Fixed admin guard and edit for newly created user error

68745e59 · Joze RIHTARSIC · f876f548 · 68745e59 · 68745e59 · 68745e59
Commit 68745e59 authored 1 year ago by Joze RIHTARSIC
--- a/smp-angular/src/app/app.module.ts
+++ b/smp-angular/src/app/app.module.ts
@@ -11,7 +11,6 @@ import {AlertComponent} from "./alert/alert.component";
 import {AlertMessageComponent} from './common/alert-message/alert-message.component';
 import {AlertMessageService} from './common/alert-message/alert-message.service';
 import {AppComponent} from './app.component';
-import {AuthorizedAdminGuard} from './guards/authorized-admin.guard';
 import {AuthorizedGuard} from './guards/authorized.guard';
 import {AutoFocusDirective} from "./common/directive/autofocus/auto-focus.directive";
 import {BreadcrumbComponent} from "./window/breadcrumb/breadcrumb.component";
@@ -284,7 +283,6 @@ import {HttpErrorHandlerService} from "./common/error/http-error-handler.service
    AdminTruststoreService,
    AdminUserService,
    AlertMessageService,
-    AuthorizedAdminGuard,
    AuthorizedGuard,
    CertificateService,
    DatePipe,

--- a/smp-angular/src/app/app.routes.ts
+++ b/smp-angular/src/app/app.routes.ts
@@ -16,12 +16,9 @@ import {AdminUserComponent} from "./system-settings/admin-users/admin-user.compo
 import {EditDomainComponent} from "./edit/edit-domain/edit-domain.component";
 import {EditGroupComponent} from "./edit/edit-group/edit-group.component";
 import {EditResourceComponent} from "./edit/edit-resources/edit-resource.component";
-import {
-  ResourceDocumentPanelComponent
-} from "./edit/edit-resources/resource-document-panel/resource-document-panel.component";
-import {
-  SubresourceDocumentPanelComponent
-} from "./edit/edit-resources/subresource-document-panel/subresource-document-panel.component";
+import {ResourceDocumentPanelComponent} from "./edit/edit-resources/resource-document-panel/resource-document-panel.component";
+import {SubresourceDocumentPanelComponent} from "./edit/edit-resources/subresource-document-panel/subresource-document-panel.component";
+import {authorizeChildSystemAdminGuard} from "./guards/authorize-child-system-admin.guard";


 const appRoutes: Routes = [
@@ -49,7 +46,7 @@ const appRoutes: Routes = [
  },
  {
    path: 'system-settings',
-    canActivateChild: [authenticationGuard],
+    canActivateChild: [authenticationGuard, authorizeChildSystemAdminGuard],
    children: [
      {path: 'domain', component: AdminDomainComponent, canDeactivate: [dirtyDeactivateGuard]},
      {path: 'user', component: AdminUserComponent, canDeactivate: [dirtyDeactivateGuard]},

--- a/smp-angular/src/app/guards/authorize-child-system-admin.guard.ts
+++ b/smp-angular/src/app/guards/authorize-child-system-admin.guard.ts
+import {inject} from '@angular/core';
+import {SecurityService} from '../security/security.service';
+import {AlertMessageService} from "../common/alert-message/alert-message.service";
+import {Authority} from "../security/authority.model";
+import {ActivatedRouteSnapshot, CanActivateChildFn, RouterStateSnapshot} from "@angular/router";
+
+
+export const authorizeChildSystemAdminGuard: CanActivateChildFn =
+  (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+    console.log("Is user is authorized");
+    const alertService: AlertMessageService = inject(AlertMessageService);
+    const securityService: SecurityService = inject(SecurityService);
+    let isAuthorized: boolean = securityService.isCurrentUserInRole([Authority.SYSTEM_ADMIN]);
+    if (!isAuthorized) {
+      alertService.error('Navigation denied! Missing access permissions.', true);
+    }
+    return isAuthorized;
+  };
--- a/smp-angular/src/app/window/sidenav/navigation-model.service.ts
+++ b/smp-angular/src/app/window/sidenav/navigation-model.service.ts
@@ -322,4 +322,8 @@ export class NavigationService extends MatTreeNestedDataSource<NavigationNode> {
    this.router.navigate(['/login'], {queryParams: {returnUrl: this.router.url}});
    this.router.parseUrl('/login');
  }
+
+  public navigateToHome(): void {
+    this.select(this.rootNode);
+  }
 }
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java
@@ -42,14 +42,12 @@ public class DomainEditController {
    }

    /**
-     * Method returns all domains where user is domain administrator
+     * Method returns all domains where user is domain administrator.
     * @param userEncId encrypted user identifier
     * @return Domain list where user has role domain administrator
     */
    @GetMapping(produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
-    @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId) and (@smpAuthorizationService.isAnyGroupAdministrator " +
-            " or @smpAuthorizationService.isAnyDomainAdministrator" +
-            " or @smpAuthorizationService.isAnyResourceAdministrator)")
+    @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId)")
    public List<DomainRO> getDomainsForUserType(
            @PathVariable(PATH_PARAM_ENC_USER_ID) String userEncId,
            @RequestParam(value = PARAM_NAME_TYPE, defaultValue = "domain-admin", required = false) String forRole) {