From f1f624d05787e4b8a6e4a28608fb67dcea60312b Mon Sep 17 00:00:00 2001
From: Sai Krishna Metpalli <310911@NTTDATA.COM>
Date: Fri, 24 May 2024 09:04:53 -0700
Subject: [PATCH 1/2] TCVP-2687 Fixed the role permissions
---
.../src/app/app-routing.module.ts | 4 +--
.../unauthorized/unauthorized.component.html | 2 +-
.../unauthorized/unauthorized.component.ts | 12 +++++--
.../staff-workbench-dashboard.component.html | 8 ++---
.../staff-workbench-dashboard.component.ts | 19 ++++++++++--
.../src/app/core/guards/auth-guard.ts | 31 ++++++++++++++++---
6 files changed, 58 insertions(+), 18 deletions(-)
diff --git a/src/frontend/staff-portal/src/app/app-routing.module.ts b/src/frontend/staff-portal/src/app/app-routing.module.ts
index 7cf6cd603..6ee48612d 100644
--- a/src/frontend/staff-portal/src/app/app-routing.module.ts
+++ b/src/frontend/staff-portal/src/app/app-routing.module.ts
@@ -16,7 +16,7 @@ let routes: Routes = [
{
path: AppRoutes.STAFF,
canActivate: [AuthorizationGuard],
- data: { expectedRole: UserGroup.VTC_STAFF },
+ data: { roles: [UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF] },
children: [
{
path: '',
@@ -28,7 +28,7 @@ let routes: Routes = [
{
path: AppRoutes.JJ,
canActivate: [AuthorizationGuard],
- data: { expectedRole: UserGroup.JUDICIAL_JUSTICE },
+ data: { roles: [UserGroup.JUDICIAL_JUSTICE, UserGroup.ADMIN_JUDICIAL_JUSTICE, UserGroup.SUPPORT_STAFF] },
children: [
{
path: '',
diff --git a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html
index a2a1d9bde..f260e8d75 100644
--- a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html
+++ b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html
@@ -1,7 +1,7 @@
-
You are not authorized to access Ticket Resolution Management
+ You are not authorized to access the TCO - {{application}} Workbench
\ No newline at end of file
diff --git a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts
index 6d29ba2ad..33fe94371 100644
--- a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts
+++ b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts
@@ -1,11 +1,17 @@
-import { Component } from '@angular/core';
+import { Component, OnInit } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
@Component({
selector: 'app-unauthorized',
templateUrl: './unauthorized.component.html',
styleUrls: ['./unauthorized.component.scss']
})
-export class UnauthorizedComponent {
- constructor() {
+export class UnauthorizedComponent implements OnInit {
+ application: string;
+ constructor(private route: ActivatedRoute) {
+ }
+
+ ngOnInit() {
+ this.application = this.route.snapshot.queryParamMap.get('application');
}
}
diff --git a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html
index 5956e2e6f..1602de537 100644
--- a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html
+++ b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html
@@ -5,22 +5,22 @@
-
+
Ticket Validation
-
+
Decision Validation
-
+
Update Requests
-
+
DCF
diff --git a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts
index 63f47a9dd..0acdafb29 100644
--- a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts
+++ b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts
@@ -10,7 +10,8 @@ import { DisputeService } from 'app/services/dispute.service';
import { UpdateRequestInboxComponent } from '../update-request-inbox/update-request-inbox.component';
import { Store } from '@ngrx/store';
import { JJDisputeStore } from 'app/store';
-import { BusyService } from '@core/services/busy.service';
+import { AuthService } from 'app/services/auth.service';
+import { UserGroup } from '@shared/enums/user-group.enum';
@Component({
selector: 'app-staff-workbench-dashboard',
@@ -28,19 +29,31 @@ export class StaffWorkbenchDashboardComponent implements OnInit {
data$: Observable;
jjDisputeInfo: JJDispute;
+ hasTicketValidationPermission: boolean = false;
+ hasDecisionValidationPermission: boolean = false;
+ hasUpdateRequestsPermission: boolean = false;
+ hasDCFPermission: boolean = false;
+
@ViewChild(DisputeDecisionInboxComponent) disputeChild: DisputeDecisionInboxComponent;
@ViewChild(TicketInboxComponent) ticketChild: TicketInboxComponent;
@ViewChild(UpdateRequestInboxComponent) updateRequestChild: UpdateRequestInboxComponent;
constructor(
+ private authService: AuthService,
private disputeService: DisputeService,
- private busyService: BusyService,
private store: Store
) {
}
ngOnInit(): void {
- // this.busyService.busy$.subscribe(i => this.busy = i);
+ this.authService.userProfile$.subscribe(userProfile => {
+ if (userProfile) {
+ this.hasTicketValidationPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]);
+ this.hasDecisionValidationPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]);
+ this.hasUpdateRequestsPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]);
+ this.hasDCFPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]);
+ }
+ });
this.data$ = this.store.select(JJDisputeStore.Selectors.JJDisputes).pipe(filter(i => !!i));
}
diff --git a/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts b/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts
index accad3827..ba4227d2f 100644
--- a/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts
+++ b/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts
@@ -1,5 +1,6 @@
import { Injectable } from '@angular/core';
import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
+import { AppRoutes } from 'app/app.routes';
import { AuthService } from 'app/services/auth.service';
import { KeycloakAuthGuard, KeycloakService } from 'keycloak-angular';
@@ -17,20 +18,40 @@ export class AuthorizationGuard extends KeycloakAuthGuard {
public async isAccessAllowed(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
// Force the user to log in if currently unauthenticated.
+ let permission;
if (!this.authenticated) {
this.authService.login();
}
-
// Get the roles required from the route.
const requiredRoles = route.data.roles;
// Allow the user to to proceed if no additional roles are required to access the route.
- if (!(requiredRoles instanceof Array) || requiredRoles.length === 0) {
- return true;
+ if (!requiredRoles || requiredRoles.length === 0) {
+ permission = true;
+ } else {
+ if (!this.roles || this.roles.length === 0) {
+ permission = false;
+ }
+ // Allow the user to proceed if any of the required role(s) is/are present.
+ if (requiredRoles.some((role) => this.roles.indexOf(role) > -1))
+ {
+ permission = true;
+ } else {
+ permission = false;
+ };
+ }
+
+ if(!permission){
+ let application;
+ if(state.url.indexOf(AppRoutes.JJ) > -1) {
+ application = "JJ";
+ } else {
+ application = "Staff";
+ }
+ this.router.navigate([AppRoutes.UNAUTHORIZED], {queryParams: {application: application}});
}
- // Allow the user to proceed if all the required roles are present.
- return requiredRoles.some(role => this.roles.includes(role));
+ return permission;
}
}
From e4200e95be58f2f04c98615932d6f86c047b2795 Mon Sep 17 00:00:00 2001
From: Sai Krishna Metpalli <310911@NTTDATA.COM>
Date: Thu, 6 Jun 2024 16:47:19 -0700
Subject: [PATCH 2/2] TCVP-2687 modified the lookup functionality
---
.../src/app/services/auth.service.ts | 51 ++++++++++---------
.../components/header/header.component.ts | 4 ++
2 files changed, 32 insertions(+), 23 deletions(-)
diff --git a/src/frontend/staff-portal/src/app/services/auth.service.ts b/src/frontend/staff-portal/src/app/services/auth.service.ts
index 48d31d089..a9d87f842 100644
--- a/src/frontend/staff-portal/src/app/services/auth.service.ts
+++ b/src/frontend/staff-portal/src/app/services/auth.service.ts
@@ -25,8 +25,8 @@ export class AuthService {
private site: string = "staff-api";
private roles = [
- { name: UserGroup.JUDICIAL_JUSTICE, redirectUrl: AppRoutes.JJ },
- { name: UserGroup.VTC_STAFF, redirectUrl: AppRoutes.STAFF },
+ { name: [UserGroup.JUDICIAL_JUSTICE, UserGroup.ADMIN_JUDICIAL_JUSTICE, UserGroup.SUPPORT_STAFF], redirectUrl: AppRoutes.JJ },
+ { name: [UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF], redirectUrl: AppRoutes.STAFF },
]
constructor(
@@ -35,8 +35,8 @@ export class AuthService {
private toastService: ToastService,
private logger: LoggerService,
private configService: ConfigService,
- private lookupsService: LookupsService, // to be moved
- private store: Store, // to be moved
+ private lookupsService: LookupsService,
+ private store: Store,
) {
this.keycloak.keycloakEvents$.subscribe({
next(event) {
@@ -56,24 +56,11 @@ export class AuthService {
.pipe(
map((response: boolean) => {
if (response) {
- this.loadUserProfile().subscribe(() => { // to be moved
+ this.loadUserProfile().subscribe(() => {
this._isLoggedIn.next(response);
if (this.isLoggedIn && this.isInit) {
this.userProfile$.pipe(first()).subscribe(() => {
- this.isInit = false;
- let observables = [
- this.loadUsersLists(),
- this.lookupsService.init()
- ];
-
- forkJoin(observables).subscribe({
- next: results => {
- this.store.dispatch(JJDisputeStore.Actions.Get());
- },
- error: err => {
- this.logger.error("Landing Page Init: Initial data loading failed");
- }
- });
+ this.isInit = false;
})
}
return response;
@@ -86,6 +73,22 @@ export class AuthService {
);
}
+ loadLookupData(){
+ let observables = [
+ this.loadUsersLists(),
+ this.lookupsService.init()
+ ];
+
+ forkJoin(observables).subscribe({
+ next: results => {
+ this.store.dispatch(JJDisputeStore.Actions.Get());
+ },
+ error: err => {
+ this.logger.error("Landing Page Init: Initial data loading failed");
+ }
+ });
+ }
+
get token(): string {
return this.keycloak.getKeycloakInstance().token;
}
@@ -176,10 +179,12 @@ export class AuthService {
getRedirectUrl(): string {
var result;
this.roles.forEach(r => {
- if (this.keycloak.isUserInRole(r.name, this.site)) {
- result = r.redirectUrl;
- }
- })
+ r.name.forEach(n => {
+ if (this.keycloak.isUserInRole(n, this.site)) {
+ result = r.redirectUrl;
+ }
+ });
+ });
if (!result) {
result = AppRoutes.UNAUTHORIZED;
}
diff --git a/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts b/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts
index b2f859583..be98096f6 100644
--- a/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts
+++ b/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts
@@ -2,6 +2,7 @@ import { Component, ChangeDetectionStrategy, OnInit } from '@angular/core';
import { Title } from '@angular/platform-browser';
import { NavigationEnd, Router, Scroll } from '@angular/router';
import { TranslateService } from '@ngx-translate/core';
+import { AppRoutes } from 'app/app.routes';
import { AppConfigService } from 'app/services/app-config.service';
import { AuthService, KeycloakProfile } from 'app/services/auth.service';
import { filter } from 'rxjs';
@@ -54,6 +55,9 @@ export class HeaderComponent implements OnInit {
this.authService.isLoggedIn$.subscribe(isLoggedIn => {
this.isLoggedIn = isLoggedIn;
this.fullName = this.authService.userProfile?.fullName;
+ if(this.router.url.indexOf(AppRoutes.UNAUTHORIZED) === -1){
+ this.authService.loadLookupData();
+ }
})
})
}