diff --git a/backend/core/src/main/java/org/opencdmp/authorization/Permission.java b/backend/core/src/main/java/org/opencdmp/authorization/Permission.java index 733aed9fd..4a08a8a74 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/Permission.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/Permission.java @@ -57,6 +57,8 @@ public final class Permission { public static String EditUser = "EditUser"; public static String DeleteUser = "DeleteUser"; public static String ExportUsers = "ExportUsers"; + public static String EditTenantUserRole = "EditTenantUserRole"; + public static String InviteTenantUser = "InviteTenantUser"; public static String BrowseDmpAssociatedUser = "BrowseDmpAssociatedUser"; diff --git a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java index 146979e47..3ea2489cd 100644 --- a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java @@ -319,7 +319,7 @@ public class UserServiceImpl implements UserService { @Override public User patchRoles(UserRolePatchPersist model, FieldSet fields) throws InvalidApplicationException { logger.debug(new MapLogEntry("persisting data UserRole").And("model", model).And("fields", fields)); - this.authorizationService.authorizeForce(Permission.EditUser); + this.authorizationService.authorizeAtLeastOneForce(this.userScope.getUserId() != null ? List.of(new OwnedResource(this.userScope.getUserId())) : null, Permission.EditUser, Permission.EditTenantUserRole); UserEntity data = this.entityManager.find(UserEntity.class, model.getId(), true); if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale())); @@ -914,10 +914,13 @@ public class UserServiceImpl implements UserService { } public void sendUserToTenantInvitation(UserTenantUsersInviteRequest users) throws InvalidApplicationException, JAXBException { + this.authorizationService.authorizeForce(Permission.InviteTenantUser); + + TenantEntity tenantEntity = null; String tenantName = null; String tenantCode; if (this.tenantScope.getTenantCode() != null && !this.tenantScope.getTenantCode().equals(this.tenantScope.getDefaultTenantCode())) { - TenantEntity tenantEntity = this.queryFactory.query(TenantQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).codes(this.tenantScope.getTenantCode()).isActive(IsActive.Active).first(); + tenantEntity = this.queryFactory.query(TenantQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).codes(this.tenantScope.getTenantCode()).isActive(IsActive.Active).first(); if (tenantEntity == null) throw new MyApplicationException("Tenant not found"); tenantName = tenantEntity.getName(); tenantCode = tenantEntity.getCode(); @@ -927,8 +930,14 @@ public class UserServiceImpl implements UserService { for (UserInviteToTenantRequestPersist user: users.getUsers()) { String token = this.createUserInviteToTenantConfirmation(user, tenantCode); UserContactInfoEntity contactInfoEntity = this.queryFactory.query(UserContactInfoQuery.class).disableTracking().values(user.getEmail()).types(ContactInfoType.Email).first(); - if (contactInfoEntity != null){ - this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, contactInfoEntity.getUserId()); + if (contactInfoEntity != null && contactInfoEntity.getUserId() != null){ + if (tenantEntity != null){ + if (this.queryFactory.query(TenantUserQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).tenantIds(tenantEntity.getId()).userIds(contactInfoEntity.getUserId()).isActive(IsActive.Active).count() > 0){ + this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, contactInfoEntity.getUserId()); + } else this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, null); + } else if (tenantCode.equals(this.tenantScope.getDefaultTenantCode())){ + this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, contactInfoEntity.getUserId()); + } } else { this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, null); } diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index 68bac6869..5b68993ce 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -318,6 +318,20 @@ permissions: clients: [ ] allowAnonymous: false allowAuthenticated: false + EditTenantUserRole: + roles: + - Admin + - TenantAdmin + clients: [ ] + allowAnonymous: false + allowAuthenticated: false + InviteTenantUser: + roles: + - Admin + - TenantAdmin + clients: [ ] + allowAnonymous: false + allowAuthenticated: false BrowseDmpAssociatedUser: roles: - Admin @@ -1100,6 +1114,7 @@ permissions: allowAuthenticated: false ViewTenantUserPage: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false diff --git a/dmp-frontend/src/app/ui/admin/user/listing/user-listing.component.html b/dmp-frontend/src/app/ui/admin/user/listing/user-listing.component.html index 370bc1ca6..1cfe3fb36 100644 --- a/dmp-frontend/src/app/ui/admin/user/listing/user-listing.component.html +++ b/dmp-frontend/src/app/ui/admin/user/listing/user-listing.component.html @@ -12,7 +12,7 @@
-