permissions changes

backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java

@@ -8,7 +8,7 @@ import java.util.List;
 @ConfigurationProperties(prefix = "authorization")
 public class AuthorizationProperties {
 
-	private String globalAdminRole;
+	private List<String> globalAdminRoles;
 	private String tenantAdminRole;
 	private String globalUserRole;
 	private String tenantUserRole;
@@ -16,12 +16,12 @@ public class AuthorizationProperties {
 	private List<String> allowedTenantRoles;
 	private List<String> allowedGlobalRoles;
 
-	public String getGlobalAdminRole() {
+	public List<String> getGlobalAdminRoles() {
-		return this.globalAdminRole;
+		return globalAdminRoles;
 	}
 
-	public void setGlobalAdminRole(String globalAdminRole) {
+	public void setGlobalAdminRoles(List<String> globalAdminRoles) {
-		this.globalAdminRole = globalAdminRole;
+		this.globalAdminRoles = globalAdminRoles;
 	}
 
 	public String getTenantAdminRole() {

backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java

@@ -165,7 +165,7 @@ public class TenantServiceImpl implements TenantService {
         try {
             this.entityManager.disableTenantFilters();
 
-            existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRole()).collect();
+            existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRoles()).collect();
             userCredentialEntities = this.queryFactory.query(UserCredentialQuery.class).disableTracking().userIds(existingItems.stream().map(UserRoleEntity::getUserId).distinct().toList()).collect();
             
             List<String> keycloakIdsToAddToTenantGroup = new ArrayList<>();

backend/web/src/main/resources/config/authorization.yml

@@ -1,5 +1,7 @@
 authorization:
-  globalAdminRole: Admin
+  globalAdminRoles:
+    - Admin
+    - InstallationAdmin
   tenantAdminRole: TenantAdmin
   globalUserRole: User
   tenantUserRole: TenantUser
@@ -7,8 +9,9 @@ authorization:
   allowedTenantRoles:
     - TenantAdmin
     - TenantUser
-    - TenantManager
+    - TenantPlanManager
-    - TenantDescriptionTemplateEditor
+    - TenantConfigManager
   allowedGlobalRoles:
     - Admin
+    - InstallationAdmin
     - User

backend/web/src/main/resources/config/keycloak-devel.yml

@@ -6,6 +6,8 @@ keycloak-resources:
       groupId: a04fd333-f127-449e-8fc2-0626570a3899
     Admin:
       groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea
+    InstallationAdmin:
+      groupId: 88a65fff-dffe-474a-a461-252ff4230203
   tenantAuthorities:
     TenantAdmin:
       parent: 1e650f57-8b7c-4f32-bf5b-e1a9147c597b
@@ -13,9 +15,9 @@ keycloak-resources:
     TenantUser:
       parent: c7057c4d-e7dc-49ef-aa5d-02ad3a22bff8
       roleAttributeValueStrategy: 'TenantUser:{tenantCode}'
-    TenantManager:
+    TenantConfigManager:
-      parent: d111bb2f-b4a6-4de7-ad22-5151ee1a508b
+      parent: 09a6977b-719e-4e90-b3fc-3b394d82e05f
-      roleAttributeValueStrategy: 'TenantManager:{tenantCode}'
+      roleAttributeValueStrategy: 'TenantConfigManager:{tenantCode}'
-    TenantDescriptionTemplateEditor:
+    TenantPlanManager:
-      parent: 55cf7b17-c025-4065-8906-49f9f430f038
+      parent: 37d1fb0e-5e03-47bf-aefc-365c0670f84e
-      roleAttributeValueStrategy: 'TenantDescriptionTemplateEditor:{tenantCode}'
+      roleAttributeValueStrategy: 'TenantPlanManager:{tenantCode}'

dmp-frontend/src/app/core/common/enum/app-role.ts

@@ -1,8 +1,11 @@
 export enum AppRole {
 	Admin = "Admin",
+	InstallationAdmin = "InstallationAdmin",
 	User = "User",
 	TenantAdmin = "TenantAdmin",
 	TenantUser = "TenantUser",
-	TenantManager = "TenantManager",
+	// TenantManager = "TenantManager",
-	TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor"
+	// TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor"
+	TenantPlanManager = "TenantPlanManager",
+	TenantConfigManager = "TenantConfigManager"
 }

dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts

@@ -58,11 +58,12 @@ export class EnumUtils {
 	toAppRoleString(status: AppRole): string {
 		switch (status) {
 			case AppRole.Admin: return this.language.instant('TYPES.APP-ROLE.ADMIN');
+			case AppRole.InstallationAdmin: return this.language.instant('TYPES.APP-ROLE.INSTALLATION-ADMIN');
 			case AppRole.User: return this.language.instant('TYPES.APP-ROLE.USER');
 			case AppRole.TenantAdmin: return this.language.instant('TYPES.APP-ROLE.TENANT-ADMIN');
 			case AppRole.TenantUser: return this.language.instant('TYPES.APP-ROLE.TENANT-USER');
-			case AppRole.TenantManager: return this.language.instant('TYPES.APP-ROLE.TENANT-MANAGER');
+			case AppRole.TenantPlanManager: return this.language.instant('TYPES.APP-ROLE.TENANT-PLAN-MANAGER');
-			case AppRole.TenantDescriptionTemplateEditor: return this.language.instant('TYPES.APP-ROLE.TENANT-DESCRIPTION-TEMPLATE-EDITOR');
+			case AppRole.TenantConfigManager: return this.language.instant('TYPES.APP-ROLE.TENANT-CONFIG-MANAGER');
 		}
 	}
 

dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html

@@ -4,7 +4,7 @@
 			<div *ngIf="!this.nowEditing"class="roles col-8">
 				<div *ngFor="let role of this.formGroup.get('roles').value" class="row">
 					<div class="col-auto p-0">
-						<span class="user-role" [ngClass]="{'user': role == appRole.User, 'tenant-manager': role == appRole.TenantManager, 'admin': role == appRole.Admin, 'tenant-description-template-editor': role == appRole.TenantDescriptionTemplateEditor, 'tenant-admin': role == appRole.TenantAdmin, 'tenant-user': role == appRole.TenantUser}">
+						<span class="user-role" [ngClass]="{'user': role == appRole.User, 'tenant-plan-manager': role == appRole.TenantPlanManager, 'admin': role == appRole.Admin, 'installation-admin': role == appRole.InstallationAdmin, 'tenant-config-manager': role == appRole.TenantConfigManager, 'tenant-admin': role == appRole.TenantAdmin, 'tenant-user': role == appRole.TenantUser}">
 							{{enumUtils.toAppRoleString(role)}}
 						</span>
 					</div>

dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss

@@ -49,12 +49,12 @@
 		padding-right: 10px;
 	}
 
-	.tenant-manager {
+	.tenant-plan-manager {
 		// display: flex;
 		// justify-content: center;
 		// align-items: center;
-		min-width: 90px;
+		min-width: 77px;
-		height: 28px;
+		min-height: 28px;
 		color: #568b5a;
 		background: #9dd1a1 0% 0% no-repeat padding-box;
 		border-radius: 44px;
@@ -85,6 +85,24 @@
 		padding-right: 10px;
 	}
 
+	.installation-admin {
+		// display: flex;
+		// justify-content: center;
+		// align-items: center;
+		min-width: 67px;
+		min-height: 28px;
+		color: #e75d01;
+		background: #dbaa4e3a 0% 0% no-repeat padding-box;
+		border-radius: 44px;
+		letter-spacing: 0.11px;
+		font-weight: 400;
+		opacity: 1;
+		margin-top: 0.5em;
+		margin-bottom: 0.5em;
+		padding-left: 10px;
+		padding-right: 10px;
+	}
+
 	.tenant-admin {
 		// display: flex;
 		// justify-content: center;
@@ -103,7 +121,7 @@
 		padding-right: 10px;
 	}
 
-	.tenant-description-template-editor {
+	.tenant-config-manager {
 		// display: flex;
 		// justify-content: center;
 		// align-items: center;

dmp-frontend/src/assets/i18n/en.json

@@ -1788,11 +1788,12 @@
 		},
 		"APP-ROLE": {
 			"ADMIN": "Admin",
+			"INSTALLATION-ADMIN": "Installation Admin",
 			"USER": "User",
 			"TENANT-ADMIN": "Tenant Admin",
 			"TENANT-USER": "Tenant User",
-			"TENANT-MANAGER": "Manager",
+			"TENANT-PLAN-MANAGER": "Tenant Plan Manager",
-			"TENANT-DESCRIPTION-TEMPLATE-EDITOR": "Description Template Editor"
+			"TENANT-CONFIG-MANAGER": "Tenant Configuration Manager"
 		},
 		"IS-ACTIVE": {
 			"ACTIVE": "Active",