watermarks', + show: true, }, { screen: 'file-attributes', label: _('admin-side-nav.file-attributes'), helpModeKey: 'file_attributes', + show: true, }, { screen: 'dossier-attributes', label: _('admin-side-nav.dossier-attributes'), helpModeKey: 'dossier_attributes', + show: true, }, { screen: 'dossier-states', label: _('admin-side-nav.dossier-states'), helpModeKey: 'dossier_states', + show: true, }, { screen: 'reports', label: _('admin-side-nav.reports'), - hideIf: !this._permissionsService.has([ROLES.reportTemplates.read]), + show: this._permissionsService.has([ROLES.reportTemplates.read]), helpModeKey: 'reports', }, { screen: 'justifications', label: _('admin-side-nav.justifications'), - hideIf: !this._permissionsService.has([ROLES.legalBasis.read]), + show: this._permissionsService.has([ROLES.legalBasis.read]), helpModeKey: 'justifications', }, ], @@ -131,27 +137,30 @@ export class AdminSideNavComponent implements OnInit { { screen: 'info', label: _('admin-side-nav.entity-info'), + show: true, }, { screen: 'dictionary', label: _('admin-side-nav.dictionary'), helpModeKey: 'dictionary_entity', + show: true, }, { screen: 'false-positive', label: _('admin-side-nav.false-positive'), helpModeKey: 'false_recommendations_entity', + show: true, }, { screen: 'false-recommendations', label: _('admin-side-nav.false-recommendations'), helpModeKey: 'false_recommendations_entity', + show: true, }, ], }; constructor( - private readonly _userService: UserService, private readonly _permissionsService: IqserPermissionsService, private readonly _route: ActivatedRoute, readonly userPreferenceService: UserPreferenceService,