From 68745e59194eecb46d7dc0df1073d13db84d6389 Mon Sep 17 00:00:00 2001
From: RIHTARSIC Joze <joze.rihtarsic@ext.ec.europa.eu>
Date: Tue, 13 Jun 2023 06:15:17 +0200
Subject: [PATCH] Fixed admin guard and edit for newly created user error
---
smp-angular/src/app/app.module.ts | 2 --
smp-angular/src/app/app.routes.ts | 11 ++++-------
.../authorize-child-system-admin.guard.ts | 18 ++++++++++++++++++
.../window/sidenav/navigation-model.service.ts | 4 ++++
.../smp/ui/edit/DomainEditController.java | 6 ++----
5 files changed, 28 insertions(+), 13 deletions(-)
create mode 100644 smp-angular/src/app/guards/authorize-child-system-admin.guard.ts
diff --git a/smp-angular/src/app/app.module.ts b/smp-angular/src/app/app.module.ts
index c89ba0dca..58b039160 100644
--- a/smp-angular/src/app/app.module.ts
+++ b/smp-angular/src/app/app.module.ts
@@ -11,7 +11,6 @@ import {AlertComponent} from "./alert/alert.component";
import {AlertMessageComponent} from './common/alert-message/alert-message.component';
import {AlertMessageService} from './common/alert-message/alert-message.service';
import {AppComponent} from './app.component';
-import {AuthorizedAdminGuard} from './guards/authorized-admin.guard';
import {AuthorizedGuard} from './guards/authorized.guard';
import {AutoFocusDirective} from "./common/directive/autofocus/auto-focus.directive";
import {BreadcrumbComponent} from "./window/breadcrumb/breadcrumb.component";
@@ -284,7 +283,6 @@ import {HttpErrorHandlerService} from "./common/error/http-error-handler.service
AdminTruststoreService,
AdminUserService,
AlertMessageService,
- AuthorizedAdminGuard,
AuthorizedGuard,
CertificateService,
DatePipe,
diff --git a/smp-angular/src/app/app.routes.ts b/smp-angular/src/app/app.routes.ts
index a43a93402..7942823f9 100644
--- a/smp-angular/src/app/app.routes.ts
+++ b/smp-angular/src/app/app.routes.ts
@@ -16,12 +16,9 @@ import {AdminUserComponent} from "./system-settings/admin-users/admin-user.compo
import {EditDomainComponent} from "./edit/edit-domain/edit-domain.component";
import {EditGroupComponent} from "./edit/edit-group/edit-group.component";
import {EditResourceComponent} from "./edit/edit-resources/edit-resource.component";
-import {
- ResourceDocumentPanelComponent
-} from "./edit/edit-resources/resource-document-panel/resource-document-panel.component";
-import {
- SubresourceDocumentPanelComponent
-} from "./edit/edit-resources/subresource-document-panel/subresource-document-panel.component";
+import {ResourceDocumentPanelComponent} from "./edit/edit-resources/resource-document-panel/resource-document-panel.component";
+import {SubresourceDocumentPanelComponent} from "./edit/edit-resources/subresource-document-panel/subresource-document-panel.component";
+import {authorizeChildSystemAdminGuard} from "./guards/authorize-child-system-admin.guard";
const appRoutes: Routes = [
@@ -49,7 +46,7 @@ const appRoutes: Routes = [
},
{
path: 'system-settings',
- canActivateChild: [authenticationGuard],
+ canActivateChild: [authenticationGuard, authorizeChildSystemAdminGuard],
children: [
{path: 'domain', component: AdminDomainComponent, canDeactivate: [dirtyDeactivateGuard]},
{path: 'user', component: AdminUserComponent, canDeactivate: [dirtyDeactivateGuard]},
diff --git a/smp-angular/src/app/guards/authorize-child-system-admin.guard.ts b/smp-angular/src/app/guards/authorize-child-system-admin.guard.ts
new file mode 100644
index 000000000..ae000e433
--- /dev/null
+++ b/smp-angular/src/app/guards/authorize-child-system-admin.guard.ts
@@ -0,0 +1,18 @@
+import {inject} from '@angular/core';
+import {SecurityService} from '../security/security.service';
+import {AlertMessageService} from "../common/alert-message/alert-message.service";
+import {Authority} from "../security/authority.model";
+import {ActivatedRouteSnapshot, CanActivateChildFn, RouterStateSnapshot} from "@angular/router";
+
+
+export const authorizeChildSystemAdminGuard: CanActivateChildFn =
+ (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+ console.log("Is user is authorized");
+ const alertService: AlertMessageService = inject(AlertMessageService);
+ const securityService: SecurityService = inject(SecurityService);
+ let isAuthorized: boolean = securityService.isCurrentUserInRole([Authority.SYSTEM_ADMIN]);
+ if (!isAuthorized) {
+ alertService.error('Navigation denied! Missing access permissions.', true);
+ }
+ return isAuthorized;
+ };
diff --git a/smp-angular/src/app/window/sidenav/navigation-model.service.ts b/smp-angular/src/app/window/sidenav/navigation-model.service.ts
index 4ed4f2dd3..85586860e 100644
--- a/smp-angular/src/app/window/sidenav/navigation-model.service.ts
+++ b/smp-angular/src/app/window/sidenav/navigation-model.service.ts
@@ -322,4 +322,8 @@ export class NavigationService extends MatTreeNestedDataSource<NavigationNode> {
this.router.navigate(['/login'], {queryParams: {returnUrl: this.router.url}});
this.router.parseUrl('/login');
}
+
+ public navigateToHome(): void {
+ this.select(this.rootNode);
+ }
}
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java
index 16fd1855b..7976b85e2 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/edit/DomainEditController.java
@@ -42,14 +42,12 @@ public class DomainEditController {
}
/**
- * Method returns all domains where user is domain administrator
+ * Method returns all domains where user is domain administrator.
* @param userEncId encrypted user identifier
* @return Domain list where user has role domain administrator
*/
@GetMapping(produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
- @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId) and (@smpAuthorizationService.isAnyGroupAdministrator " +
- " or @smpAuthorizationService.isAnyDomainAdministrator" +
- " or @smpAuthorizationService.isAnyResourceAdministrator)")
+ @PreAuthorize("@smpAuthorizationService.isCurrentlyLoggedIn(#userEncId)")
public List<DomainRO> getDomainsForUserType(
@PathVariable(PATH_PARAM_ENC_USER_ID) String userEncId,
@RequestParam(value = PARAM_NAME_TYPE, defaultValue = "domain-admin", required = false) String forRole) {
--
GitLab