micord/ervu-account-applications
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SUPPORT-9363: fixes

Browse source
This commit is contained in:
adel.ka 2025-09-01 09:53:04 +03:00
parent ae5181e9f2
commit 7351fb3a8f
14 changed files with 487 additions and 168 deletions
Download patch file Download diff file Expand all files Collapse all files

6
frontend/src/ts/account_applications/ErvuCheckUserRole.ts → frontend/src/ts/account_applications/ErvuCheckUserPermission.ts
View file

@ -2,7 +2,7 @@ import {AnalyticalScope, Behavior, Visible} from "@webbpm/base-package";
import {AuthorizationService} from "../modules/app/service/authorization.service";
@AnalyticalScope(Behavior)
export class ErvuCheckUserRole extends Behavior{
export class ErvuCheckUserPermission extends Behavior{
private authService: AuthorizationService;
public initialize(): void {
@ -11,7 +11,7 @@ export class ErvuCheckUserRole extends Behavior{
}
@Visible()
public hasAnyPermission(permission: string []): boolean {
return this.authService.hasAnyPermission(permission);
public hasPermissions(roles: string[]): boolean {
return this.authService.hasAnyPermission(roles);
}
}

3
frontend/src/ts/account_applications/component/button/UserManagementService.ts
View file

@ -28,6 +28,7 @@ import {ResetPasswordData} from "./dto/password/ResetPasswordData";
import {ProcessRequest} from "./dto/ProcessRequest";
import {StatusUpdateService} from "../../../modules/app/service/status-update.service";
import {BlockedRegion} from "../../../generated/ru/micord/ervu/account_applications/enums/BlockedRegion";
import {ErvuPermission} from "../../../modules/app/enum/ErvuRole";
@AnalyticalScope(SaveButton)
export class UserManagementService extends Behavior {
@ -56,7 +57,7 @@ export class UserManagementService extends Behavior {
this.authService = this.injector.get(AuthorizationService);
this.statusUpdateService = this.injector.get(StatusUpdateService);
this.onClickFunction = () => {
if (!this.authService.hasRole('security_administrator') || !this.sendToErvu) {
if (!this.authService.hasPermission(ErvuPermission.APPROVER) || !this.sendToErvu) {
return;
}
const kind = this.applicationKind.getValue();

3
frontend/src/ts/account_applications/component/field/DropdownTreeViewComponent.ts
View file

@ -30,6 +30,7 @@ import {
TreeItemRpcService
} from "../../../generated/ru/micord/ervu/account_applications/component/rpc/TreeItemRpcService";
import {AuthorizationService} from "../../../modules/app/service/authorization.service";
import {ErvuPermission} from "../../../modules/app/enum/ErvuRole";
@Component({
@ -85,7 +86,7 @@ export class DropdownTreeViewComponent extends InputControl {
this.localStorageService = this.injector.get(LocalStorageService);
this.pageContextHolder = this.injector.get(PageContextHolder);
let authService = this.injector.get(AuthorizationService);
if (authService.hasRole('security_administrator')) {
if (authService.hasPermission(ErvuPermission.APPROVER)) {
this.skipInitialSelection = true;
}
this.webbpmStorage =

12
frontend/src/ts/modules/app/app-routing.module.ts
View file

@ -2,7 +2,7 @@ import {NgModule} from "@angular/core";
import {RouterModule, Routes} from "@angular/router";
import {ConfirmExitGuard} from "@webbpm/base-package";
import {RolesGuard} from "./guard/RolesGuard";
import {ErvuRole} from "./enum/ErvuRole";
import {ErvuPermission} from "./enum/ErvuRole";
const appRoutes: Routes = [
{
@ -15,7 +15,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-add_user_application.module#Pageadd_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -23,7 +23,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-edit_user_application.module#Pageedit_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -31,7 +31,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-block_user_application.module#Pageblock_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -39,7 +39,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-reset_password.module#Pagereset_passwordModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
},
{
@ -63,7 +63,7 @@ const appRoutes: Routes = [
loadChildren: 'generated-sources/page-unblock_user_application.module#Pageunblock_user_applicationModule',
canActivate: [ConfirmExitGuard, RolesGuard],
data: {
roles: [ErvuRole.CREATOR]
permissions: [ErvuPermission.CREATOR]
}
}
];

2
frontend/src/ts/modules/app/enum/ErvuRole.ts
View file

@ -1,4 +1,4 @@
export enum ErvuRole {
export enum ErvuPermission {
CREATOR = 'responsible_for_information_security',
REVIEWER = 'responsible_for_internal_control',
APPROVER = 'security_administrator'

22
frontend/src/ts/modules/app/guard/RolesGuard.ts
View file

@ -9,12 +9,12 @@ import {Injectable} from "@angular/core";
import {AuthorizationService} from "../service/authorization.service";
import {TokenProvider} from "../provider/token.provider";
import {HttpClient} from "@angular/common/http";
import {ErvuRole} from "../enum/ErvuRole";
import {ErvuPermission} from "../enum/ErvuRole";
@Injectable({providedIn: 'root'})
export class RolesGuard implements CanActivate{
private allowedRoles: string[];
private allowedPermissions: string[];
constructor(protected authService: AuthorizationService,
protected tokenProvider: TokenProvider,
@ -27,7 +27,7 @@ export class RolesGuard implements CanActivate{
if (!await this.tokenProvider.getToken()) {
return this.getUrlOnFailure()
}
this.allowedRoles = route.data && route.data.roles ? route.data.roles : [];
this.allowedPermissions = route.data && route.data.permissions ? route.data.permissions : [];
let checkOrg = route.data && route.data.checkOrg;
if (!this.authService.isAuthorized()) {
@ -36,12 +36,12 @@ export class RolesGuard implements CanActivate{
if (checkOrg) {
return this.checkOrgByAppId(route.params.id);
}
return this.checkRoles() ? true : this.getUrlOnFailure();
return this.checkPermissions() ? true : this.getUrlOnFailure();
})
.catch(() => this.getUrlOnFailure());
}
else {
return checkOrg ? this.checkOrgByAppId(route.params.id) : this.checkRoles();
return checkOrg ? this.checkOrgByAppId(route.params.id) : this.checkPermissions();
}
}
@ -49,17 +49,17 @@ export class RolesGuard implements CanActivate{
return null;
}
protected checkRoles(): boolean {
return this.allowedRoles.length === 0
|| this.authService.hasAnyRole(this.allowedRoles);
protected checkPermissions(): boolean {
return this.allowedPermissions.length === 0
|| this.authService.hasAnyPermission(this.allowedPermissions);
}
private checkOrgByAppId(id: string): Promise<boolean | UrlTree> {
if (this.authService.hasAnyRole([ErvuRole.CREATOR, ErvuRole.REVIEWER])) {
if (this.authService.hasAnyPermission([ErvuPermission.CREATOR, ErvuPermission.REVIEWER])) {
return this.httpClient.get("allowed", {
headers: {
'app-number': id,
'check-parents': (!this.authService.hasRole(ErvuRole.CREATOR)).toString()
'check-parents': (!this.authService.hasPermission(ErvuPermission.CREATOR)).toString()
},
observe: 'response'
})
@ -69,7 +69,7 @@ export class RolesGuard implements CanActivate{
})
.catch(() => this.getUrlOnFailure());
}
else if (this.authService.hasRole(ErvuRole.APPROVER)) {
else if (this.authService.hasPermission(ErvuPermission.APPROVER)) {
return Promise.resolve(true);
}