micord/ervu-account-applications
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/feature/SUPPORT-9363_perms' into develop

Browse source
This commit is contained in:
adel.ka 2025-09-02 17:13:12 +03:00
commit 615d482425
42 changed files with 1485 additions and 989 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backend/src/main/java/ru/micord/ervu/account_applications/component/service/AccountGridLoadService.java
View file

@ -18,8 +18,7 @@ import ru.micord.ervu.account_applications.component.model.dto.SearchRequest;
import ru.micord.ervu.account_applications.component.model.dto.SearchResponse;
import ru.micord.ervu.account_applications.dao.RecruitmentDao;
import ru.micord.ervu.account_applications.security.context.SecurityContext;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuRoleAuthority;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
import ru.micord.ervu.account_applications.service.AccountFetchService;
import ru.micord.ervu.account_applications.util.StringUtils;
import service.GridService;
@ -110,10 +109,9 @@ public class AccountGridLoadService extends Behavior implements GridService {
Filter[] filters) {
int page = (offset / limit) + 1;
Map<String, Object> filterMap = new HashMap<>();
UserSession userSession = securityContext.getUserSession();
Set<ErvuRoleAuthority> roles = userSession.roles();
Set<ErvuPermissionAuthority> permissions = securityContext.getPermissions();
if (ervuSecurityRole == null
|| roles.stream().noneMatch(role -> role.getAuthority().equals(ervuSecurityRole))) {
|| permissions.stream().noneMatch(permission -> permission.getAuthority().equals(ervuSecurityRole))) {
List<String> domainIds = recruitmentDao.getRecruitmentIdsWithParentByDomainId(securityContext.getDomainId());
filterMap.put(DOMAIN_IDS, domainIds.toArray());
}

2
backend/src/main/java/ru/micord/ervu/account_applications/component/service/AuditFormDaoImpl.java
View file

@ -11,7 +11,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import ru.micord.ervu.account_applications.component.dao.AuditDao;
import ru.micord.ervu.account_applications.security.context.SecurityContext;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.UserSession;
import utils.DateTimeUtil;
import ru.cg.webbpm.modules.database.api.bean.TableFieldData;

8
backend/src/main/java/ru/micord/ervu/account_applications/component/service/RecruitmentGridService.java
View file

@ -13,8 +13,7 @@ import model.grid.SortInfo;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import ru.micord.ervu.account_applications.dao.RecruitmentDao;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuRoleAuthority;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
import service.GridV2ServiceImpl;
import ru.cg.webbpm.modules.database.api.dao.option.LoadOptions;
@ -49,12 +48,11 @@ public class RecruitmentGridService extends GridV2ServiceImpl {
@Override
public GridRows loadData(Integer offset, Integer limit, Filter[] filters, SortInfo[] sortInfos) {
UserSession userSession = securityContext.getUserSession();
Set<ErvuRoleAuthority> roles = userSession.roles();
Set<ErvuPermissionAuthority> permissions = securityContext.getPermissions();
List<String> recruitmentIds;
List<Filter> updatedFilters = new ArrayList<>(Arrays.asList(filters));
Optional<Filter> recruitmentFilterOpt = findRecruitmentFilter(updatedFilters);
if (ervuSecurityRole != null && roles.stream().anyMatch(role -> role.getAuthority().equals(
if (ervuSecurityRole != null && permissions.stream().anyMatch(permission -> permission.getAuthority().equals(
ervuSecurityRole))) {
recruitmentIds = recruitmentFilterOpt.map(
filter -> getChildRecruitmentIds(updatedFilters, filter))

9
backend/src/main/java/ru/micord/ervu/account_applications/component/service/TreeItemService.java
View file

@ -14,8 +14,7 @@ import org.springframework.stereotype.Service;
import ru.micord.ervu.account_applications.component.model.TreeItemDto;
import ru.micord.ervu.account_applications.component.rpc.TreeItemRpcService;
import ru.micord.ervu.account_applications.security.context.SecurityContext;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuRoleAuthority;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
import ru.cg.webbpm.modules.database.api.bean.TableRow;
import ru.cg.webbpm.modules.database.api.dao.option.LoadOptions;
@ -56,10 +55,10 @@ public class TreeItemService {
public List<TreeItemDto> loadTreeData() {
String domainId = securityContext.getDomainId();
UserSession userSession = securityContext.getUserSession();
Set<ErvuRoleAuthority> roles = userSession.roles();
Set<ErvuPermissionAuthority> permissions = securityContext.getPermissions();
List<TreeItemDto> filteredTreeItems = loadTreeItems();
if (ervuSecurityRole == null || roles.stream().noneMatch(role -> role.getAuthority().equals(
if (ervuSecurityRole == null || permissions.stream().noneMatch(permission -> permission.getAuthority().equals(
ervuSecurityRole))) {
filteredTreeItems = filteredTreeItems.stream()
.filter(item -> item.domainId.equalsIgnoreCase(domainId))

11
backend/src/main/java/ru/micord/ervu/account_applications/security/config/SecurityConfig.java
View file

@ -1,7 +1,6 @@
package ru.micord.ervu.account_applications.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
@ -28,22 +27,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private ErvuJwtAuthenticationProvider jwtAuthenticationProvider;
@Value("${security.roles.allowed:#{null}}")
private String[] allowedRoles;
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeHttpRequests(auth -> {
auth.antMatchers("/version").permitAll();
auth.antMatchers("/session").authenticated();
auth.antMatchers(CREATE_APPLICATION_PERMISSIONS).hasAuthority(CREATE_APPLICATION_AUTHORITY);
auth.anyRequest().authenticated();
if (allowedRoles != null && allowedRoles.length > 0) {
auth.anyRequest().hasAnyAuthority(allowedRoles);
}
else {
auth.anyRequest().authenticated();
}
})
.sessionManagement(session ->
session.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

7
backend/src/main/java/ru/micord/ervu/account_applications/security/context/SecurityContext.java
View file

@ -1,11 +1,16 @@
package ru.micord.ervu.account_applications.security.context;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import java.util.Set;
import ru.micord.ervu.account_applications.security.model.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
public interface SecurityContext {
String getDomainId();
Set<ErvuPermissionAuthority> getPermissions();
String getUserId();
String getToken();

11
backend/src/main/java/ru/micord/ervu/account_applications/security/context/SecurityContextImpl.java
View file

@ -1,9 +1,12 @@
package ru.micord.ervu.account_applications.security.context;
import java.util.Set;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.UserSession;
import ru.micord.ervu.account_applications.security.model.jwt.authentication.JwtTokenAuthentication;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
@Component
@ -15,6 +18,12 @@ public class SecurityContextImpl
return auth != null ? auth.getUserSession().domainId() : null;
}
@Override
public Set<ErvuPermissionAuthority> getPermissions() {
JwtTokenAuthentication auth = (JwtTokenAuthentication) SecurityContextHolder.getContext().getAuthentication();
return auth != null ? auth.getUserSession().permissions() : null;
}
@Override
public String getUserId() {
JwtTokenAuthentication auth = (JwtTokenAuthentication) SecurityContextHolder.getContext().getAuthentication();

8
backend/src/main/java/ru/micord/ervu/account_applications/security/controller/AuthorizationController.java
View file

@ -6,8 +6,8 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import ru.micord.ervu.account_applications.security.context.SecurityContext;
import ru.micord.ervu.account_applications.security.dto.SessionDto;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuRoleAuthority;
import ru.micord.ervu.account_applications.security.model.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
@RestController
@ -26,9 +26,9 @@ public class AuthorizationController {
userSession.userId(),
userSession.name(),
userSession.realm(),
userSession.roles()
userSession.permissions()
.stream()
.map(ErvuRoleAuthority::getAuthority)
.map(ErvuPermissionAuthority::getAuthority)
.collect(Collectors.toSet()),
userSession.domainId()
);

2
backend/src/main/java/ru/micord/ervu/account_applications/security/dto/SessionDto.java
View file

@ -6,6 +6,6 @@ public record SessionDto(
String userId,
String name,
String realm,
Set<String> roles,
Set<String> permissions,
String domainId
) {}

12
backend/src/main/java/ru/micord/ervu/account_applications/security/filter/JwtAuthenticationFilter.java
View file

@ -56,9 +56,10 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
if (token == null) {
return null;
}
Authentication authentication = new JwtTokenDummy(token);
authentication = authenticationManager.authenticate(authentication);
return authentication;
String permissionsHeader = extractPermissionsHeaderFromRequest(request);
Authentication authentication = new JwtTokenDummy(token, permissionsHeader);
return authenticationManager.authenticate(authentication);
}
private String extractAuthTokenFromRequest(HttpServletRequest request) {
@ -68,4 +69,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
.map(String::trim)
.orElse(null);
}
private String extractPermissionsHeaderFromRequest(HttpServletRequest request) {
return Optional.ofNullable(request.getHeader("X-User-Permissions"))
.orElse("");
}
}

14
backend/src/main/java/ru/micord/ervu/account_applications/security/model/jwt/UserSession.java → backend/src/main/java/ru/micord/ervu/account_applications/security/model/UserSession.java
View file

@ -1,14 +1,14 @@
package ru.micord.ervu.account_applications.security.model.jwt;
package ru.micord.ervu.account_applications.security.model;
import java.util.Set;
import ru.micord.ervu.account_applications.security.model.role.ErvuRoleAuthority;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
public record UserSession(
String userId,
String name,
String realm,
Set<ErvuRoleAuthority> roles,
Set<ErvuPermissionAuthority> permissions,
String domainId
) {
@ -20,7 +20,7 @@ public record UserSession(
private String userId;
private String name;
private String realm;
private Set<ErvuRoleAuthority> roles;
private Set<ErvuPermissionAuthority> permissions;
private String domainId;
private UserSessionBuilder() {
@ -41,8 +41,8 @@ public record UserSession(
return this;
}
public UserSessionBuilder withRoles(Set<ErvuRoleAuthority> roles) {
this.roles = roles;
public UserSessionBuilder withPermissions(Set<ErvuPermissionAuthority> permissions) {
this.permissions = permissions;
return this;
}
@ -52,7 +52,7 @@ public record UserSession(
}
public UserSession build() {
return new UserSession(userId, name, realm, roles, domainId);
return new UserSession(userId, name, realm, permissions, domainId);
}
}
}

47
backend/src/main/java/ru/micord/ervu/account_applications/security/model/jwt/UserClaims.java Normal file
View file

@ -0,0 +1,47 @@
package ru.micord.ervu.account_applications.security.model.jwt;
public record UserClaims(
String userId,
String name,
String realm,
String domainId
) {
public static UserClaimsBuilder builder() {
return new UserClaimsBuilder();
}
public static final class UserClaimsBuilder {
private String userId;
private String name;
private String realm;
private String domainId;
private UserClaimsBuilder() {
}
public UserClaimsBuilder withUserId(String userId) {
this.userId = userId;
return this;
}
public UserClaimsBuilder withName(String name) {
this.name = name;
return this;
}
public UserClaimsBuilder withRealm(String realm) {
this.realm = realm;
return this;
}
public UserClaimsBuilder withDomainId(String domainId) {
this.domainId = domainId;
return this;
}
public UserClaims build() {
return new UserClaims(userId, name, realm, domainId);
}
}
}

4
backend/src/main/java/ru/micord/ervu/account_applications/security/model/jwt/authentication/JwtTokenAuthentication.java
View file

@ -4,7 +4,7 @@ import java.util.Collection;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.UserSession;
public class JwtTokenAuthentication implements Authentication {
@ -22,7 +22,7 @@ public class JwtTokenAuthentication implements Authentication {
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return userSession.roles();
return userSession.permissions();
}
@Override

8
backend/src/main/java/ru/micord/ervu/account_applications/security/model/jwt/authentication/JwtTokenDummy.java
View file

@ -9,15 +9,21 @@ import org.springframework.security.core.GrantedAuthority;
public class JwtTokenDummy implements Authentication {
private final String token;
private final String permissionsHeader;
public JwtTokenDummy(String token) {
public JwtTokenDummy(String token, String permissionsHeader) {
this.token = token;
this.permissionsHeader = permissionsHeader;
}
public String getToken() {
return token;
}
public String getPermissionsHeader() {
return permissionsHeader;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
throw new NotImplementedException("Not implemented for dummy");

16
backend/src/main/java/ru/micord/ervu/account_applications/security/model/role/ErvuPermissionAuthority.java Normal file
View file

@ -0,0 +1,16 @@
package ru.micord.ervu.account_applications.security.model.role;
import org.springframework.security.core.GrantedAuthority;
public class ErvuPermissionAuthority implements GrantedAuthority {
private final String permission;
public ErvuPermissionAuthority(String permission) {
this.permission = permission;
}
@Override
public String getAuthority() {
return permission;
}
}

17
backend/src/main/java/ru/micord/ervu/account_applications/security/model/role/ErvuRoleAuthority.java
View file

@ -1,17 +0,0 @@
package ru.micord.ervu.account_applications.security.model.role;
import org.springframework.security.core.GrantedAuthority;
public class ErvuRoleAuthority implements GrantedAuthority {
private final String role;
public ErvuRoleAuthority(String role) {
this.role = role;
}
@Override
public String getAuthority() {
return role;
}
}

34
backend/src/main/java/ru/micord/ervu/account_applications/security/provider/ErvuJwtAuthenticationProvider.java
View file

@ -1,12 +1,20 @@
package ru.micord.ervu.account_applications.security.provider;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import org.springframework.util.StringUtils;
import ru.micord.ervu.account_applications.security.model.jwt.UserClaims;
import ru.micord.ervu.account_applications.security.model.UserSession;
import ru.micord.ervu.account_applications.security.model.jwt.authentication.JwtTokenAuthentication;
import ru.micord.ervu.account_applications.security.model.jwt.authentication.JwtTokenDummy;
import ru.micord.ervu.account_applications.security.model.role.ErvuPermissionAuthority;
import ru.micord.ervu.account_applications.security.service.JwtTokenService;
@Component
@ -22,10 +30,32 @@ public class ErvuJwtAuthenticationProvider implements AuthenticationProvider {
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
JwtTokenDummy jwtTokenDummy = (JwtTokenDummy) authentication;
String jwtToken = jwtTokenDummy.getToken();
UserSession userSession = jwtTokenService.getUserSession(jwtToken);
String permissionHeader = jwtTokenDummy.getPermissionsHeader();
UserClaims userClaims = jwtTokenService.getUserClaims(jwtToken);
Set<ErvuPermissionAuthority> permissions = extractPermissionsFromHeader(permissionHeader);
UserSession userSession = UserSession.builder()
.withDomainId(userClaims.domainId())
.withUserId(userClaims.userId())
.withPermissions(permissions)
.withName(userClaims.name())
.withRealm(userClaims.realm())
.build();
return new JwtTokenAuthentication(userSession, jwtToken);
}
private Set<ErvuPermissionAuthority> extractPermissionsFromHeader(String permissionsHeader) {
if (!StringUtils.hasText(permissionsHeader)) {
return Collections.emptySet();
}
return Arrays.stream(permissionsHeader.split(","))
.map(String::trim)
.filter(StringUtils::hasText)
.map(String::toLowerCase)
.map(ErvuPermissionAuthority::new)
.collect(Collectors.toSet());
}
@Override
public boolean supports(Class<?> authentication) {
return JwtTokenDummy.class.isAssignableFrom(authentication);

38
backend/src/main/java/ru/micord/ervu/account_applications/security/service/ErvuJwtTokenService.java
View file

@ -3,11 +3,7 @@ package ru.micord.ervu.account_applications.security.service;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
@ -16,8 +12,7 @@ import io.jsonwebtoken.Jwts;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import ru.micord.ervu.account_applications.security.exception.JwtProcessingException;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.role.ErvuRoleAuthority;
import ru.micord.ervu.account_applications.security.model.jwt.UserClaims;
@Service
public class ErvuJwtTokenService implements JwtTokenService {
@ -37,24 +32,21 @@ public class ErvuJwtTokenService implements JwtTokenService {
}
@Override
public UserSession getUserSession(String token) {
public UserClaims getUserClaims(String token) {
return enableJwtValidation ? parseToken(token) : unsafeParseToken(token);
}
protected UserSession unsafeParseToken(String token) {
protected UserClaims unsafeParseToken(String token) {
try {
token = token.substring(0, token.lastIndexOf(".") + 1);
JwtParser parser = Jwts.parser();
Claims claims = parser.parseClaimsJwt(token).getBody();
List<String> lowerCaseRoles = getLowerCaseRoles(claims);
return UserSession.builder()
return UserClaims.builder()
.withUserId(claims.getSubject())
.withName(claims.get("name", String.class))
.withRealm(claims.get("realm", String.class))
.withDomainId(claims.get("domain_id", String.class))
.withRoles(getRoles(lowerCaseRoles))
.build();
}
catch (JwtException e) {
@ -62,7 +54,7 @@ public class ErvuJwtTokenService implements JwtTokenService {
}
}
protected UserSession parseToken(String token) {
protected UserClaims parseToken(String token) {
JwtParser parser = Jwts.parser();
try {
if (issuer != null && !issuer.isEmpty()) {
@ -74,14 +66,12 @@ public class ErvuJwtTokenService implements JwtTokenService {
}
Claims claims = parser.parseClaimsJws(token).getBody();
List<String> lowerCaseRoles = getLowerCaseRoles(claims);
return UserSession.builder()
return UserClaims.builder()
.withUserId(claims.getSubject())
.withName(claims.get("name", String.class))
.withRealm(claims.get("realm", String.class))
.withDomainId(claims.get("domain_id", String.class))
.withRoles(getRoles(lowerCaseRoles))
.build();
}
catch (JwtException e) {
@ -89,22 +79,6 @@ public class ErvuJwtTokenService implements JwtTokenService {
}
}
private List<String> getLowerCaseRoles(Claims claims) {
List<String> roleList = claims.get("roles", ArrayList.class);
return roleList != null ?
roleList.stream()
.map(String::toLowerCase)
.collect(Collectors.toList()) :
new ArrayList<>();
}
protected Set<ErvuRoleAuthority> getRoles(List<String> roles) {
return roles
.stream()
.map(ErvuRoleAuthority::new)
.collect(Collectors.toSet());
}
private PublicKey extractPublicKey(String publicKeyStr) {
try {
byte[] decodedPublicKey = Base64.getDecoder().decode(publicKeyStr);

5
backend/src/main/java/ru/micord/ervu/account_applications/security/service/JwtTokenService.java
View file

@ -1,8 +1,7 @@
package ru.micord.ervu.account_applications.security.service;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.jwt.UserClaims;
public interface JwtTokenService {
UserSession getUserSession(String token);
UserClaims getUserClaims(String token);
}

2
backend/src/main/java/ru/micord/ervu/account_applications/service/UserApplicationListService.java
View file

@ -8,7 +8,7 @@ import org.springframework.stereotype.Service;
import ru.micord.ervu.account_applications.component.dao.AuditDao;
import ru.micord.ervu.account_applications.dao.UserApplicationListDao;
import ru.micord.ervu.account_applications.security.context.SecurityContext;
import ru.micord.ervu.account_applications.security.model.jwt.UserSession;
import ru.micord.ervu.account_applications.security.model.UserSession;
import utils.DateTimeUtil;
import static ru.micord.ervu.account_applications.enums.ApplicationStatus.ACCEPTED;

8
frontend/src/ts/account_applications/ErvuCheckUserRole.ts → frontend/src/ts/account_applications/ErvuCheckUserPermission.ts
View file

@ -1,8 +1,8 @@
import {AnalyticalScope, Behavior, Source, Visible} from "@webbpm/base-package";
import {AnalyticalScope, Behavior, Visible} from "@webbpm/base-package";
import {AuthorizationService} from "../modules/app/service/authorization.service";
@AnalyticalScope(Behavior)
export class ErvuCheckUserRole extends Behavior{
export class ErvuCheckUserPermission extends Behavior{
private authService: AuthorizationService;
public initialize(): void {
@ -11,7 +11,7 @@ export class ErvuCheckUserRole extends Behavior{
}
@Visible()
public hasRole(@Source("roles") role: string): boolean {
return this.authService.hasRole(role);
public hasPermissions(roles: string[]): boolean {
return this.authService.hasAnyPermission(roles);
}
}

3
frontend/src/ts/account_applications/component/button/UserManagementService.ts
View file

@ -28,6 +28,7 @@ import {ResetPasswordData} from "./dto/password/ResetPasswordData";
import {ProcessRequest} from "./dto/ProcessRequest";
import {StatusUpdateService} from "../../../modules/app/service/status-update.service";
import {BlockedRegion} from "../../../generated/ru/micord/ervu/account_applications/enums/BlockedRegion";
import {ErvuPermission} from "../../../modules/app/enum/ErvuRole";
@AnalyticalScope(SaveButton)
export class UserManagementService extends Behavior {
@ -56,7 +57,7 @@ export class UserManagementService extends Behavior {
this.authService = this.injector.get(AuthorizationService);
this.statusUpdateService = this.injector.get(StatusUpdateService);
this.onClickFunction = () => {
if (!this.authService.hasRole('security_administrator') || !this.sendToErvu) {
if (!this.authService.hasPermission(ErvuPermission.APPROVER) || !this.sendToErvu) {
return;
}
const kind = this.applicationKind.getValue();

3
frontend/src/ts/account_applications/component/field/DropdownTreeViewComponent.ts
View file

@ -30,6 +30,7 @@ import {
TreeItemRpcService
} from "../../../generated/ru/micord/ervu/account_applications/component/rpc/TreeItemRpcService";
import {AuthorizationService} from "../../../modules/app/service/authorization.service";
import {ErvuPermission} from "../../../modules/app/enum/ErvuRole";
@Component({
@ -85,7 +86,7 @@ export class DropdownTreeViewComponent extends InputControl {
this.localStorageService = this.injector.get(LocalStorageService);
this.pageContextHolder = this.injector.get(PageContextHolder);
let authService = this.injector.get(AuthorizationService);
if (authService.hasRole('security_administrator')) {
if (authService.hasPermission(ErvuPermission.APPROVER)) {
this.skipInitialSelection = true;
}
this.webbpmStorage =

10
frontend/src/ts/mfe-app-tools.ts
View file

@ -4,10 +4,16 @@ import {NgModuleRef} from "@angular/core";
let childEventHandlerFromContainer = null;
export type ChildEventType = 'navigate' | 'token-request' | 'ws-request'
export type ChildEventType =
'navigate'
| 'token-request'
| 'ws-request'
| 'oidc-user-request'
| 'permissions-request';
export type ParentEventType = 'navigate';
export function fireMfeEventToContainer(eventType: ChildEventType, eventData: any): Promise<any> {
export function fireMfeEventToContainer(eventType: ChildEventType, eventData: any) {
if (typeof childEventHandlerFromContainer === 'function') {
return childEventHandlerFromContainer(eventType, eventData);
}

12
frontend/src/ts/modules/app/app-routing.module.ts
View file

@ -2,7 +2,7 @@ import {NgModule} from "@angular/core";
import {RouterModule, Routes} from "@angular/router";
import {ConfirmExitGuard} from "@webbpm/base-package";
import {RolesGuard} from "./guard/RolesGuard";
import {ErvuRole} from "./enum/ErvuRole";
import {ErvuPermission} from "./enum/ErvuRole";
const appRoutes: Routes = [
{
@ -15,7 +15,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-add_user_application.module#Pageadd_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -23,7 +23,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-edit_user_application.module#Pageedit_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -31,7 +31,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-block_user_application.module#Pageblock_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -39,7 +39,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-reset_password.module#Pagereset_passwordModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -63,7 +63,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-unblock_user_application.module#Pageunblock_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
}
];

2
frontend/src/ts/modules/app/enum/ErvuRole.ts
View file

@ -1,4 +1,4 @@
export enum ErvuRole {
export enum ErvuPermission {
CREATOR = 'responsible_for_information_security',
REVIEWER = 'responsible_for_internal_control',
APPROVER = 'security_administrator'

22
frontend/src/ts/modules/app/guard/RolesGuard.ts
View file

@ -9,12 +9,12 @@ import {Injectable} from "@angular/core";
import {AuthorizationService} from "../service/authorization.service";
import {TokenProvider} from "../provider/token.provider";
import {HttpClient} from "@angular/common/http";
import {ErvuRole} from "../enum/ErvuRole";
import {ErvuPermission} from "../enum/ErvuRole";
@Injectable({providedIn: 'root'})
export class RolesGuard implements CanActivate{
private allowedRoles: string[];
private allowedPermissions: string[];
constructor(protected authService: AuthorizationService,
protected tokenProvider: TokenProvider,
@ -27,7 +27,7 @@ export class RolesGuard implements CanActivate{
if (!await this.tokenProvider.getToken()) {
return this.getUrlOnFailure()
}
this.allowedRoles = route.data && route.data.roles ? route.data.roles : [];
this.allowedPermissions = route.data && route.data.permissions ? route.data.permissions : [];
let checkOrg = route.data && route.data.checkOrg;
if (!this.authService.isAuthorized()) {
@ -36,12 +36,12 @@ export class RolesGuard implements CanActivate{
if (checkOrg) {
return this.checkOrgByAppId(route.params.id);
}
return this.checkRoles() ? true : this.getUrlOnFailure();
return this.checkPermissions() ? true : this.getUrlOnFailure();
})
.catch(() => this.getUrlOnFailure());
}
else {
return checkOrg ? this.checkOrgByAppId(route.params.id) : this.checkRoles();
return checkOrg ? this.checkOrgByAppId(route.params.id) : this.checkPermissions();
}
}
@ -49,17 +49,17 @@ export class RolesGuard implements CanActivate{
return null;
}
protected checkRoles(): boolean {
return this.allowedRoles.length === 0
|| this.authService.hasAnyRole(this.allowedRoles);
protected checkPermissions(): boolean {
return this.allowedPermissions.length === 0
|| this.authService.hasAnyPermission(this.allowedPermissions);
}
private checkOrgByAppId(id: string): Promise<boolean | UrlTree> {
if (this.authService.hasAnyRole([ErvuRole.CREATOR, ErvuRole.REVIEWER])) {
if (this.authService.hasAnyPermission([ErvuPermission.CREATOR, ErvuPermission.REVIEWER])) {
return this.httpClient.get("allowed", {
headers: {
'app-number': id,
'check-parents': (!this.authService.hasRole(ErvuRole.CREATOR)).toString()
'check-parents': (!this.authService.hasPermission(ErvuPermission.CREATOR)).toString()
},
observe: 'response'
})
@ -69,7 +69,7 @@ export class RolesGuard implements CanActivate{
})
.catch(() => this.getUrlOnFailure());
}
else if (this.authService.hasRole(ErvuRole.APPROVER)) {
else if (this.authService.hasPermission(ErvuPermission.APPROVER)) {
return Promise.resolve(true);
}

21
frontend/src/ts/modules/app/interceptor/permission.interceptor.service.ts Normal file
View file

@ -0,0 +1,21 @@
import {HttpEvent, HttpHandler, HttpInterceptor, HttpRequest} from "@angular/common/http";
import {Observable} from "rxjs";
import { Injectable } from "@angular/core";
import {PermissionProvider} from "../provider/permission.provider";
@Injectable({ providedIn: 'root' })
export class PermissionInterceptor implements HttpInterceptor {
constructor(private permissionProvider: PermissionProvider) {}
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
const permissions = this.permissionProvider.getUserPermissions();
if (permissions.length > 0) {
request = request.clone({
setHeaders: { 'X-User-Permissions': permissions.join(',') }
});
}
return next.handle(request);
}
}

23
frontend/src/ts/modules/app/interceptor/token.interceptor.service.ts
View file

@ -2,20 +2,21 @@ import {HttpEvent, HttpHandler, HttpInterceptor, HttpRequest} from "@angular/com
import {from, Observable} from "rxjs";
import {TokenProvider} from "../provider/token.provider";
import {Injectable} from "@angular/core";
import {switchMap} from "rxjs/operators";
@Injectable({providedIn: 'root'})
export class TokenInterceptor implements HttpInterceptor{
constructor(protected tokenProvider: TokenProvider) { }
export class TokenInterceptor implements HttpInterceptor {
constructor(protected tokenProvider: TokenProvider) {
}
intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
return from(this.handle(request, next))
}
private async handle(request: HttpRequest<any>, next: HttpHandler): Promise<HttpEvent<any>> {
const token = await this.tokenProvider.getToken();
request = request.clone({
setHeaders: {Authorization: `Bearer ${token}`}
});
return next.handle(request).toPromise();
return from(this.tokenProvider.getToken()).pipe(
switchMap(token => {
const modifiedRequest = request.clone({
setHeaders: {Authorization: `Bearer ${token}`}
});
return next.handle(modifiedRequest);
})
);
}
}

5
frontend/src/ts/modules/app/provider/permission.provider.ts Normal file
View file

@ -0,0 +1,5 @@
export class PermissionProvider {
getUserPermissions(): string[] {
return null;
}
}

16
frontend/src/ts/modules/app/service/authorization.service.ts
View file

@ -9,7 +9,7 @@ export interface UserSession {
name: string,
realm: string,
domainId: string,
roles: string[]
permissions: string[]
}
@Injectable({providedIn: 'root'})
@ -30,7 +30,7 @@ export class AuthorizationService implements OnDestroy {
this.session = session;
this.onSessionUpdate.next(session);
if (this.hasRole('security_administrator')) {
if (this.hasPermission('security_administrator')) {
this.websocketService.subscribe(({data}) => {
let parsedObj = JSON.parse(data);
@ -49,12 +49,12 @@ export class AuthorizationService implements OnDestroy {
return !!this.session;
}
hasAnyRole(roles: string[]): boolean {
return this.isAuthorized() && roles.some(role => this.getRoles().includes(role));
hasAnyPermission(permissions: string[]): boolean {
return this.isAuthorized() && permissions.some(role => this.getPermissions().includes(role));
}
hasRole(role: string): boolean {
return this.isAuthorized() && this.getRoles().includes(role);
hasPermission(permission: string): boolean {
return this.isAuthorized() && this.getPermissions().includes(permission);
}
getUserId(): string{
@ -73,8 +73,8 @@ export class AuthorizationService implements OnDestroy {
return this.isAuthorized() ? this.session.domainId : null;
}
getRoles(): string[] {
return this.isAuthorized() ? this.session.roles : null;
getPermissions(): string[] {
return this.isAuthorized() ? this.session.permissions : null;
}
ngOnDestroy(): void {

4
frontend/src/ts/modules/mfe/interceptor/mfe-default-interceptors.prod.ts
View file

@ -5,11 +5,13 @@ import {
HttpSecurityInterceptor
} from "@webbpm/base-package";
import {TokenInterceptor} from "../../app/interceptor/token.interceptor.service";
import {PermissionInterceptor} from "../../app/interceptor/permission.interceptor.service";
export const DEFAULT_HTTP_INTERCEPTOR_PROVIDERS = [
{provide: HTTP_INTERCEPTORS, useClass: HttpSecurityInterceptor, multi: true},
{provide: HTTP_INTERCEPTORS, useClass: HttpSecurityErrorInterceptor, multi: true},
{provide: HTTP_INTERCEPTORS, useClass: FormDirtyInterceptor, multi: true},
{provide: HTTP_INTERCEPTORS, useClass: TokenInterceptor, multi: true}
{provide: HTTP_INTERCEPTORS, useClass: TokenInterceptor, multi: true},
{provide: HTTP_INTERCEPTORS, useClass: PermissionInterceptor, multi: true}
];

3
frontend/src/ts/modules/mfe/mfe-webbpm.module.ts
View file

@ -28,6 +28,8 @@ import {TokenProvider} from "../app/provider/token.provider";
import {MfeTokenProvider} from "./provider/mfe-token.provider";
import {DEFAULT_HTTP_INTERCEPTOR_PROVIDERS} from "./interceptor/mfe-default-interceptors.prod";
import {MfeOverlayContainer} from "./overlay/mfe-overlay-container.service";
import {PermissionProvider} from "../app/provider/permission.provider";
import {MfePermissionProvider} from "./provider/mfe-permission.provider";
let IMPORTS = [
@ -61,6 +63,7 @@ let IMPORTS = [
{provide: RolesGuard, useClass: MfeRolesGuard},
{provide: TokenProvider, useClass: MfeTokenProvider},
{provide: OverlayContainer, useClass: MfeOverlayContainer},
{provide: PermissionProvider, useClass: MfePermissionProvider},
DEFAULT_HTTP_INTERCEPTOR_PROVIDERS
],
bootstrap: [

8
frontend/src/ts/modules/mfe/provider/mfe-permission.provider.ts Normal file
View file

@ -0,0 +1,8 @@
import {PermissionProvider} from "../../app/provider/permission.provider";
import {fireMfeEventToContainer} from "../../../mfe-app-tools";
export class MfePermissionProvider extends PermissionProvider {
getUserPermissions(): string[]{
return fireMfeEventToContainer('permissions-request', {});
}
}

677
resources/src/main/resources/business-model/Список заявок на пользователя/Обработка заявки на добавление пользователя.page
View file

File diff suppressed because it is too large Load diff

854
resources/src/main/resources/business-model/Список заявок на пользователя/Обработка заявки на изменение пользователя.page
View file

File diff suppressed because it is too large Load diff

57
resources/src/main/resources/business-model/Список заявок на пользователя/Создание заявки на добавление пользователя.page
View file

@ -203,9 +203,9 @@
<scripts id="4a2eb40d-0aa7-441a-8c1b-e8bd28420123">
<enabled>false</enabled>
</scripts>
<scripts id="2934f80a-329e-429f-b57b-54ede85886f2">
<scripts id="855e976d-7c3a-4ec7-ba54-cdb2be04f715">
<classRef type="TS">
<className>ErvuCheckUserRole</className>
<className>ErvuCheckUserPermission</className>
<packageName>account_applications</packageName>
</classRef>
<enabled>true</enabled>
@ -259,7 +259,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="a2394746-9069-4a60-ac16-a7a4e95eb36e" removed="false">
<value>
<complex>
<entry>
@ -287,11 +287,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="230da850-cf66-4fcf-b950-91a7f19b1f57" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
@ -300,13 +308,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -344,6 +352,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -407,6 +416,7 @@
<componentRootId>6d5d7b1f-43ab-4651-b5a1-9ee3fca90aac</componentRootId>
<name>AC_agreeer</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -448,7 +458,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="24aa4f68-cc3a-4304-a6dc-b9d2d29f2d91" removed="false">
<value>
<complex>
<entry>
@ -476,11 +486,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="3b84571b-432c-4df6-af79-f7009bd80200" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</entry>
</complex>
@ -489,13 +507,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -533,6 +551,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -596,6 +615,7 @@
<componentRootId>20a8ea69-2a83-440b-8ae3-88c55093e3fc</componentRootId>
<name>AC_processor</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -637,7 +657,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="e0f1e8d2-6ba6-477e-bf39-4b17c9e665b1" removed="false">
<value>
<complex>
<entry>
@ -665,11 +685,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="95dc0770-aa4e-4712-9e00-9c40c0e80dd8" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</entry>
</complex>
@ -678,13 +706,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -722,6 +750,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>

64
resources/src/main/resources/business-model/Список заявок на пользователя/Создать заявку на активацию.page
View file

@ -196,16 +196,9 @@
<scripts id="4a2eb40d-0aa7-441a-8c1b-e8bd28420123">
<enabled>false</enabled>
</scripts>
<scripts id="1fe055d4-74d3-4e19-b309-8456a4c8a093">
<scripts id="604f33e4-2001-4495-b5c5-11f7954babce">
<classRef type="TS">
<className>CheckUserRole</className>
<packageName>modules.user-management.component</packageName>
</classRef>
<expanded>true</expanded>
</scripts>
<scripts id="5e447b4c-2648-463c-8404-b859a6bdb8c2">
<classRef type="TS">
<className>ErvuCheckUserRole</className>
<className>ErvuCheckUserPermission</className>
<packageName>account_applications</packageName>
</classRef>
<enabled>true</enabled>
@ -259,7 +252,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="a24158a6-c684-41d5-bdf3-2d1fe44c1075" removed="false">
<value>
<complex>
<entry>
@ -287,11 +280,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="e4bc8a80-b037-4637-b366-92e44e760631" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
@ -300,13 +301,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -344,6 +345,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -407,6 +409,7 @@
<componentRootId>6d5d7b1f-43ab-4651-b5a1-9ee3fca90aac</componentRootId>
<name>AC_agreeer</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -448,7 +451,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="b2f46884-238a-4516-b391-30cf8e31ee69" removed="false">
<value>
<complex>
<entry>
@ -476,11 +479,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="bf8e8099-a0a7-489d-8a30-73f910a3cb78" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</entry>
</complex>
@ -489,13 +500,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -533,6 +544,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -596,6 +608,7 @@
<componentRootId>20a8ea69-2a83-440b-8ae3-88c55093e3fc</componentRootId>
<name>AC_processor</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -637,7 +650,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="8edc3de2-cc41-4719-ae37-d56c1823c94b" removed="false">
<value>
<complex>
<entry>
@ -665,11 +678,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="ae1c23a2-a014-4607-9383-c2cca7ac785c" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</entry>
</complex>
@ -678,13 +699,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -722,6 +743,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>

66
resources/src/main/resources/business-model/Список заявок на пользователя/Создать заявку на деактивацию.page
View file

@ -188,6 +188,7 @@
<componentRootId>fd41e974-6a38-4c4f-8458-c4100249853b</componentRootId>
<name>user_role</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="26133e8f-65d7-44ca-a0a4-68db3f5b62a3"/>
<scripts id="86e89129-ae47-46eb-80bf-cc2f085b417d"/>
@ -196,16 +197,9 @@
<scripts id="4a2eb40d-0aa7-441a-8c1b-e8bd28420123">
<enabled>false</enabled>
</scripts>
<scripts id="1fe055d4-74d3-4e19-b309-8456a4c8a093">
<scripts id="dcfd7015-28f2-4cee-beda-45dda3c44eda">
<classRef type="TS">
<className>CheckUserRole</className>
<packageName>modules.user-management.component</packageName>
</classRef>
<expanded>true</expanded>
</scripts>
<scripts id="fb52922a-4a4e-442f-ae60-174eb7e298b0">
<classRef type="TS">
<className>ErvuCheckUserRole</className>
<className>ErvuCheckUserPermission</className>
<packageName>account_applications</packageName>
</classRef>
<enabled>true</enabled>
@ -217,6 +211,7 @@
<componentRootId>d4bb4c8f-6378-45c2-b397-4e18bbbff280</componentRootId>
<name>AC_creator</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -258,7 +253,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="f66f7c5a-c923-411e-94c9-6034245990f4" removed="false">
<value>
<complex>
<entry>
@ -286,11 +281,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="e76ab14b-61bb-4607-851b-57b377843564" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
@ -299,13 +302,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -343,6 +346,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -406,6 +410,7 @@
<componentRootId>6d5d7b1f-43ab-4651-b5a1-9ee3fca90aac</componentRootId>
<name>AC_agreeer</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -447,7 +452,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="75473166-304a-43c7-93c6-3e28504f29f6" removed="false">
<value>
<complex>
<entry>
@ -475,11 +480,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="a0f95b3e-bdb1-4f5e-b035-9c34c96749a0" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</entry>
</complex>
@ -488,13 +501,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -532,6 +545,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -595,6 +609,7 @@
<componentRootId>20a8ea69-2a83-440b-8ae3-88c55093e3fc</componentRootId>
<name>AC_processor</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -636,7 +651,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="91d89dee-52fc-4508-834a-050a167a2253" removed="false">
<value>
<complex>
<entry>
@ -664,11 +679,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="aadcbfe3-3bfa-4806-b761-d41565da9b28" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</entry>
</complex>
@ -677,13 +700,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -721,6 +744,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>

55
resources/src/main/resources/business-model/Список заявок на пользователя/Создать заявку на изменение.page
View file

@ -204,9 +204,9 @@
<scripts id="4a2eb40d-0aa7-441a-8c1b-e8bd28420123">
<enabled>false</enabled>
</scripts>
<scripts id="6548613a-eb58-41ca-92c2-2e4f0ad6f270">
<scripts id="38c12ea1-2b61-452b-aed1-4ad9139ded74">
<classRef type="TS">
<className>ErvuCheckUserRole</className>
<className>ErvuCheckUserPermission</className>
<packageName>account_applications</packageName>
</classRef>
<enabled>true</enabled>
@ -260,7 +260,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="e5b112ba-f524-4fbe-9ea3-3e22e7c5c55a" removed="false">
<value>
<complex>
<entry>
@ -288,11 +288,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="087403cf-0d4c-42bf-93b0-8716202d482a" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
@ -301,13 +309,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -345,6 +353,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -450,7 +459,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="7d99f7f7-bd57-4717-9214-25b985bf6329" removed="false">
<value>
<complex>
<entry>
@ -478,11 +487,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="c29e77cd-8d14-411a-8e5e-7cfcf9d3a5ce" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</entry>
</complex>
@ -491,13 +508,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -535,6 +552,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -640,7 +658,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="8c8b680c-1aab-454f-8c04-5245ec89e26f" removed="false">
<value>
<complex>
<entry>
@ -668,11 +686,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="f869bfba-0174-4b78-a41a-a50dd8c2d9da" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</entry>
</complex>
@ -681,13 +707,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -725,6 +751,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>

59
resources/src/main/resources/business-model/Список заявок на пользователя/Создать заявку на сброс пароля.page
View file

@ -203,12 +203,13 @@
</classRef>
<expanded>true</expanded>
</scripts>
<scripts id="dd66e052-6716-4c25-aa15-89323be73ccd">
<scripts id="6d900d37-2950-4f8a-87a4-dc65d4b5402d">
<classRef type="TS">
<className>ErvuCheckUserRole</className>
<className>ErvuCheckUserPermission</className>
<packageName>account_applications</packageName>
</classRef>
<enabled>true</enabled>
<expanded>true</expanded>
</scripts>
</children>
<children id="d4bb4c8f-6378-45c2-b397-4e18bbbff280">
@ -216,6 +217,7 @@
<componentRootId>d4bb4c8f-6378-45c2-b397-4e18bbbff280</componentRootId>
<name>AC_creator</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -257,7 +259,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="01f783f8-b419-4741-b4d5-abae621a0367" removed="false">
<value>
<complex>
<entry>
@ -285,11 +287,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="1d62c46e-c393-4be7-846a-921f89b7b180" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
@ -298,13 +308,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -342,6 +352,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -405,6 +416,7 @@
<componentRootId>6d5d7b1f-43ab-4651-b5a1-9ee3fca90aac</componentRootId>
<name>AC_agreeer</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -446,7 +458,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="f4da7bbd-cf3f-496b-b69c-5a8c792acc50" removed="false">
<value>
<complex>
<entry>
@ -474,11 +486,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="47a98ed1-0de7-4c7e-a7cb-7ebbfc8a1178" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</entry>
</complex>
@ -487,13 +507,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -531,6 +551,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -594,6 +615,7 @@
<componentRootId>20a8ea69-2a83-440b-8ae3-88c55093e3fc</componentRootId>
<name>AC_processor</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -635,7 +657,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="95ed1de1-b6ac-496e-bcfd-813de298deee" removed="false">
<value>
<complex>
<entry>
@ -663,11 +685,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="ec564236-7797-4d50-bf39-7333dd0145ea" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</entry>
</complex>
@ -676,13 +706,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"fd41e974-6a38-4c4f-8458-c4100249853b","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -720,6 +750,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>

239
resources/src/main/resources/business-model/Список заявок на пользователя/Список заявок.page
View file

@ -109,9 +109,9 @@
<scripts id="87f3fefa-b77b-4137-aab6-b2bcd83ce380"/>
<scripts id="ef21ca22-3f81-4484-ba6f-58d670c12d4f"/>
<scripts id="277e6fbc-9e2e-4080-bf20-5d8be18e6764"/>
<scripts id="e0d9e080-c2e8-48ad-a233-163e95d90601">
<scripts id="43d3ab94-2c60-484c-bd4c-27f05d6a1f13">
<classRef type="TS">
<className>ErvuCheckUserRole</className>
<className>ErvuCheckUserPermission</className>
<packageName>account_applications</packageName>
</classRef>
<enabled>true</enabled>
@ -189,6 +189,7 @@
<componentRootId>3bd56bf0-c1d3-458b-b481-1263f13b6ee7</componentRootId>
<name>AC_creator</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -230,7 +231,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="31b03217-79d2-4617-80c6-4e53077d114b" removed="false">
<value>
<complex>
<entry>
@ -258,11 +259,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="96de7009-83f7-4b63-aa69-bcccbdcb4782" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
@ -271,13 +280,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -315,6 +324,9 @@
</complex>
</value>
</item>
<item id="e0d4590a-b673-4420-88b4-0de5ffbe971a" removed="true"/>
<item id="64d17c7a-203f-4df2-ba3e-fe0cb191a373" removed="true"/>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -414,6 +426,7 @@
<componentRootId>792a47fe-3de2-475c-b6f8-1947a7e34b38</componentRootId>
<name>AC_agreeer</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -455,7 +468,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="cc45148e-c609-4c41-b3e5-721374f55faf" removed="false">
<value>
<complex>
<entry>
@ -483,11 +496,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="9c9c9802-ae97-4ce1-a277-220a61e23d9d" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_internal_control"</simple>
</value>
</entry>
</complex>
@ -496,13 +517,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -540,6 +561,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -639,6 +661,7 @@
<componentRootId>98a48909-42d2-4f0f-92c1-a5121bee2d14</componentRootId>
<name>AC_processor</name>
<container>false</container>
<expanded>false</expanded>
<childrenReordered>false</childrenReordered>
<scripts id="37dff5c8-1599-4984-b107-c44a87b6da2e">
<properties>
@ -680,7 +703,7 @@
<entry>
<key>conditions</key>
<value>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="false">
<item id="65a259a1-e850-46f6-a836-1484995a3807" removed="false">
<value>
<complex>
<entry>
@ -708,11 +731,19 @@
<entry>
<key>staticValue</key>
<value>
<item id="f6f1fb26-758e-4f06-9c78-702c591bba8b" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"security_administrator"</simple>
</value>
</entry>
</complex>
@ -721,13 +752,13 @@
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
@ -765,6 +796,7 @@
</complex>
</value>
</item>
<item id="cac14c7f-f41f-41e1-962b-59171d998499" removed="true"/>
</value>
</entry>
<entry>
@ -3650,91 +3682,7 @@
</complex>
</value>
</item>
<item id="f4e03019-649a-4be5-9ce5-c3987ad95cdb" removed="false">
<value>
<complex>
<entry>
<key>_isGroupSelected</key>
<value>
<simple>false</simple>
</value>
</entry>
<entry>
<key>one</key>
<value>
<complex>
<entry>
<key>conditionFirstPart</key>
<value>
<complex>
<entry>
<key>objectValue</key>
<value>
<complex>
<entry>
<key>argument</key>
<value>
<complex>
<entry>
<key>staticValue</key>
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</entry>
</complex>
</value>
</entry>
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserRole","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasRole"</simple>
</value>
</entry>
</complex>
</value>
</entry>
</complex>
</value>
</entry>
<entry>
<key>conditionSecondPart</key>
<value>
<complex>
<entry>
<key>staticValue</key>
<value>
<implRef type="TS">
<className>boolean</className>
<packageName></packageName>
</implRef>
<simple>true</simple>
</value>
</entry>
</complex>
</value>
</entry>
<entry>
<key>operation</key>
<value>
<simple>"EQUALS"</simple>
</value>
</entry>
</complex>
</value>
</entry>
</complex>
</value>
</item>
<item id="f4e03019-649a-4be5-9ce5-c3987ad95cdb" removed="true"/>
<item id="3b3fac0c-d629-4213-90ae-09842d615214" removed="true"/>
<item id="19007514-21ec-4bc7-b84b-c270824376ec" removed="false">
<value>
@ -3946,6 +3894,99 @@
<value>
<simple>"OR"</simple>
</value>
</entry>
</complex>
</value>
</entry>
</complex>
</value>
</item>
<item id="3c0f2020-75c4-4c88-a95e-366d588397bf" removed="false">
<value>
<complex>
<entry>
<key>_isGroupSelected</key>
<value>
<simple>false</simple>
</value>
</entry>
<entry>
<key>one</key>
<value>
<complex>
<entry>
<key>conditionFirstPart</key>
<value>
<complex>
<entry>
<key>objectValue</key>
<value>
<complex>
<entry>
<key>argument</key>
<value>
<complex>
<entry>
<key>staticValue</key>
<value>
<item id="66f58720-fe9d-43e3-a42c-960986969133" removed="false">
<value>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
<simple>"responsible_for_information_security"</simple>
</value>
</item>
<implRef type="TS">
<className>string</className>
<packageName></packageName>
</implRef>
</value>
</entry>
</complex>
</value>
</entry>
<entry>
<key>behavior</key>
<value>
<simple>{"objectId":"891cc099-3ea0-45f4-b2a9-85550ae1136d","packageName":"account_applications","className":"ErvuCheckUserPermission","type":"TS"}</simple>
</value>
</entry>
<entry>
<key>method</key>
<value>
<simple>"hasPermissions"</simple>
</value>
</entry>
</complex>
</value>
</entry>
</complex>
</value>
</entry>
<entry>
<key>conditionSecondPart</key>
<value>
<complex>
<entry>
<key>staticValue</key>
<value>
<implRef type="TS">
<className>boolean</className>
<packageName></packageName>
</implRef>
<simple>true</simple>
</value>
</entry>
</complex>
</value>
</entry>
<entry>
<key>operation</key>
<value>
<simple>"EQUALS"</simple>
</value>
</entry>
</complex>
</value>