From f1f624d05787e4b8a6e4a28608fb67dcea60312b Mon Sep 17 00:00:00 2001 From: Sai Krishna Metpalli <310911@NTTDATA.COM> Date: Fri, 24 May 2024 09:04:53 -0700 Subject: [PATCH 1/2] TCVP-2687 Fixed the role permissions --- .../src/app/app-routing.module.ts | 4 +-- .../unauthorized/unauthorized.component.html | 2 +- .../unauthorized/unauthorized.component.ts | 12 +++++-- .../staff-workbench-dashboard.component.html | 8 ++--- .../staff-workbench-dashboard.component.ts | 19 ++++++++++-- .../src/app/core/guards/auth-guard.ts | 31 ++++++++++++++++--- 6 files changed, 58 insertions(+), 18 deletions(-) diff --git a/src/frontend/staff-portal/src/app/app-routing.module.ts b/src/frontend/staff-portal/src/app/app-routing.module.ts index 7cf6cd603..6ee48612d 100644 --- a/src/frontend/staff-portal/src/app/app-routing.module.ts +++ b/src/frontend/staff-portal/src/app/app-routing.module.ts @@ -16,7 +16,7 @@ let routes: Routes = [ { path: AppRoutes.STAFF, canActivate: [AuthorizationGuard], - data: { expectedRole: UserGroup.VTC_STAFF }, + data: { roles: [UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF] }, children: [ { path: '', @@ -28,7 +28,7 @@ let routes: Routes = [ { path: AppRoutes.JJ, canActivate: [AuthorizationGuard], - data: { expectedRole: UserGroup.JUDICIAL_JUSTICE }, + data: { roles: [UserGroup.JUDICIAL_JUSTICE, UserGroup.ADMIN_JUDICIAL_JUSTICE, UserGroup.SUPPORT_STAFF] }, children: [ { path: '', diff --git a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html index a2a1d9bde..f260e8d75 100644 --- a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html +++ b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.html @@ -1,7 +1,7 @@

-

You are not authorized to access Ticket Resolution Management

+

You are not authorized to access the TCO - {{application}} Workbench


\ No newline at end of file diff --git a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts index 6d29ba2ad..33fe94371 100644 --- a/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts +++ b/src/frontend/staff-portal/src/app/components/error/unauthorized/unauthorized.component.ts @@ -1,11 +1,17 @@ -import { Component } from '@angular/core'; +import { Component, OnInit } from '@angular/core'; +import { ActivatedRoute } from '@angular/router'; @Component({ selector: 'app-unauthorized', templateUrl: './unauthorized.component.html', styleUrls: ['./unauthorized.component.scss'] }) -export class UnauthorizedComponent { - constructor() { +export class UnauthorizedComponent implements OnInit { + application: string; + constructor(private route: ActivatedRoute) { + } + + ngOnInit() { + this.application = this.route.snapshot.queryParamMap.get('application'); } } diff --git a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html index 5956e2e6f..1602de537 100644 --- a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html +++ b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.html @@ -5,22 +5,22 @@
- +

Ticket Validation

- +

Decision Validation

- +

Update Requests

- +

DCF

diff --git a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts index 63f47a9dd..0acdafb29 100644 --- a/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts +++ b/src/frontend/staff-portal/src/app/components/staff-workbench/staff-workbench-dashboard/staff-workbench-dashboard.component.ts @@ -10,7 +10,8 @@ import { DisputeService } from 'app/services/dispute.service'; import { UpdateRequestInboxComponent } from '../update-request-inbox/update-request-inbox.component'; import { Store } from '@ngrx/store'; import { JJDisputeStore } from 'app/store'; -import { BusyService } from '@core/services/busy.service'; +import { AuthService } from 'app/services/auth.service'; +import { UserGroup } from '@shared/enums/user-group.enum'; @Component({ selector: 'app-staff-workbench-dashboard', @@ -28,19 +29,31 @@ export class StaffWorkbenchDashboardComponent implements OnInit { data$: Observable; jjDisputeInfo: JJDispute; + hasTicketValidationPermission: boolean = false; + hasDecisionValidationPermission: boolean = false; + hasUpdateRequestsPermission: boolean = false; + hasDCFPermission: boolean = false; + @ViewChild(DisputeDecisionInboxComponent) disputeChild: DisputeDecisionInboxComponent; @ViewChild(TicketInboxComponent) ticketChild: TicketInboxComponent; @ViewChild(UpdateRequestInboxComponent) updateRequestChild: UpdateRequestInboxComponent; constructor( + private authService: AuthService, private disputeService: DisputeService, - private busyService: BusyService, private store: Store ) { } ngOnInit(): void { - // this.busyService.busy$.subscribe(i => this.busy = i); + this.authService.userProfile$.subscribe(userProfile => { + if (userProfile) { + this.hasTicketValidationPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]); + this.hasDecisionValidationPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]); + this.hasUpdateRequestsPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]); + this.hasDCFPermission = this.authService.checkRoles([UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF]); + } + }); this.data$ = this.store.select(JJDisputeStore.Selectors.JJDisputes).pipe(filter(i => !!i)); } diff --git a/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts b/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts index accad3827..ba4227d2f 100644 --- a/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts +++ b/src/frontend/staff-portal/src/app/core/guards/auth-guard.ts @@ -1,5 +1,6 @@ import { Injectable } from '@angular/core'; import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router'; +import { AppRoutes } from 'app/app.routes'; import { AuthService } from 'app/services/auth.service'; import { KeycloakAuthGuard, KeycloakService } from 'keycloak-angular'; @@ -17,20 +18,40 @@ export class AuthorizationGuard extends KeycloakAuthGuard { public async isAccessAllowed(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) { // Force the user to log in if currently unauthenticated. + let permission; if (!this.authenticated) { this.authService.login(); } - // Get the roles required from the route. const requiredRoles = route.data.roles; // Allow the user to to proceed if no additional roles are required to access the route. - if (!(requiredRoles instanceof Array) || requiredRoles.length === 0) { - return true; + if (!requiredRoles || requiredRoles.length === 0) { + permission = true; + } else { + if (!this.roles || this.roles.length === 0) { + permission = false; + } + // Allow the user to proceed if any of the required role(s) is/are present. + if (requiredRoles.some((role) => this.roles.indexOf(role) > -1)) + { + permission = true; + } else { + permission = false; + }; + } + + if(!permission){ + let application; + if(state.url.indexOf(AppRoutes.JJ) > -1) { + application = "JJ"; + } else { + application = "Staff"; + } + this.router.navigate([AppRoutes.UNAUTHORIZED], {queryParams: {application: application}}); } - // Allow the user to proceed if all the required roles are present. - return requiredRoles.some(role => this.roles.includes(role)); + return permission; } } From e4200e95be58f2f04c98615932d6f86c047b2795 Mon Sep 17 00:00:00 2001 From: Sai Krishna Metpalli <310911@NTTDATA.COM> Date: Thu, 6 Jun 2024 16:47:19 -0700 Subject: [PATCH 2/2] TCVP-2687 modified the lookup functionality --- .../src/app/services/auth.service.ts | 51 ++++++++++--------- .../components/header/header.component.ts | 4 ++ 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/src/frontend/staff-portal/src/app/services/auth.service.ts b/src/frontend/staff-portal/src/app/services/auth.service.ts index 48d31d089..a9d87f842 100644 --- a/src/frontend/staff-portal/src/app/services/auth.service.ts +++ b/src/frontend/staff-portal/src/app/services/auth.service.ts @@ -25,8 +25,8 @@ export class AuthService { private site: string = "staff-api"; private roles = [ - { name: UserGroup.JUDICIAL_JUSTICE, redirectUrl: AppRoutes.JJ }, - { name: UserGroup.VTC_STAFF, redirectUrl: AppRoutes.STAFF }, + { name: [UserGroup.JUDICIAL_JUSTICE, UserGroup.ADMIN_JUDICIAL_JUSTICE, UserGroup.SUPPORT_STAFF], redirectUrl: AppRoutes.JJ }, + { name: [UserGroup.VTC_STAFF, UserGroup.SUPPORT_STAFF], redirectUrl: AppRoutes.STAFF }, ] constructor( @@ -35,8 +35,8 @@ export class AuthService { private toastService: ToastService, private logger: LoggerService, private configService: ConfigService, - private lookupsService: LookupsService, // to be moved - private store: Store, // to be moved + private lookupsService: LookupsService, + private store: Store, ) { this.keycloak.keycloakEvents$.subscribe({ next(event) { @@ -56,24 +56,11 @@ export class AuthService { .pipe( map((response: boolean) => { if (response) { - this.loadUserProfile().subscribe(() => { // to be moved + this.loadUserProfile().subscribe(() => { this._isLoggedIn.next(response); if (this.isLoggedIn && this.isInit) { this.userProfile$.pipe(first()).subscribe(() => { - this.isInit = false; - let observables = [ - this.loadUsersLists(), - this.lookupsService.init() - ]; - - forkJoin(observables).subscribe({ - next: results => { - this.store.dispatch(JJDisputeStore.Actions.Get()); - }, - error: err => { - this.logger.error("Landing Page Init: Initial data loading failed"); - } - }); + this.isInit = false; }) } return response; @@ -86,6 +73,22 @@ export class AuthService { ); } + loadLookupData(){ + let observables = [ + this.loadUsersLists(), + this.lookupsService.init() + ]; + + forkJoin(observables).subscribe({ + next: results => { + this.store.dispatch(JJDisputeStore.Actions.Get()); + }, + error: err => { + this.logger.error("Landing Page Init: Initial data loading failed"); + } + }); + } + get token(): string { return this.keycloak.getKeycloakInstance().token; } @@ -176,10 +179,12 @@ export class AuthService { getRedirectUrl(): string { var result; this.roles.forEach(r => { - if (this.keycloak.isUserInRole(r.name, this.site)) { - result = r.redirectUrl; - } - }) + r.name.forEach(n => { + if (this.keycloak.isUserInRole(n, this.site)) { + result = r.redirectUrl; + } + }); + }); if (!result) { result = AppRoutes.UNAUTHORIZED; } diff --git a/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts b/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts index b2f859583..be98096f6 100644 --- a/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts +++ b/src/frontend/staff-portal/src/app/shared/components/header/header.component.ts @@ -2,6 +2,7 @@ import { Component, ChangeDetectionStrategy, OnInit } from '@angular/core'; import { Title } from '@angular/platform-browser'; import { NavigationEnd, Router, Scroll } from '@angular/router'; import { TranslateService } from '@ngx-translate/core'; +import { AppRoutes } from 'app/app.routes'; import { AppConfigService } from 'app/services/app-config.service'; import { AuthService, KeycloakProfile } from 'app/services/auth.service'; import { filter } from 'rxjs'; @@ -54,6 +55,9 @@ export class HeaderComponent implements OnInit { this.authService.isLoggedIn$.subscribe(isLoggedIn => { this.isLoggedIn = isLoggedIn; this.fullName = this.authService.userProfile?.fullName; + if(this.router.url.indexOf(AppRoutes.UNAUTHORIZED) === -1){ + this.authService.loadLookupData(); + } }) }) }