add permissions for tenant users page

2024-06-25 17:14:54 +03:00 · 2024-06-25 17:14:54 +03:00 · 4ce55249cd
parent 70d7c383e0
commit 4ce55249cd
4 changed files with 31 additions and 5 deletions
--- a/backend/core/src/main/java/org/opencdmp/authorization/Permission.java
+++ b/backend/core/src/main/java/org/opencdmp/authorization/Permission.java
@ -57,6 +57,8 @@ public final class Permission {
 	public static String EditUser = "EditUser";
 	public static String DeleteUser = "DeleteUser";
 	public static String ExportUsers = "ExportUsers";
+	public static String EditTenantUserRole = "EditTenantUserRole";
+	public static String InviteTenantUser = "InviteTenantUser";
 	public static String BrowseDmpAssociatedUser = "BrowseDmpAssociatedUser";


--- a/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/service/user/UserServiceImpl.java
@ -319,7 +319,7 @@ public class UserServiceImpl implements UserService {
    @Override
    public User patchRoles(UserRolePatchPersist model, FieldSet fields) throws InvalidApplicationException {
        logger.debug(new MapLogEntry("persisting data UserRole").And("model", model).And("fields", fields));
-        this.authorizationService.authorizeForce(Permission.EditUser);
+        this.authorizationService.authorizeAtLeastOneForce(this.userScope.getUserId() != null ? List.of(new OwnedResource(this.userScope.getUserId())) : null, Permission.EditUser, Permission.EditTenantUserRole);

        UserEntity data = this.entityManager.find(UserEntity.class, model.getId(), true);
        if (data == null) throw new MyNotFoundException(this.messageSource.getMessage("General_ItemNotFound", new Object[]{model.getId(), User.class.getSimpleName()}, LocaleContextHolder.getLocale()));
@ -914,10 +914,13 @@ public class UserServiceImpl implements UserService {
    }

    public void sendUserToTenantInvitation(UserTenantUsersInviteRequest users) throws InvalidApplicationException, JAXBException {
+        this.authorizationService.authorizeForce(Permission.InviteTenantUser);
+
+        TenantEntity tenantEntity = null;
        String tenantName = null;
        String tenantCode;
        if (this.tenantScope.getTenantCode() != null && !this.tenantScope.getTenantCode().equals(this.tenantScope.getDefaultTenantCode())) {
-            TenantEntity tenantEntity = this.queryFactory.query(TenantQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).codes(this.tenantScope.getTenantCode()).isActive(IsActive.Active).first();
+            tenantEntity = this.queryFactory.query(TenantQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).codes(this.tenantScope.getTenantCode()).isActive(IsActive.Active).first();
            if (tenantEntity == null) throw new MyApplicationException("Tenant not found");
            tenantName = tenantEntity.getName();
            tenantCode = tenantEntity.getCode();
@ -927,8 +930,14 @@ public class UserServiceImpl implements UserService {
        for (UserInviteToTenantRequestPersist user: users.getUsers()) {
            String token = this.createUserInviteToTenantConfirmation(user, tenantCode);
            UserContactInfoEntity contactInfoEntity = this.queryFactory.query(UserContactInfoQuery.class).disableTracking().values(user.getEmail()).types(ContactInfoType.Email).first();
-            if (contactInfoEntity != null){
+            if (contactInfoEntity != null && contactInfoEntity.getUserId() != null){
+                if (tenantEntity != null){
+                    if (this.queryFactory.query(TenantUserQuery.class).disableTracking().authorize(AuthorizationFlags.AllExceptPublic).tenantIds(tenantEntity.getId()).userIds(contactInfoEntity.getUserId()).isActive(IsActive.Active).count() > 0){
                        this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, contactInfoEntity.getUserId());
+                    } else this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, null);
+                } else if (tenantCode.equals(this.tenantScope.getDefaultTenantCode())){
+                    this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, contactInfoEntity.getUserId());
+                }
            } else {
                this.createTenantSpecificInvitationUserNotificationEvent(token, user.getEmail(), tenantName, null);
            }
--- a/backend/web/src/main/resources/config/permissions.yml
+++ b/backend/web/src/main/resources/config/permissions.yml
@ -318,6 +318,20 @@ permissions:
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
+    EditTenantUserRole:
+      roles:
+        - Admin
+        - TenantAdmin
+      clients: [ ]
+      allowAnonymous: false
+      allowAuthenticated: false
+    InviteTenantUser:
+      roles:
+        - Admin
+        - TenantAdmin
+      clients: [ ]
+      allowAnonymous: false
+      allowAuthenticated: false
    BrowseDmpAssociatedUser:
      roles:
        - Admin
@ -1100,6 +1114,7 @@ permissions:
      allowAuthenticated: false
    ViewTenantUserPage:
      roles:
+        - Admin
        - TenantAdmin
      clients: [ ]
      allowAnonymous: false
--- a/dmp-frontend/src/app/ui/admin/user/listing/user-listing.component.html
+++ b/dmp-frontend/src/app/ui/admin/user/listing/user-listing.component.html
@ -12,7 +12,7 @@
 					</button>
 				</div>
 				<div class="col-auto">
-					<button mat-raised-button class="create-btn" (click)="export()" *ngIf="authService.hasPermission(authService.permissionEnum.ExportUsers)">
+					<button mat-raised-button class="create-btn" (click)="export()" *ngIf="authService.hasPermission(authService.permissionEnum.ExportUsers) && !hasTenantAdminMode">
 						<mat-icon>download</mat-icon>
 						{{'USER-LISTING.ACTIONS.EXPORT' | translate}}
 					</button>