From e487ca8a02c5e52928ace8774db896a85de76e9a Mon Sep 17 00:00:00 2001 From: amentis Date: Mon, 3 Jun 2024 15:13:57 +0300 Subject: [PATCH] permissions changes --- .../AuthorizationProperties.java | 10 +- .../service/tenant/TenantServiceImpl.java | 2 +- .../main/resources/config/authorization.yml | 9 +- .../main/resources/config/keycloak-devel.yml | 14 +- .../src/main/resources/config/permissions.yml | 397 ++++++++++++++---- .../src/app/core/common/enum/app-role.ts | 7 +- .../services/utilities/enum-utils.service.ts | 5 +- .../user-role-editor.component.html | 2 +- .../user-role-editor.component.scss | 26 +- dmp-frontend/src/assets/i18n/en.json | 5 +- 10 files changed, 379 insertions(+), 98 deletions(-) diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java index d04203b69..133c7d9e6 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java @@ -8,7 +8,7 @@ import java.util.List; @ConfigurationProperties(prefix = "authorization") public class AuthorizationProperties { - private String globalAdminRole; + private List globalAdminRoles; private String tenantAdminRole; private String globalUserRole; private String tenantUserRole; @@ -16,12 +16,12 @@ public class AuthorizationProperties { private List allowedTenantRoles; private List allowedGlobalRoles; - public String getGlobalAdminRole() { - return this.globalAdminRole; + public List getGlobalAdminRoles() { + return globalAdminRoles; } - public void setGlobalAdminRole(String globalAdminRole) { - this.globalAdminRole = globalAdminRole; + public void setGlobalAdminRoles(List globalAdminRoles) { + this.globalAdminRoles = globalAdminRoles; } public String getTenantAdminRole() { diff --git a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java index ac5dac181..282e38962 100644 --- a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java @@ -165,7 +165,7 @@ public class TenantServiceImpl implements TenantService { try { this.entityManager.disableTenantFilters(); - existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRole()).collect(); + existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRoles()).collect(); userCredentialEntities = this.queryFactory.query(UserCredentialQuery.class).disableTracking().userIds(existingItems.stream().map(UserRoleEntity::getUserId).distinct().toList()).collect(); List keycloakIdsToAddToTenantGroup = new ArrayList<>(); diff --git a/backend/web/src/main/resources/config/authorization.yml b/backend/web/src/main/resources/config/authorization.yml index bcc2e9e42..c33ebe758 100644 --- a/backend/web/src/main/resources/config/authorization.yml +++ b/backend/web/src/main/resources/config/authorization.yml @@ -1,5 +1,7 @@ authorization: - globalAdminRole: Admin + globalAdminRoles: + - Admin + - InstallationAdmin tenantAdminRole: TenantAdmin globalUserRole: User tenantUserRole: TenantUser @@ -7,8 +9,9 @@ authorization: allowedTenantRoles: - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor + - TenantPlanManager + - TenantConfigManager allowedGlobalRoles: - Admin + - InstallationAdmin - User \ No newline at end of file diff --git a/backend/web/src/main/resources/config/keycloak-devel.yml b/backend/web/src/main/resources/config/keycloak-devel.yml index 1ee728d13..22df61d43 100644 --- a/backend/web/src/main/resources/config/keycloak-devel.yml +++ b/backend/web/src/main/resources/config/keycloak-devel.yml @@ -6,6 +6,8 @@ keycloak-resources: groupId: a04fd333-f127-449e-8fc2-0626570a3899 Admin: groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea + InstallationAdmin: + groupId: 88a65fff-dffe-474a-a461-252ff4230203 tenantAuthorities: TenantAdmin: parent: 1e650f57-8b7c-4f32-bf5b-e1a9147c597b @@ -13,9 +15,9 @@ keycloak-resources: TenantUser: parent: c7057c4d-e7dc-49ef-aa5d-02ad3a22bff8 roleAttributeValueStrategy: 'TenantUser:{tenantCode}' - TenantManager: - parent: d111bb2f-b4a6-4de7-ad22-5151ee1a508b - roleAttributeValueStrategy: 'TenantManager:{tenantCode}' - TenantDescriptionTemplateEditor: - parent: 55cf7b17-c025-4065-8906-49f9f430f038 - roleAttributeValueStrategy: 'TenantDescriptionTemplateEditor:{tenantCode}' \ No newline at end of file + TenantConfigManager: + parent: 09a6977b-719e-4e90-b3fc-3b394d82e05f + roleAttributeValueStrategy: 'TenantConfigManager:{tenantCode}' + TenantPlanManager: + parent: 37d1fb0e-5e03-47bf-aefc-365c0670f84e + roleAttributeValueStrategy: 'TenantPlanManager:{tenantCode}' \ No newline at end of file diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index 86719eda0..612687e0d 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -14,6 +14,7 @@ permissions: AllowNoTenant: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -88,16 +89,24 @@ permissions: clients: [ ] allowAnonymous: false allowAuthenticated: false - + # Deposit BrowseDeposit: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDeposit: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -110,13 +119,15 @@ permissions: allowAuthenticated: true EditNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager claims: [ ] clients: [ ] allowAnonymous: false @@ -124,6 +135,7 @@ permissions: # TenantConfiguration BrowseTenantConfiguration: roles: + - Admin - TenantAdmin claims: [ ] clients: [ ] @@ -131,12 +143,14 @@ permissions: allowAuthenticated: false EditTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: true allowAuthenticated: true DeleteTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false @@ -149,13 +163,15 @@ permissions: allowAuthenticated: true EditLanguage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteLanguage: roles: - - TenantAdmin + - Admin + - TenantConfigManager claims: [ ] clients: [ ] allowAnonymous: false @@ -169,6 +185,10 @@ permissions: # Description BrowseDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -181,6 +201,10 @@ permissions: allowAuthenticated: false ReviewDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -192,6 +216,10 @@ permissions: allowAuthenticated: false EditDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -202,6 +230,10 @@ permissions: allowAuthenticated: false FinalizeDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -212,6 +244,10 @@ permissions: allowAuthenticated: false DeleteDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -223,6 +259,10 @@ permissions: allowAuthenticated: false CloneDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -240,18 +280,30 @@ permissions: # Tag BrowseTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -261,6 +313,9 @@ permissions: BrowseUser: roles: - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -268,25 +323,32 @@ permissions: EditUser: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteUser: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false - allowAuthenticated: false + allowAuthenticated: false ExportUsers: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false BrowseDmpAssociatedUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -301,22 +363,25 @@ permissions: # DescriptionTemplateType BrowseDescriptionTemplateType: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionTemplateType: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionTemplateType: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -330,6 +395,10 @@ permissions: allowAuthenticated: true EditStorageFile: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -337,6 +406,10 @@ permissions: allowAuthenticated: false DeleteStorageFile: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -345,57 +418,57 @@ permissions: # DescriptionTemplate BrowseDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false CloneDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false CreateNewVersionDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false ImportDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false ExportDescriptionTemplate: roles: - - TenantAdmin - Admin - - TenantDescriptionTemplateEditor + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -403,6 +476,10 @@ permissions: # Dmp BrowseDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -415,6 +492,10 @@ permissions: allowAuthenticated: false EditDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -424,15 +505,21 @@ permissions: allowAuthenticated: false NewDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -443,6 +530,10 @@ permissions: allowAuthenticated: false DepositDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -453,6 +544,10 @@ permissions: allowAuthenticated: false CloneDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -469,6 +564,10 @@ permissions: allowAuthenticated: true CreateNewVersionDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -479,6 +578,10 @@ permissions: allowAuthenticated: false FinalizeDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -489,6 +592,10 @@ permissions: allowAuthenticated: false UndoFinalizeDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -499,6 +606,10 @@ permissions: allowAuthenticated: false AssignDmpUsers: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -509,6 +620,10 @@ permissions: allowAuthenticated: false InviteDmpUsers: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -520,48 +635,55 @@ permissions: # DmpBlueprint BrowseDmpBlueprint: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false CloneDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false CreateNewVersionDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false ExportDmpBlueprint: roles: - - TenantAdmin + - TenantPlanManager - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ImportDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -569,18 +691,30 @@ permissions: # EntityDoi BrowseEntityDoi: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditEntityDoi: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteEntityDoi: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -591,19 +725,23 @@ permissions: # Reference Permissions BrowseReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditReference: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteReference: roles: - - TenantAdmin + - Admin claims: [ ] clients: [ ] allowAnonymous: false @@ -612,18 +750,30 @@ permissions: # DmpReference Permissions BrowseDmpReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -633,18 +783,30 @@ permissions: # DmpUser Permissions BrowseDmpUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -655,23 +817,25 @@ permissions: BrowseSupportiveMaterial: roles: - Admin - - User + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: yes allowAuthenticated: yes EditSupportiveMaterial: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteSupportiveMaterial: roles: - - TenantAdmin + - Admin + - TenantConfigManager claims: [ ] clients: [ ] allowAnonymous: false @@ -680,22 +844,26 @@ permissions: # ReferenceType Permissions BrowseReferenceType: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditReferenceType: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteReferenceType: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -705,18 +873,21 @@ permissions: BrowseTenant: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenant: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteTenant: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -726,21 +897,21 @@ permissions: BrowseTenantUser: roles: - Admin - - TenantAdmin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenantUser: roles: - Admin - - TenantAdmin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteTenantUser: roles: - Admin - - TenantAdmin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -749,18 +920,30 @@ permissions: # DmpDescriptionTemplate Permissions BrowseDmpDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -770,18 +953,30 @@ permissions: # DescriptionReference Permissions BrowseDescriptionReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -791,18 +986,30 @@ permissions: # DescriptionReference Permissions BrowseDescriptionTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -811,10 +1018,12 @@ permissions: # Prefilling BrowsePrefilling: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor claims: [ ] clients: [ ] allowAnonymous: false @@ -823,16 +1032,23 @@ permissions: # Lock Permissions BrowseLock: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditLock: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser dmp: roles: - Owner @@ -844,7 +1060,12 @@ permissions: allowAuthenticated: false DeleteLock: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser dmp: roles: - Owner @@ -855,7 +1076,7 @@ permissions: clients: [ ] allowAnonymous: false allowAuthenticated: false - + # Contact Permissions SendContactSupport: roles: [] @@ -865,19 +1086,34 @@ permissions: # ActionConfirmation Permissions BrowseActionConfirmation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser clients: [ ] allowAnonymous: false allowAuthenticated: false EditActionConfirmation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteActionConfirmation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser claims: [ ] clients: [ ] allowAnonymous: false @@ -886,21 +1122,25 @@ permissions: # PrefillingSource Permissions BrowsePrefillingSource: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditPrefillingSource: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeletePrefillingSource: roles: + - Admin - TenantAdmin claims: [ ] clients: [ ] @@ -910,7 +1150,8 @@ permissions: # ViewPage Permissions ViewDescriptionTemplateTypePage: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -922,74 +1163,82 @@ permissions: allowAuthenticated: false ViewNotificationPage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewNotificationTemplatePage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewSupportiveMaterialPage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewLanguagePage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewUserPage: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewTenantPage: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewPrefillingSourcePage: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewReferenceTypePage: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewReferencePage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewEntityLockPage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewDescriptionTemplatePage: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewDmpBlueprintPage: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -1005,19 +1254,23 @@ permissions: allowAuthenticated: true ViewMyDescriptionPage: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false ViewMyDmpPage: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -1033,8 +1286,8 @@ permissions: allowAuthenticated: true ViewTenantConfigurationPage: roles: - - TenantAdmin - Admin + - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false \ No newline at end of file diff --git a/dmp-frontend/src/app/core/common/enum/app-role.ts b/dmp-frontend/src/app/core/common/enum/app-role.ts index 1213fb136..aaf3f5e64 100644 --- a/dmp-frontend/src/app/core/common/enum/app-role.ts +++ b/dmp-frontend/src/app/core/common/enum/app-role.ts @@ -1,8 +1,11 @@ export enum AppRole { Admin = "Admin", + InstallationAdmin = "InstallationAdmin", User = "User", TenantAdmin = "TenantAdmin", TenantUser = "TenantUser", - TenantManager = "TenantManager", - TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor" + // TenantManager = "TenantManager", + // TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor" + TenantPlanManager = "TenantPlanManager", + TenantConfigManager = "TenantConfigManager" } diff --git a/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts b/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts index 3d32e1294..7b9924c19 100644 --- a/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts +++ b/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts @@ -58,11 +58,12 @@ export class EnumUtils { toAppRoleString(status: AppRole): string { switch (status) { case AppRole.Admin: return this.language.instant('TYPES.APP-ROLE.ADMIN'); + case AppRole.InstallationAdmin: return this.language.instant('TYPES.APP-ROLE.INSTALLATION-ADMIN'); case AppRole.User: return this.language.instant('TYPES.APP-ROLE.USER'); case AppRole.TenantAdmin: return this.language.instant('TYPES.APP-ROLE.TENANT-ADMIN'); case AppRole.TenantUser: return this.language.instant('TYPES.APP-ROLE.TENANT-USER'); - case AppRole.TenantManager: return this.language.instant('TYPES.APP-ROLE.TENANT-MANAGER'); - case AppRole.TenantDescriptionTemplateEditor: return this.language.instant('TYPES.APP-ROLE.TENANT-DESCRIPTION-TEMPLATE-EDITOR'); + case AppRole.TenantPlanManager: return this.language.instant('TYPES.APP-ROLE.TENANT-PLAN-MANAGER'); + case AppRole.TenantConfigManager: return this.language.instant('TYPES.APP-ROLE.TENANT-CONFIG-MANAGER'); } } diff --git a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html index 10c4b10b9..6e244ba85 100644 --- a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html +++ b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html @@ -4,7 +4,7 @@
- + {{enumUtils.toAppRoleString(role)}}
diff --git a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss index 5d9c920fa..6f277a8cd 100644 --- a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss +++ b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss @@ -49,12 +49,12 @@ padding-right: 10px; } - .tenant-manager { + .tenant-plan-manager { // display: flex; // justify-content: center; // align-items: center; - min-width: 90px; - height: 28px; + min-width: 77px; + min-height: 28px; color: #568b5a; background: #9dd1a1 0% 0% no-repeat padding-box; border-radius: 44px; @@ -85,6 +85,24 @@ padding-right: 10px; } + .installation-admin { + // display: flex; + // justify-content: center; + // align-items: center; + min-width: 67px; + min-height: 28px; + color: #e75d01; + background: #dbaa4e3a 0% 0% no-repeat padding-box; + border-radius: 44px; + letter-spacing: 0.11px; + font-weight: 400; + opacity: 1; + margin-top: 0.5em; + margin-bottom: 0.5em; + padding-left: 10px; + padding-right: 10px; + } + .tenant-admin { // display: flex; // justify-content: center; @@ -103,7 +121,7 @@ padding-right: 10px; } - .tenant-description-template-editor { + .tenant-config-manager { // display: flex; // justify-content: center; // align-items: center; diff --git a/dmp-frontend/src/assets/i18n/en.json b/dmp-frontend/src/assets/i18n/en.json index ac7e0ef8f..a942fca57 100644 --- a/dmp-frontend/src/assets/i18n/en.json +++ b/dmp-frontend/src/assets/i18n/en.json @@ -1788,11 +1788,12 @@ }, "APP-ROLE": { "ADMIN": "Admin", + "INSTALLATION-ADMIN": "Installation Admin", "USER": "User", "TENANT-ADMIN": "Tenant Admin", "TENANT-USER": "Tenant User", - "TENANT-MANAGER": "Manager", - "TENANT-DESCRIPTION-TEMPLATE-EDITOR": "Description Template Editor" + "TENANT-PLAN-MANAGER": "Tenant Plan Manager", + "TENANT-CONFIG-MANAGER": "Tenant Configuration Manager" }, "IS-ACTIVE": { "ACTIVE": "Active",