sh-edraft.de/open-redirect
5
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Manage group/role assignment
All checks were successful
Build dev on push / build-redirector (push) Successful in 28s
Details
Build dev on push / build-api (push) Successful in 29s
Details
Build dev on push / build-web (push) Successful in 51s
Details

Browse Source 
Closes #11
This commit is contained in:
Sven Heidemann 2025-01-17 15:54:14 +01:00
parent f87b60f128
commit b72916a8d9
43 changed files with 809 additions and 420 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
api/src/api/route_user_extension.py
View File

@ -76,8 +76,8 @@ class RouteUserExtension:
flat_list = [] flat_list = []
for group in groups: for group in groups:
flat_list.append(group) flat_list.append(group)
if 'subGroups' in group and group['subGroups']: if "subGroups" in group and group["subGroups"]:
flat_list.extend(cls._flatten_groups(group['subGroups'])) flat_list.extend(cls._flatten_groups(group["subGroups"]))
return flat_list return flat_list
@classmethod @classmethod
@ -88,9 +88,13 @@ class RouteUserExtension:
groups_with_role = [x["name"] for x in groups if x["name"] in roles.keys()] groups_with_role = [x["name"] for x in groups if x["name"] in roles.keys()]
user_groups_with_role = [ user_groups_with_role = [
x["name"] for x in Keycloak.admin.get_user_groups(user.keycloak_id) if x["name"] in roles.keys() x["name"]
for x in Keycloak.admin.get_user_groups(user.keycloak_id)
if x["name"] in roles.keys()
] ]
user_roles = set(x.name for x in await user.roles if x.name in groups_with_role) user_roles = set(
x.name for x in await user.roles if x.name in groups_with_role
)
missing_groups = set(user_groups_with_role) - set(user_roles) missing_groups = set(user_groups_with_role) - set(user_roles)
missing_roles = set(user_roles) - set(user_groups_with_role) missing_roles = set(user_roles) - set(user_groups_with_role)
@ -105,10 +109,12 @@ class RouteUserExtension:
if len(missing_roles) > 0: if len(missing_roles) > 0:
await roleUserDao.delete_many( await roleUserDao.delete_many(
[ [
await roleUserDao.get_single_by([ await roleUserDao.get_single_by(
[
{RoleUser.role_id: roles[role].id}, {RoleUser.role_id: roles[role].id},
{RoleUser.user_id: user.id}, {RoleUser.user_id: user.id},
]) ]
)
for role in missing_roles for role in missing_roles
] ]
) )

4
api/src/api_graphql/abc/query_abc.py
View File

@ -69,8 +69,10 @@ class QueryABC(ObjectType):
): ):
if len(permissions) > 0: if len(permissions) > 0:
user = await Route.get_authenticated_user_or_api_key_or_default() user = await Route.get_authenticated_user_or_api_key_or_default()
perms = await user.permissions
has_perms = [await user.has_permission(x) for x in permissions]
if user is not None and all( if user is not None and all(
[await user.has_permission(x) for x in permissions] has_perms
): ):
return return

3
api/src/api_graphql/graphql/group.gql
View File

@ -9,6 +9,7 @@ type Group implements DbModel {
name: String name: String
shortUrls: [ShortUrl] shortUrls: [ShortUrl]
roles: [Role]
deleted: Boolean deleted: Boolean
editor: User editor: User
@ -45,9 +46,11 @@ type GroupMutation {
input GroupCreateInput { input GroupCreateInput {
name: String! name: String!
roles: [ID]
} }
input GroupUpdateInput { input GroupUpdateInput {
id: ID! id: ID!
name: String name: String
roles: [ID]
} }

5
api/src/api_graphql/input/group_create_input.py
View File

@ -7,7 +7,12 @@ class GroupCreateInput(InputABC):
InputABC.__init__(self, src) InputABC.__init__(self, src)
self._name = self.option("name", str, required=True) self._name = self.option("name", str, required=True)
self._roles = self.option("roles", list[int])
@property @property
def name(self) -> str: def name(self) -> str:
return self._name return self._name
@property
def roles(self) -> list[int]:
return self._roles

5
api/src/api_graphql/input/group_update_input.py
View File

@ -8,6 +8,7 @@ class GroupUpdateInput(InputABC):
self._id = self.option("id", int, required=True) self._id = self.option("id", int, required=True)
self._name = self.option("name", str) self._name = self.option("name", str)
self._roles = self.option("roles", list[int])
@property @property
def id(self) -> int: def id(self) -> int:
@ -16,3 +17,7 @@ class GroupUpdateInput(InputABC):
@property @property
def name(self) -> str: def name(self) -> str:
return self._name return self._name
@property
def roles(self) -> list[int]:
return self._roles

1
api/src/api_graphql/mutation.py
View File

@ -33,7 +33,6 @@ class Mutation(MutationABC):
], ],
) )
self.add_mutation_type( self.add_mutation_type(
"domain", "domain",
"Domain", "Domain",

50
api/src/api_graphql/mutations/group_mutation.py
View File

@ -1,9 +1,13 @@
from typing import Optional
from api_graphql.abc.mutation_abc import MutationABC from api_graphql.abc.mutation_abc import MutationABC
from api_graphql.input.group_create_input import GroupCreateInput from api_graphql.input.group_create_input import GroupCreateInput
from api_graphql.input.group_update_input import GroupUpdateInput from api_graphql.input.group_update_input import GroupUpdateInput
from core.logger import APILogger from core.logger import APILogger
from data.schemas.public.group import Group from data.schemas.public.group import Group
from data.schemas.public.group_dao import groupDao from data.schemas.public.group_dao import groupDao
from data.schemas.public.group_role_assignment import GroupRoleAssignment
from data.schemas.public.group_role_assignment_dao import groupRoleAssignmentDao
from service.permission.permissions_enum import Permissions from service.permission.permissions_enum import Permissions
logger = APILogger(__name__) logger = APILogger(__name__)
@ -37,25 +41,61 @@ class GroupMutation(MutationABC):
) )
@staticmethod @staticmethod
async def resolve_create(obj: GroupCreateInput, *_): async def _handle_group_role_assignments(gid: int, roles: Optional[list[int]]):
if roles is None:
return
existing_roles = await groupDao.get_roles(gid)
existing_role_ids = {role.id for role in existing_roles}
new_role_ids = set(roles)
roles_to_add = new_role_ids - existing_role_ids
roles_to_remove = existing_role_ids - new_role_ids
if roles_to_add:
group_role_assignments = [
GroupRoleAssignment(0, gid, role_id) for role_id in roles_to_add
]
await groupRoleAssignmentDao.create_many(group_role_assignments)
if roles_to_remove:
assignments_to_remove = await groupRoleAssignmentDao.find_by(
[
{GroupRoleAssignment.group_id: gid},
{GroupRoleAssignment.role_id: {"in": roles_to_remove}},
]
)
await groupRoleAssignmentDao.delete_many(assignments_to_remove)
@classmethod
async def resolve_create(cls, obj: GroupCreateInput, *_):
logger.debug(f"create group: {obj.__dict__}") logger.debug(f"create group: {obj.__dict__}")
group = Group( group = Group(
0, 0,
obj.name, obj.name,
) )
nid = await groupDao.create(group) gid = await groupDao.create(group)
return await groupDao.get_by_id(nid)
@staticmethod await cls._handle_group_role_assignments(gid, obj.roles)
async def resolve_update(obj: GroupUpdateInput, *_):
return await groupDao.get_by_id(gid)
@classmethod
async def resolve_update(cls, obj: GroupUpdateInput, *_):
logger.debug(f"update group: {input}") logger.debug(f"update group: {input}")
if await groupDao.find_by_id(obj.id) is None:
raise ValueError(f"Group with id {obj.id} not found")
if obj.name is not None: if obj.name is not None:
group = await groupDao.get_by_id(obj.id) group = await groupDao.get_by_id(obj.id)
group.name = obj.name group.name = obj.name
await groupDao.update(group) await groupDao.update(group)
await cls._handle_group_role_assignments(obj.id, obj.roles)
return await groupDao.get_by_id(obj.id) return await groupDao.get_by_id(obj.id)
@staticmethod @staticmethod

17
api/src/api_graphql/queries/group_query.py
View File

@ -1,7 +1,11 @@
from api_graphql.abc.db_model_query_abc import DbModelQueryABC from api_graphql.abc.db_model_query_abc import DbModelQueryABC
from api_graphql.field.resolver_field_builder import ResolverFieldBuilder
from api_graphql.require_any_resolvers import group_by_assignment_resolver
from data.schemas.public.group import Group from data.schemas.public.group import Group
from data.schemas.public.group_dao import groupDao
from data.schemas.public.short_url import ShortUrl from data.schemas.public.short_url import ShortUrl
from data.schemas.public.short_url_dao import shortUrlDao from data.schemas.public.short_url_dao import shortUrlDao
from service.permission.permissions_enum import Permissions
class GroupQuery(DbModelQueryABC): class GroupQuery(DbModelQueryABC):
@ -9,8 +13,19 @@ class GroupQuery(DbModelQueryABC):
DbModelQueryABC.__init__(self, "Group") DbModelQueryABC.__init__(self, "Group")
self.set_field("name", lambda x, *_: x.name) self.set_field("name", lambda x, *_: x.name)
self.set_field("shortUrls", self._get_urls) self.field(
ResolverFieldBuilder("shortUrls")
.with_resolver(self._get_urls)
.with_require_any([
Permissions.groups,
], [group_by_assignment_resolver])
)
self.set_field("roles", self._get_roles)
@staticmethod @staticmethod
async def _get_urls(group: Group, *_): async def _get_urls(group: Group, *_):
return await shortUrlDao.find_by({ShortUrl.group_id: group.id}) return await shortUrlDao.find_by({ShortUrl.group_id: group.id})
@staticmethod
async def _get_roles(group: Group, *_):
return await groupDao.get_roles(group.id)

20
api/src/api_graphql/query.py
View File

@ -11,6 +11,7 @@ from api_graphql.filter.permission_filter import PermissionFilter
from api_graphql.filter.role_filter import RoleFilter from api_graphql.filter.role_filter import RoleFilter
from api_graphql.filter.short_url_filter import ShortUrlFilter from api_graphql.filter.short_url_filter import ShortUrlFilter
from api_graphql.filter.user_filter import UserFilter from api_graphql.filter.user_filter import UserFilter
from api_graphql.require_any_resolvers import group_by_assignment_resolver
from data.schemas.administration.api_key import ApiKey from data.schemas.administration.api_key import ApiKey
from data.schemas.administration.api_key_dao import apiKeyDao from data.schemas.administration.api_key_dao import apiKeyDao
from data.schemas.administration.user import User from data.schemas.administration.user import User
@ -51,7 +52,15 @@ class Query(QueryABC):
.with_dao(roleDao) .with_dao(roleDao)
.with_filter(RoleFilter) .with_filter(RoleFilter)
.with_sort(Sort[Role]) .with_sort(Sort[Role])
.with_require_any_permission([Permissions.roles]) .with_require_any_permission(
[
Permissions.roles,
Permissions.users_create,
Permissions.users_update,
Permissions.groups_create,
Permissions.groups_update,
]
)
) )
self.field( self.field(
@ -83,7 +92,6 @@ class Query(QueryABC):
.with_require_any_permission([Permissions.users_create]) .with_require_any_permission([Permissions.users_create])
) )
self.field( self.field(
DaoFieldBuilder("domains") DaoFieldBuilder("domains")
.with_dao(domainDao) .with_dao(domainDao)
@ -102,21 +110,21 @@ class Query(QueryABC):
.with_dao(groupDao) .with_dao(groupDao)
.with_filter(GroupFilter) .with_filter(GroupFilter)
.with_sort(Sort[Group]) .with_sort(Sort[Group])
.with_require_any_permission( .with_require_any(
[ [
Permissions.groups, Permissions.groups,
Permissions.short_urls_create, Permissions.short_urls_create,
Permissions.short_urls_update, Permissions.short_urls_update,
] ],
[group_by_assignment_resolver]
) )
) )
# partially public to load redirect if not resolved/redirected by api
self.field( self.field(
DaoFieldBuilder("shortUrls") DaoFieldBuilder("shortUrls")
.with_dao(shortUrlDao) .with_dao(shortUrlDao)
.with_filter(ShortUrlFilter) .with_filter(ShortUrlFilter)
.with_sort(Sort[ShortUrl]) .with_sort(Sort[ShortUrl])
.with_require_any_permission([Permissions.short_urls]) .with_require_any([Permissions.short_urls], [group_by_assignment_resolver])
) )
@staticmethod @staticmethod

22
api/src/api_graphql/require_any_resolvers.py Normal file
View File

@ -0,0 +1,22 @@
from api_graphql.service.collection_result import CollectionResult
from api_graphql.service.query_context import QueryContext
from data.schemas.public.group_dao import groupDao
from service.permission.permissions_enum import Permissions
async def group_by_assignment_resolver(ctx: QueryContext) -> bool:
if not isinstance(ctx.data, CollectionResult):
return False
if ctx.has_permission(Permissions.short_urls_by_assignment):
groups = [await x.group for x in ctx.data.nodes]
role_ids = {x.id for x in await ctx.user.roles}
filtered_groups = [
g.id for g in groups if
g is not None and (roles := await groupDao.get_roles(g.id)) and all(r.id in role_ids for r in roles)
]
ctx.data.nodes = [node for node in ctx.data.nodes if (await node.group) is not None and (await node.group).id in filtered_groups]
return True
return True

4
api/src/api_graphql/service/query_context.py
View File

@ -14,7 +14,7 @@ class QueryContext:
self, self,
data: Any, data: Any,
user: Optional[User], user: Optional[User],
user_permissions: Optional[list[Permission]], user_permissions: Optional[list[Permissions]],
*args, *args,
**kwargs **kwargs
): ):
@ -23,7 +23,7 @@ class QueryContext:
self._user = user self._user = user
if user_permissions is None: if user_permissions is None:
user_permissions = [] user_permissions = []
self._user_permissions: list[str] = [x.name for x in user_permissions] self._user_permissions: list[str] = [x.value for x in user_permissions]
self._resolve_info = None self._resolve_info = None
for arg in args: for arg in args:

8
api/src/api_graphql/typing.py
View File

@ -1,11 +1,15 @@
from collections.abc import Awaitable from collections.abc import Awaitable
from typing import Callable, Union, Optional from typing import Callable, Union, Optional, Coroutine, Any
from api_graphql.service.query_context import QueryContext from api_graphql.service.query_context import QueryContext
from service.permission.permissions_enum import Permissions from service.permission.permissions_enum import Permissions
TRequireAnyPermissions = Optional[list[Permissions]] TRequireAnyPermissions = Optional[list[Permissions]]
TRequireAnyResolvers = list[ TRequireAnyResolvers = list[
Union[Callable[[QueryContext], bool], Awaitable[[QueryContext], bool]] Union[
Callable[[QueryContext], bool],
Awaitable[[QueryContext], bool],
Callable[[QueryContext], Coroutine[Any, Any, bool]]
]
] ]
TRequireAny = tuple[TRequireAnyPermissions, TRequireAnyResolvers] TRequireAny = tuple[TRequireAnyPermissions, TRequireAnyResolvers]

22
api/src/core/database/abc/data_access_object_abc.py
View File

@ -370,6 +370,9 @@ class DataAccessObjectABC(ABC, Database, Generic[T_DBM]):
if isinstance(value, NoneType): if isinstance(value, NoneType):
return "NULL" return "NULL"
if value is None:
return "NULL"
if isinstance(value, Enum): if isinstance(value, Enum):
return str(value.value) return str(value.value)
@ -411,13 +414,13 @@ class DataAccessObjectABC(ABC, Database, Generic[T_DBM]):
) -> str: ) -> str:
query = f"SELECT * FROM {self._table_name}" query = f"SELECT * FROM {self._table_name}"
if filters and len(filters) > 0: if filters is not None and (not isinstance(filters, list) or len(filters) > 0):
query += f" WHERE {self._build_conditions(filters)}" query += f" WHERE {self._build_conditions(filters)}"
if sorts and len(sorts) > 0: if sorts is not None and (not isinstance(sorts, list) or len(sorts) > 0):
query += f" ORDER BY {self._build_order_by(sorts)}" query += f" ORDER BY {self._build_order_by(sorts)}"
if take: if take is not None:
query += f" LIMIT {take}" query += f" LIMIT {take}"
if skip: if skip is not None:
query += f" OFFSET {skip}" query += f" OFFSET {skip}"
return query return query
@ -452,14 +455,21 @@ class DataAccessObjectABC(ABC, Database, Generic[T_DBM]):
) )
else: else:
sub_conditions.append( sub_conditions.append(
f"{db_name} = {self._get_value_sql(value)}" self._get_value_validation_sql(db_name, value)
) )
conditions.append(f"({' OR '.join(sub_conditions)})") conditions.append(f"({' OR '.join(sub_conditions)})")
else: else:
conditions.append(f"{db_name} = {self._get_value_sql(values)}") conditions.append(self._get_value_validation_sql(db_name, values))
return " AND ".join(conditions) return " AND ".join(conditions)
def _get_value_validation_sql(self, field: str, value: Any):
value = self._get_value_sql(value)
if value == "NULL":
return f"{field} IS NULL"
return f"{field} = {value}"
def _build_condition(self, db_name: str, operator: str, value: Any) -> str: def _build_condition(self, db_name: str, operator: str, value: Any) -> str:
""" """
Build individual SQL condition based on the operator Build individual SQL condition based on the operator

11
api/src/core/get_value.py
View File

@ -24,14 +24,21 @@ def get_value(
if key in source: if key in source:
value = source[key] value = source[key]
if isinstance(value, cast_type if not hasattr(cast_type, "__origin__") else cast_type.__origin__): if isinstance(
value,
cast_type if not hasattr(cast_type, "__origin__") else cast_type.__origin__,
):
return value return value
try: try:
if cast_type == bool: if cast_type == bool:
return value.lower() in ["true", "1"] return value.lower() in ["true", "1"]
if (cast_type if not hasattr(cast_type, "__origin__") else cast_type.__origin__) == list: if (
cast_type
if not hasattr(cast_type, "__origin__")
else cast_type.__origin__
) == list:
subtype = ( subtype = (
cast_type.__args__[0] if hasattr(cast_type, "__args__") else None cast_type.__args__[0] if hasattr(cast_type, "__args__") else None
) )

12
api/src/data/schemas/administration/user.py
View File

@ -42,17 +42,9 @@ class User(DbModelABC):
@async_property @async_property
async def permissions(self): async def permissions(self):
from data.schemas.permission.role_user_dao import roleUserDao from data.schemas.administration.user_dao import userDao
from data.schemas.permission.role_permission_dao import rolePermissionDao
from data.schemas.permission.permission_dao import permissionDao
x = [ return await userDao.get_permissions(self.id)
rp.permission_id
for x in await roleUserDao.get_by_user_id(self.id)
for rp in await rolePermissionDao.get_by_role_id(x.role_id)
]
return await permissionDao.get_by({"id": {"in": x}})
async def has_permission(self, permission: Permissions) -> bool: async def has_permission(self, permission: Permissions) -> bool:
from data.schemas.administration.user_dao import userDao from data.schemas.administration.user_dao import userDao

21
api/src/data/schemas/administration/user_dao.py
View File

@ -33,13 +33,30 @@ class UserDao(DbModelDaoABC[User]):
SELECT COUNT(*) SELECT COUNT(*)
FROM permission.role_users ru FROM permission.role_users ru
JOIN permission.role_permissions rp ON ru.roleId = rp.roleId JOIN permission.role_permissions rp ON ru.roleId = rp.roleId
WHERE ru.userId = {user_id} AND rp.permissionId = {p.id}; WHERE ru.userId = {user_id}
AND rp.permissionId = {p.id}
AND ru.deleted = FALSE
AND rp.deleted = FALSE;
""" """
) )
if result is None or len(result) == 0: if result is None or len(result) == 0:
return False return False
return True return result[0]["count"] > 0
async def get_permissions(self, user_id: int) -> list[Permissions]:
result = await self._db.select_map(
f"""
SELECT p.*
FROM permission.permissions p
JOIN permission.role_permissions rp ON p.id = rp.permissionId
JOIN permission.role_users ru ON rp.roleId = ru.roleId
WHERE ru.userId = {user_id}
AND rp.deleted = FALSE
AND ru.deleted = FALSE;
"""
)
return [Permissions(p["name"]) for p in result]
userDao = UserDao() userDao = UserDao()

14
api/src/data/schemas/public/group_dao.py
View File

@ -17,5 +17,19 @@ class GroupDao(DbModelDaoABC[Group]):
) )
return self.to_object(result[0]) return self.to_object(result[0])
async def get_roles(self, group_id: int):
result = await self._db.select_map(
f"""
SELECT r.*
FROM permission.roles r
JOIN public.group_role_assignments gra ON r.id = gra.roleId
WHERE gra.groupId = {group_id}
AND gra.deleted = FALSE
"""
)
from data.schemas.permission.role_dao import roleDao
return [roleDao.to_object(x) for x in result]
groupDao = GroupDao() groupDao = GroupDao()

43
api/src/data/schemas/public/group_role_assignment.py Normal file
View File

@ -0,0 +1,43 @@
from datetime import datetime
from typing import Optional
from async_property import async_property
from core.database.abc.db_model_abc import DbModelABC
from core.typing import SerialId
class GroupRoleAssignment(DbModelABC):
def __init__(
self,
id: SerialId,
group_id: SerialId,
role_id: SerialId,
deleted: bool = False,
editor_id: Optional[SerialId] = None,
created: Optional[datetime] = None,
updated: Optional[datetime] = None,
):
DbModelABC.__init__(self, id, deleted, editor_id, created, updated)
self._group_id = group_id
self._role_id = role_id
@property
def group_id(self) -> SerialId:
return self._group_id
@async_property
async def group(self):
from data.schemas.public.group_dao import groupDao
return await groupDao.get_by_id(self._group_id)
@property
def role_id(self) -> SerialId:
return self._role_id
@async_property
async def role(self):
from data.schemas.permission.role_dao import roleDao
return await roleDao.get_by_id(self._role_id)

37
api/src/data/schemas/public/group_role_assignment_dao.py Normal file
View File

@ -0,0 +1,37 @@
from core.logger import DBLogger
from data.schemas.public.group_role_assignment import GroupRoleAssignment
logger = DBLogger(__name__)
from core.database.abc.db_model_dao_abc import DbModelDaoABC
class GroupRoleAssignmentDao(DbModelDaoABC[GroupRoleAssignment]):
def __init__(self):
DbModelDaoABC.__init__(
self, __name__, GroupRoleAssignment, "public.group_role_assignments"
)
self.attribute(GroupRoleAssignment.group_id, int)
self.attribute(GroupRoleAssignment.role_id, int)
async def get_by_group_id(
self, gid: int, with_deleted=False
) -> list[GroupRoleAssignment]:
f = [{GroupRoleAssignment.group_id: gid}]
if not with_deleted:
f.append({GroupRoleAssignment.deleted: False})
return await self.find_by(f)
async def get_by_role_id(
self, rid: int, with_deleted=False
) -> list[GroupRoleAssignment]:
f = [{GroupRoleAssignment.role_id: rid}]
if not with_deleted:
f.append({GroupRoleAssignment.deleted: False})
return await self.find_by(f)
groupRoleAssignmentDao = GroupRoleAssignmentDao()

27
api/src/data/scripts/2025-01-17-15-00-group-role-assignment.sql Normal file
View File

@ -0,0 +1,27 @@
CREATE
SCHEMA IF NOT EXISTS public;
-- groups
CREATE TABLE IF NOT EXISTS public.group_role_assignments
(
Id SERIAL PRIMARY KEY,
GroupId INT NOT NULL REFERENCES public.groups (Id),
RoleId INT NOT NULL REFERENCES permission.roles (Id),
-- for history
Deleted BOOLEAN NOT NULL DEFAULT FALSE,
EditorId INT NULL REFERENCES administration.users (Id),
CreatedUtc timestamptz NOT NULL DEFAULT NOW(),
UpdatedUtc timestamptz NOT NULL DEFAULT NOW()
);
CREATE TABLE IF NOT EXISTS public.group_role_assignments_history
(
LIKE public.group_role_assignments
);
CREATE TRIGGER group_role_assignment_history_trigger
BEFORE INSERT OR UPDATE OR DELETE
ON public.group_role_assignments
FOR EACH ROW
EXECUTE FUNCTION public.history_trigger_function();

29
api/src/data/seeder/permission_seeder.py
View File

@ -25,7 +25,8 @@ class PermissionSeeder(DataSeederABC):
possible_permissions = [permission.value for permission in Permissions] possible_permissions = [permission.value for permission in Permissions]
if len(permissions) == len(possible_permissions): if len(permissions) == len(possible_permissions):
logger.info("Permissions already completed") logger.info("Permissions already existing")
await self._update_missing_descriptions()
return return
logger.warning("Permissions incomplete") logger.warning("Permissions incomplete")
@ -41,6 +42,7 @@ class PermissionSeeder(DataSeederABC):
if permission not in permission_names if permission not in permission_names
] ]
) )
await self._update_missing_descriptions()
await self._add_missing_to_role() await self._add_missing_to_role()
await self._add_missing_to_api_key() await self._add_missing_to_api_key()
@ -78,3 +80,28 @@ class PermissionSeeder(DataSeederABC):
if permission.id not in [x.permission_id for x in admin_permissions] if permission.id not in [x.permission_id for x in admin_permissions]
] ]
await apiKeyPermissionDao.create_many(to_assign) await apiKeyPermissionDao.create_many(to_assign)
@staticmethod
async def _update_missing_descriptions():
permissions = {
permission.name: permission
for permission in await permissionDao.find_by(
[{Permission.description: None}]
)
}
to_update = []
if len(permissions) == 0:
return
for key in PERMISSION_DESCRIPTIONS:
if key.value not in permissions:
continue
permissions[key.value].description = PERMISSION_DESCRIPTIONS[key]
to_update.append(permissions[key.value])
if len(to_update) == 0:
return
await permissionDao.update_many(to_update)

13
api/src/redirector.py
View File

@ -24,10 +24,12 @@ class Redirector(Flask):
app = Redirector(__name__) app = Redirector(__name__)
@app.route("/") @app.route("/")
def index(): def index():
return render_template("404.html"), 404 return render_template("404.html"), 404
@app.route("/<path:path>") @app.route("/<path:path>")
async def _handle_request(path: str): async def _handle_request(path: str):
short_url = await _find_short_url_by_url(path) short_url = await _find_short_url_by_url(path)
@ -36,14 +38,19 @@ async def _handle_request(path: str):
domains = Environment.get("DOMAINS", list[str], []) domains = Environment.get("DOMAINS", list[str], [])
domain = await short_url.domain domain = await short_url.domain
logger.debug(f"Domain: {domain.name if domain is not None else None}, request.host: {request.host}") logger.debug(
f"Domain: {domain.name if domain is not None else None}, request.host: {request.host}"
)
host = request.host host = request.host
if ":" in host: if ":" in host:
host = host.split(":")[0] host = host.split(":")[0]
domain_strict_mode = Environment.get("DOMAIN_STRICT_MODE", bool, False) domain_strict_mode = Environment.get("DOMAIN_STRICT_MODE", bool, False)
if domain is not None and (domain.name not in domains or (domain_strict_mode and not host.endswith(domain.name))): if domain is not None and (
domain.name not in domains
or (domain_strict_mode and not host.endswith(domain.name))
):
return render_template("404.html"), 404 return render_template("404.html"), 404
user_agent = request.headers.get("User-Agent", "").lower() user_agent = request.headers.get("User-Agent", "").lower()
@ -71,6 +78,7 @@ async def _handle_short_url(path: str, short_url: ShortUrl):
return _do_redirect(short_url.target_url) return _do_redirect(short_url.target_url)
async def _track_visit(short_url: ShortUrl): async def _track_visit(short_url: ShortUrl):
try: try:
await shortUrlVisitDao.create( await shortUrlVisitDao.create(
@ -79,6 +87,7 @@ async def _track_visit(short_url: ShortUrl):
except Exception as e: except Exception as e:
logger.error(f"Failed to update short url {short_url.short_url} with error", e) logger.error(f"Failed to update short url {short_url.short_url} with error", e)
async def _find_short_url_by_url(url: str) -> ShortUrl: async def _find_short_url_by_url(url: str) -> ShortUrl:
return await shortUrlDao.find_single_by({ShortUrl.short_url: url}) return await shortUrlDao.find_single_by({ShortUrl.short_url: url})

3
api/src/service/permission/permissions_enum.py
View File

@ -45,6 +45,7 @@ class Permissions(Enum):
# short_urls # short_urls
short_urls = "short_urls" short_urls = "short_urls"
short_urls_by_assignment = "short_urls.by_assignment"
short_urls_create = "short_urls.create" short_urls_create = "short_urls.create"
short_urls_update = "short_urls.update" short_urls_update = "short_urls.update"
short_urls_delete = "short_urls.delete" short_urls_delete = "short_urls.delete"
@ -52,4 +53,6 @@ class Permissions(Enum):
PERMISSION_DESCRIPTIONS = { PERMISSION_DESCRIPTIONS = {
Permissions.users_update: "Edit users, including changing their roles", Permissions.users_update: "Edit users, including changing their roles",
Permissions.short_urls: "See all URLs",
Permissions.short_urls_by_assignment: "See all short urls assigned to a group by role",
} }

2
version.txt
View File

@ -1 +1 @@
1.2.0 1.2.1

1
web/src/app/model/auth/permissionsEnum.ts
View File

@ -29,6 +29,7 @@ export enum PermissionsEnum {
groupsDelete = 'groups.delete', groupsDelete = 'groups.delete',
shortUrls = 'short_urls', shortUrls = 'short_urls',
shortUrlsByAssignment = 'short_urls.by_assignment',
shortUrlsCreate = 'short_urls.create', shortUrlsCreate = 'short_urls.create',
shortUrlsUpdate = 'short_urls.update', shortUrlsUpdate = 'short_urls.update',
shortUrlsDelete = 'short_urls.delete', shortUrlsDelete = 'short_urls.delete',

4
web/src/app/model/entities/group.ts
View File

@ -1,14 +1,18 @@
import { DbModel } from 'src/app/model/entities/db-model'; import { DbModel } from 'src/app/model/entities/db-model';
import { Role } from 'src/app/model/entities/role';
export interface Group extends DbModel { export interface Group extends DbModel {
name: string; name: string;
roles: Role[];
} }
export interface GroupCreateInput { export interface GroupCreateInput {
name: string; name: string;
roles: Role[];
} }
export interface GroupUpdateInput { export interface GroupUpdateInput {
id: number; id: number;
name: string; name: string;
roles: Role[];
} }

7
web/src/app/modules/admin/admin.module.ts
View File

@ -31,7 +31,12 @@ const routes: Routes = [
m => m.ShortUrlsModule m => m.ShortUrlsModule
), ),
canActivate: [PermissionGuard], canActivate: [PermissionGuard],
data: { permissions: [PermissionsEnum.shortUrls] }, data: {
permissions: [
PermissionsEnum.shortUrls,
PermissionsEnum.shortUrlsByAssignment,
],
},
}, },
{ {
path: 'administration', path: 'administration',

20
web/src/app/modules/admin/administration/roles/form-page/role-form-page.component.html
View File

@ -17,11 +17,11 @@
<ng-template formPageContent> <ng-template formPageContent>
<div class="form-page-input"> <div class="form-page-input">
<p class="label">{{ 'common.id' | translate }}</p> <p class="label">{{ 'common.id' | translate }}</p>
<input pInputText class="value" type="number" formControlName="id" /> <input pInputText class="value" type="number" formControlName="id"/>
</div> </div>
<div class="form-page-input"> <div class="form-page-input">
<p class="label">{{ 'common.name' | translate }}</p> <p class="label">{{ 'common.name' | translate }}</p>
<input pInputText class="value" type="text" formControlName="name" /> <input pInputText class="value" type="text" formControlName="name"/>
</div> </div>
<div class="form-page-input"> <div class="form-page-input">
<p class="label">{{ 'common.description' | translate }}</p> <p class="label">{{ 'common.description' | translate }}</p>
@ -29,13 +29,13 @@
pInputText pInputText
class="value" class="value"
type="text" type="text"
formControlName="description" /> formControlName="description"/>
</div> </div>
<div class="divider"></div> <div class="divider"></div>
<div class="flex flex-col gap-5"> <div class="flex flex-col gap-5">
<div *ngFor="let group of Object.keys(permissionGroups)"> <div *ngFor="let group of Object.keys(permissionGroups)">
<div class="flex flex-col"> <div class="flex flex-col gap-2">
<div class="flex justify-between"> <div class="flex justify-between">
<label class="flex-1" for="roles.permission_groups.{{ group }}"> <label class="flex-1" for="roles.permission_groups.{{ group }}">
<h3> <h3>
@ -52,14 +52,20 @@
<div <div
*ngFor="let permission of permissionGroups[group]" *ngFor="let permission of permissionGroups[group]"
class="flex items-center justify-between w-full"> class="flex flex-col">
<div class="flex items-center justify-between w-full">
<label class="flex-1" for="{{ permission.name }}"> <label class="flex-1" for="{{ permission.name }}">
{{ 'permissions.' + permission.name | translate }} {{ 'permissions.' + permission.name | translate }}
</label> </label>
<p-inputSwitch [formControlName]="permission.name"> <p-inputSwitch class="flex items-center justify-center" [formControlName]="permission.name">
>
</p-inputSwitch> </p-inputSwitch>
</div> </div>
<div *ngIf="permission.description">
<p class="text-sm text-gray-500">
{{ permission.description }}
</p>
</div>
</div>
</div> </div>
</div> </div>
</div> </div>

85
web/src/app/modules/admin/administration/roles/form-page/role-form-page.component.ts
View File

@ -1,21 +1,22 @@
import { Component } from "@angular/core"; import { Component } from '@angular/core';
import { import {
Permission, Permission,
Role, Role,
RoleCreateInput, RoleCreateInput,
RoleUpdateInput, RoleUpdateInput,
} from "src/app/model/entities/role"; } from 'src/app/model/entities/role';
import { InputSwitchChangeEvent } from "primeng/inputswitch"; import { InputSwitchChangeEvent } from 'primeng/inputswitch';
import { ToastService } from "src/app/service/toast.service"; import { ToastService } from 'src/app/service/toast.service';
import { firstValueFrom } from "rxjs"; import { firstValueFrom } from 'rxjs';
import { FormPageBase } from "src/app/core/base/form-page-base"; import { FormPageBase } from 'src/app/core/base/form-page-base';
import { RolesDataService } from "src/app/modules/admin/administration/roles/roles.data.service"; import { RolesDataService } from 'src/app/modules/admin/administration/roles/roles.data.service';
import { FormControl, FormGroup, Validators } from "@angular/forms"; import { FormControl, FormGroup, Validators } from '@angular/forms';
import { TranslateService } from '@ngx-translate/core';
@Component({ @Component({
selector: "app-role-form-page", selector: 'app-role-form-page',
templateUrl: "./role-form-page.component.html", templateUrl: './role-form-page.component.html',
styleUrl: "./role-form-page.component.scss", styleUrl: './role-form-page.component.scss',
}) })
export class RoleFormPageComponent extends FormPageBase< export class RoleFormPageComponent extends FormPageBase<
Role, Role,
@ -26,7 +27,10 @@ export class RoleFormPageComponent extends FormPageBase<
permissionGroups: { [key: string]: Permission[] } = {}; permissionGroups: { [key: string]: Permission[] } = {};
allPermissions: Permission[] = []; allPermissions: Permission[] = [];
constructor(private toast: ToastService) { constructor(
private toast: ToastService,
private translate: TranslateService
) {
super(); super();
this.initializePermissions().then(() => { this.initializePermissions().then(() => {
if (!this.nodeId) { if (!this.nodeId) {
@ -36,7 +40,7 @@ export class RoleFormPageComponent extends FormPageBase<
return; return;
} }
this.dataService.loadById(this.nodeId).subscribe((role) => { this.dataService.loadById(this.nodeId).subscribe(role => {
this.node = role; this.node = role;
this.setForm(this.node); this.setForm(this.node);
}); });
@ -45,12 +49,17 @@ export class RoleFormPageComponent extends FormPageBase<
async initializePermissions() { async initializePermissions() {
const permissions = await firstValueFrom( const permissions = await firstValueFrom(
this.dataService.getAllPermissions(), this.dataService.getAllPermissions()
); );
this.allPermissions = permissions; this.allPermissions = permissions.map(x => {
const key = `permission_descriptions.${x.name}`;
const description = this.translate.instant(key);
x.description = description === key ? undefined : description;
return x;
});
this.permissionGroups = permissions.reduce( this.permissionGroups = permissions.reduce(
(acc, p) => { (acc, p) => {
const group = p.name.includes(".") ? p.name.split(".")[0] : p.name; const group = p.name.includes('.') ? p.name.split('.')[0] : p.name;
if (!acc[group]) { if (!acc[group]) {
acc[group] = []; acc[group] = [];
@ -58,10 +67,10 @@ export class RoleFormPageComponent extends FormPageBase<
acc[group].push(p); acc[group].push(p);
return acc; return acc;
}, },
{} as { [key: string]: Permission[] }, {} as { [key: string]: Permission[] }
); );
permissions.forEach((p) => { permissions.forEach(p => {
this.form.addControl(p.name, new FormControl<boolean>(false)); this.form.addControl(p.name, new FormControl<boolean>(false));
}); });
} }
@ -76,48 +85,48 @@ export class RoleFormPageComponent extends FormPageBase<
name: new FormControl<string | undefined>(undefined, Validators.required), name: new FormControl<string | undefined>(undefined, Validators.required),
description: new FormControl<string | undefined>(undefined), description: new FormControl<string | undefined>(undefined),
}); });
this.form.controls["id"].disable(); this.form.controls['id'].disable();
} }
setForm(node?: Role) { setForm(node?: Role) {
this.form.controls["id"].setValue(node?.id); this.form.controls['id'].setValue(node?.id);
this.form.controls["name"].setValue(node?.name); this.form.controls['name'].setValue(node?.name);
this.form.controls["description"].setValue(node?.description); this.form.controls['description'].setValue(node?.description);
if (!node) return; if (!node) return;
const permissions = node.permissions ?? []; const permissions = node.permissions ?? [];
permissions.forEach((p) => { permissions.forEach(p => {
this.form.controls[p.name].setValue(true); this.form.controls[p.name].setValue(true);
}); });
} }
getCreateInput(): RoleCreateInput { getCreateInput(): RoleCreateInput {
return { return {
name: this.form.controls["name"].pristine name: this.form.controls['name'].pristine
? undefined ? undefined
: (this.form.controls["name"].value ?? undefined), : (this.form.controls['name'].value ?? undefined),
description: this.form.controls["description"].pristine description: this.form.controls['description'].pristine
? undefined ? undefined
: (this.form.controls["description"].value ?? undefined), : (this.form.controls['description'].value ?? undefined),
permissions: this.allPermissions.filter( permissions: this.allPermissions.filter(
(p) => this.form.controls[p.name].value, p => this.form.controls[p.name].value
), ),
}; };
} }
getUpdateInput(): RoleUpdateInput { getUpdateInput(): RoleUpdateInput {
return { return {
id: this.form.controls["id"].value, id: this.form.controls['id'].value,
name: this.form.controls["name"].pristine name: this.form.controls['name'].pristine
? undefined ? undefined
: this.form.controls["name"].value, : this.form.controls['name'].value,
description: this.form.controls["description"].pristine description: this.form.controls['description'].pristine
? undefined ? undefined
: this.form.controls["description"].value, : this.form.controls['description'].value,
permissions: this.allPermissions.filter( permissions: this.allPermissions.filter(
(p) => this.form.controls[p.name].value, p => this.form.controls[p.name].value
), ),
}; };
} }
@ -125,7 +134,7 @@ export class RoleFormPageComponent extends FormPageBase<
create(role: RoleCreateInput): void { create(role: RoleCreateInput): void {
this.dataService.create(role).subscribe(() => { this.dataService.create(role).subscribe(() => {
this.spinner.hide(); this.spinner.hide();
this.toast.success("action.created"); this.toast.success('action.created');
this.close(); this.close();
}); });
} }
@ -133,20 +142,20 @@ export class RoleFormPageComponent extends FormPageBase<
update(role: RoleUpdateInput): void { update(role: RoleUpdateInput): void {
this.dataService.update(role).subscribe(() => { this.dataService.update(role).subscribe(() => {
this.spinner.hide(); this.spinner.hide();
this.toast.success("action.created"); this.toast.success('action.created');
this.close(); this.close();
}); });
} }
toggleGroup(event: InputSwitchChangeEvent, group: string) { toggleGroup(event: InputSwitchChangeEvent, group: string) {
this.permissionGroups[group].forEach((p) => { this.permissionGroups[group].forEach(p => {
this.form.controls[p.name].setValue(event.checked); this.form.controls[p.name].setValue(event.checked);
}); });
} }
isGroupChecked(group: string) { isGroupChecked(group: string) {
return this.permissionGroups[group].every( return this.permissionGroups[group].every(
(p) => this.form.controls[p.name].value, p => this.form.controls[p.name].value
); );
} }

73
web/src/app/modules/admin/administration/roles/roles.data.service.ts
View File

@ -1,25 +1,25 @@
import { Injectable, Provider } from "@angular/core"; import { Injectable, Provider } from '@angular/core';
import { Observable } from "rxjs"; import { Observable } from 'rxjs';
import { import {
Create, Create,
Delete, Delete,
PageDataService, PageDataService,
Restore, Restore,
Update, Update,
} from "src/app/core/base/page.data.service"; } from 'src/app/core/base/page.data.service';
import { import {
Permission, Permission,
Role, Role,
RoleCreateInput, RoleCreateInput,
RoleUpdateInput, RoleUpdateInput,
} from "src/app/model/entities/role"; } from 'src/app/model/entities/role';
import { Filter } from "src/app/model/graphql/filter/filter.model"; import { Filter } from 'src/app/model/graphql/filter/filter.model';
import { Sort } from "src/app/model/graphql/filter/sort.model"; import { Sort } from 'src/app/model/graphql/filter/sort.model';
import { Apollo, gql } from "apollo-angular"; import { Apollo, gql } from 'apollo-angular';
import { QueryResult } from "src/app/model/entities/query-result"; import { QueryResult } from 'src/app/model/entities/query-result';
import { DB_MODEL_FRAGMENT } from "src/app/model/graphql/db-model.query"; import { DB_MODEL_FRAGMENT } from 'src/app/model/graphql/db-model.query';
import { catchError, map } from "rxjs/operators"; import { catchError, map } from 'rxjs/operators';
import { SpinnerService } from "src/app/service/spinner.service"; import { SpinnerService } from 'src/app/service/spinner.service';
@Injectable() @Injectable()
export class RolesDataService export class RolesDataService
@ -32,7 +32,7 @@ export class RolesDataService
{ {
constructor( constructor(
private spinner: SpinnerService, private spinner: SpinnerService,
private apollo: Apollo, private apollo: Apollo
) { ) {
super(); super();
} }
@ -41,7 +41,7 @@ export class RolesDataService
filter?: Filter[] | undefined, filter?: Filter[] | undefined,
sort?: Sort[] | undefined, sort?: Sort[] | undefined,
skip?: number | undefined, skip?: number | undefined,
take?: number | undefined, take?: number | undefined
): Observable<QueryResult<Role>> { ): Observable<QueryResult<Role>> {
return this.apollo return this.apollo
.query<{ roles: QueryResult<Role> }>({ .query<{ roles: QueryResult<Role> }>({
@ -75,12 +75,12 @@ export class RolesDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.roles)); .pipe(map(result => result.data.roles));
} }
loadById(id: number): Observable<Role> { loadById(id: number): Observable<Role> {
@ -112,12 +112,12 @@ export class RolesDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.roles.nodes[0])); .pipe(map(result => result.data.roles.nodes[0]));
} }
create(object: RoleCreateInput): Observable<Role | undefined> { create(object: RoleCreateInput): Observable<Role | undefined> {
@ -145,17 +145,17 @@ export class RolesDataService
input: { input: {
name: object.name, name: object.name,
description: object.description, description: object.description,
permissions: object.permissions?.map((x) => x.id), permissions: object.permissions?.map(x => x.id),
}, },
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.role.create)); .pipe(map(result => result.data?.role.create));
} }
update(object: RoleUpdateInput): Observable<Role | undefined> { update(object: RoleUpdateInput): Observable<Role | undefined> {
@ -184,17 +184,17 @@ export class RolesDataService
id: object.id, id: object.id,
name: object.name, name: object.name,
description: object.description, description: object.description,
permissions: object.permissions?.map((x) => x.id), permissions: object.permissions?.map(x => x.id),
}, },
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.role.update)); .pipe(map(result => result.data?.role.update));
} }
delete(object: Role): Observable<boolean> { delete(object: Role): Observable<boolean> {
@ -212,12 +212,12 @@ export class RolesDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.role.delete ?? false)); .pipe(map(result => result.data?.role.delete ?? false));
} }
restore(object: Role): Observable<boolean> { restore(object: Role): Observable<boolean> {
@ -235,12 +235,12 @@ export class RolesDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.role.restore ?? false)); .pipe(map(result => result.data?.role.restore ?? false));
} }
getAllPermissions(): Observable<Permission[]> { getAllPermissions(): Observable<Permission[]> {
@ -252,18 +252,19 @@ export class RolesDataService
nodes { nodes {
id id
name name
description
} }
} }
} }
`, `,
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.permissions.nodes)); .pipe(map(result => result.data.permissions.nodes));
} }
static provide(): Provider[] { static provide(): Provider[] {

68
web/src/app/modules/admin/administration/users/form-page/user-form-page.component.ts
View File

@ -1,20 +1,21 @@
import { Component } from "@angular/core"; import { Component } from '@angular/core';
import { FormControl, FormGroup } from "@angular/forms"; import { FormControl, FormGroup } from '@angular/forms';
import { ToastService } from "src/app/service/toast.service"; import { ToastService } from 'src/app/service/toast.service';
import { FormPageBase } from "src/app/core/base/form-page-base"; import { FormPageBase } from 'src/app/core/base/form-page-base';
import { import {
NotExistingUser, NotExistingUser,
User, User,
UserCreateInput, UserCreateInput,
UserUpdateInput, UserUpdateInput,
} from "src/app/model/auth/user"; } from 'src/app/model/auth/user';
import { Role } from "src/app/model/entities/role"; import { Role } from 'src/app/model/entities/role';
import { UsersDataService } from "src/app/modules/admin/administration/users/users.data.service"; import { UsersDataService } from 'src/app/modules/admin/administration/users/users.data.service';
import { CommonDataService } from 'src/app/modules/shared/service/common-data.service';
@Component({ @Component({
selector: "app-user-form-page", selector: 'app-user-form-page',
templateUrl: "./user-form-page.component.html", templateUrl: './user-form-page.component.html',
styleUrl: "./user-form-page.component.scss", styleUrl: './user-form-page.component.scss',
}) })
export class UserFormPageComponent extends FormPageBase< export class UserFormPageComponent extends FormPageBase<
User, User,
@ -25,14 +26,17 @@ export class UserFormPageComponent extends FormPageBase<
notExistingUsers: NotExistingUser[] = []; notExistingUsers: NotExistingUser[] = [];
roles: Role[] = []; roles: Role[] = [];
constructor(private toast: ToastService) { constructor(
private toast: ToastService,
private cds: CommonDataService
) {
super(); super();
this.dataService.getAllRoles().subscribe((roles) => { this.cds.getAllRoles().subscribe(roles => {
this.roles = roles; this.roles = roles;
}); });
if (!this.nodeId) { if (!this.nodeId) {
this.dataService.getNotExistingUsersFromKeycloak().subscribe((users) => { this.dataService.getNotExistingUsersFromKeycloak().subscribe(users => {
this.notExistingUsers = users; this.notExistingUsers = users;
this.node = this.new(); this.node = this.new();
this.setForm(this.node); this.setForm(this.node);
@ -41,7 +45,7 @@ export class UserFormPageComponent extends FormPageBase<
return; return;
} }
this.dataService.loadById(this.nodeId).subscribe((user) => { this.dataService.loadById(this.nodeId).subscribe(user => {
this.node = user; this.node = user;
this.setForm(this.node); this.setForm(this.node);
}); });
@ -59,47 +63,47 @@ export class UserFormPageComponent extends FormPageBase<
email: new FormControl<string | undefined>(undefined), email: new FormControl<string | undefined>(undefined),
roles: new FormControl<Role[]>([]), roles: new FormControl<Role[]>([]),
}); });
this.form.controls["id"].disable(); this.form.controls['id'].disable();
this.form.controls["username"].disable(); this.form.controls['username'].disable();
this.form.controls["email"].disable(); this.form.controls['email'].disable();
} }
setForm(node?: User) { setForm(node?: User) {
this.form.controls["id"].setValue(node?.id); this.form.controls['id'].setValue(node?.id);
this.form.controls["username"].setValue(node?.username); this.form.controls['username'].setValue(node?.username);
this.form.controls["email"].setValue(node?.email); this.form.controls['email'].setValue(node?.email);
this.form.controls["roles"].setValue(node?.roles ?? []); this.form.controls['roles'].setValue(node?.roles ?? []);
if (this.notExistingUsers.length > 0) { if (this.notExistingUsers.length > 0) {
this.form.controls["id"].enable(); this.form.controls['id'].enable();
this.form.controls["keycloakId"].reset(undefined, { required: true }); this.form.controls['keycloakId'].reset(undefined, { required: true });
} }
} }
getCreateInput(): UserCreateInput { getCreateInput(): UserCreateInput {
return { return {
keycloakId: this.form.controls["keycloakId"].pristine keycloakId: this.form.controls['keycloakId'].pristine
? undefined ? undefined
: this.form.controls["keycloakId"].value, : this.form.controls['keycloakId'].value,
roles: this.form.controls["roles"].pristine roles: this.form.controls['roles'].pristine
? undefined ? undefined
: this.form.controls["roles"].value, : this.form.controls['roles'].value,
}; };
} }
getUpdateInput(): UserUpdateInput { getUpdateInput(): UserUpdateInput {
return { return {
id: this.form.controls["id"].value, id: this.form.controls['id'].value,
roles: this.form.controls["roles"].pristine roles: this.form.controls['roles'].pristine
? undefined ? undefined
: this.form.controls["roles"].value, : this.form.controls['roles'].value,
}; };
} }
create(user: UserCreateInput): void { create(user: UserCreateInput): void {
this.dataService.create(user).subscribe(() => { this.dataService.create(user).subscribe(() => {
this.spinner.hide(); this.spinner.hide();
this.toast.success("action.created"); this.toast.success('action.created');
this.close(); this.close();
}); });
} }
@ -107,7 +111,7 @@ export class UserFormPageComponent extends FormPageBase<
update(user: UserUpdateInput): void { update(user: UserUpdateInput): void {
this.dataService.update(user).subscribe(() => { this.dataService.update(user).subscribe(() => {
this.spinner.hide(); this.spinner.hide();
this.toast.success("action.created"); this.toast.success('action.created');
this.close(); this.close();
}); });
} }

95
web/src/app/modules/admin/administration/users/users.data.service.ts
View File

@ -1,26 +1,26 @@
import { Injectable, Provider } from "@angular/core"; import { Injectable, Provider } from '@angular/core';
import { Observable } from "rxjs"; import { Observable } from 'rxjs';
import { import {
Create, Create,
Delete, Delete,
PageDataService, PageDataService,
Restore, Restore,
Update, Update,
} from "src/app/core/base/page.data.service"; } from 'src/app/core/base/page.data.service';
import { Filter } from "src/app/model/graphql/filter/filter.model"; import { Filter } from 'src/app/model/graphql/filter/filter.model';
import { Sort } from "src/app/model/graphql/filter/sort.model"; import { Sort } from 'src/app/model/graphql/filter/sort.model';
import { Apollo, gql } from "apollo-angular"; import { Apollo, gql } from 'apollo-angular';
import { QueryResult } from "src/app/model/entities/query-result"; import { QueryResult } from 'src/app/model/entities/query-result';
import { DB_MODEL_FRAGMENT } from "src/app/model/graphql/db-model.query"; import { DB_MODEL_FRAGMENT } from 'src/app/model/graphql/db-model.query';
import { catchError, map } from "rxjs/operators"; import { catchError, map } from 'rxjs/operators';
import { SpinnerService } from "src/app/service/spinner.service"; import { SpinnerService } from 'src/app/service/spinner.service';
import { import {
NotExistingUser, NotExistingUser,
User, User,
UserCreateInput, UserCreateInput,
UserUpdateInput, UserUpdateInput,
} from "src/app/model/auth/user"; } from 'src/app/model/auth/user';
import { Role } from "src/app/model/entities/role"; import { Role } from 'src/app/model/entities/role';
@Injectable() @Injectable()
export class UsersDataService export class UsersDataService
@ -33,7 +33,7 @@ export class UsersDataService
{ {
constructor( constructor(
private spinner: SpinnerService, private spinner: SpinnerService,
private apollo: Apollo, private apollo: Apollo
) { ) {
super(); super();
} }
@ -42,7 +42,7 @@ export class UsersDataService
filter?: Filter[] | undefined, filter?: Filter[] | undefined,
sort?: Sort[] | undefined, sort?: Sort[] | undefined,
skip?: number | undefined, skip?: number | undefined,
take?: number | undefined, take?: number | undefined
): Observable<QueryResult<User>> { ): Observable<QueryResult<User>> {
return this.apollo return this.apollo
.query<{ users: QueryResult<User> }>({ .query<{ users: QueryResult<User> }>({
@ -77,12 +77,12 @@ export class UsersDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.users)); .pipe(map(result => result.data.users));
} }
loadById(id: number): Observable<User> { loadById(id: number): Observable<User> {
@ -115,12 +115,12 @@ export class UsersDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.users.nodes[0])); .pipe(map(result => result.data.users.nodes[0]));
} }
create(object: UserCreateInput): Observable<User | undefined> { create(object: UserCreateInput): Observable<User | undefined> {
@ -145,17 +145,17 @@ export class UsersDataService
variables: { variables: {
input: { input: {
keycloakId: object.keycloakId, keycloakId: object.keycloakId,
roles: object.roles?.map((x) => x.id), roles: object.roles?.map(x => x.id),
}, },
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.user.create)); .pipe(map(result => result.data?.user.create));
} }
update(object: UserUpdateInput): Observable<User | undefined> { update(object: UserUpdateInput): Observable<User | undefined> {
@ -180,17 +180,17 @@ export class UsersDataService
variables: { variables: {
input: { input: {
id: object.id, id: object.id,
roles: object.roles?.map((x) => x.id), roles: object.roles?.map(x => x.id),
}, },
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.user.update)); .pipe(map(result => result.data?.user.update));
} }
delete(object: User): Observable<boolean> { delete(object: User): Observable<boolean> {
@ -208,12 +208,12 @@ export class UsersDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.user.delete ?? false)); .pipe(map(result => result.data?.user.delete ?? false));
} }
restore(object: User): Observable<boolean> { restore(object: User): Observable<boolean> {
@ -231,35 +231,12 @@ export class UsersDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}),
)
.pipe(map((result) => result.data?.user.restore ?? false));
}
getAllRoles(): Observable<Role[]> {
return this.apollo
.query<{ roles: QueryResult<Role> }>({
query: gql`
query getRoles {
roles {
nodes {
id
name
}
}
}
`,
}) })
.pipe(
catchError((err) => {
this.spinner.hide();
throw err;
}),
) )
.pipe(map((result) => result.data.roles.nodes)); .pipe(map(result => result.data?.user.restore ?? false));
} }
getNotExistingUsersFromKeycloak(): Observable<NotExistingUser[]> { getNotExistingUsersFromKeycloak(): Observable<NotExistingUser[]> {
@ -277,12 +254,12 @@ export class UsersDataService
`, `,
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.notExistingUsersFromKeycloak.nodes)); .pipe(map(result => result.data.notExistingUsersFromKeycloak.nodes));
} }
static provide(): Provider[] { static provide(): Provider[] {

16
web/src/app/modules/admin/domains/domains.page.ts
View File

@ -3,9 +3,9 @@ import { PageBase } from 'src/app/core/base/page-base';
import { ToastService } from 'src/app/service/toast.service'; import { ToastService } from 'src/app/service/toast.service';
import { ConfirmationDialogService } from 'src/app/service/confirmation-dialog.service'; import { ConfirmationDialogService } from 'src/app/service/confirmation-dialog.service';
import { PermissionsEnum } from 'src/app/model/auth/permissionsEnum'; import { PermissionsEnum } from 'src/app/model/auth/permissionsEnum';
import { Group } from 'src/app/model/entities/group';
import { DomainsDataService } from 'src/app/modules/admin/domains/domains.data.service'; import { DomainsDataService } from 'src/app/modules/admin/domains/domains.data.service';
import { DomainsColumns } from 'src/app/modules/admin/domains/domains.columns'; import { DomainsColumns } from 'src/app/modules/admin/domains/domains.columns';
import { Domain } from 'src/app/model/entities/domain';
@Component({ @Component({
selector: 'app-domains', selector: 'app-domains',
@ -13,7 +13,7 @@ import { DomainsColumns } from 'src/app/modules/admin/domains/domains.columns';
styleUrl: './domains.page.scss', styleUrl: './domains.page.scss',
}) })
export class DomainsPage extends PageBase< export class DomainsPage extends PageBase<
Group, Domain,
DomainsDataService, DomainsDataService,
DomainsColumns DomainsColumns
> { > {
@ -40,33 +40,33 @@ export class DomainsPage extends PageBase<
}); });
} }
delete(group: Group): void { delete(domain: Domain): void {
this.confirmation.confirmDialog({ this.confirmation.confirmDialog({
header: 'dialog.delete.header', header: 'dialog.delete.header',
message: 'dialog.delete.message', message: 'dialog.delete.message',
accept: () => { accept: () => {
this.loading = true; this.loading = true;
this.dataService.delete(group).subscribe(() => { this.dataService.delete(domain).subscribe(() => {
this.toast.success('action.deleted'); this.toast.success('action.deleted');
this.load(); this.load();
}); });
}, },
messageParams: { entity: group.name }, messageParams: { entity: domain.name },
}); });
} }
restore(group: Group): void { restore(domain: Domain): void {
this.confirmation.confirmDialog({ this.confirmation.confirmDialog({
header: 'dialog.restore.header', header: 'dialog.restore.header',
message: 'dialog.restore.message', message: 'dialog.restore.message',
accept: () => { accept: () => {
this.loading = true; this.loading = true;
this.dataService.restore(group).subscribe(() => { this.dataService.restore(domain).subscribe(() => {
this.toast.success('action.restored'); this.toast.success('action.restored');
this.load(); this.load();
}); });
}, },
messageParams: { entity: group.name }, messageParams: { entity: domain.name },
}); });
} }
} }

8
web/src/app/modules/admin/groups/form-page/group-form-page.component.html
View File

@ -27,5 +27,13 @@
type="text" type="text"
formControlName="name"/> formControlName="name"/>
</div> </div>
<div class="divider"></div>
<p-multiSelect
[options]="roles"
formControlName="roles"
optionLabel="name"
placeholder="{{ 'user.assign_roles' | translate }}"
display="chip"
[showClear]="true" />
</ng-template> </ng-template>
</app-form-page> </app-form-page>

63
web/src/app/modules/admin/groups/form-page/group-form-page.component.ts
View File

@ -1,18 +1,20 @@
import { Component } from "@angular/core"; import { Component } from '@angular/core';
import { FormControl, FormGroup, Validators } from "@angular/forms"; import { FormControl, FormGroup, Validators } from '@angular/forms';
import { ToastService } from "src/app/service/toast.service"; import { ToastService } from 'src/app/service/toast.service';
import { FormPageBase } from "src/app/core/base/form-page-base"; import { FormPageBase } from 'src/app/core/base/form-page-base';
import { import {
Group, Group,
GroupCreateInput, GroupCreateInput,
GroupUpdateInput, GroupUpdateInput,
} from "src/app/model/entities/group"; } from 'src/app/model/entities/group';
import { GroupsDataService } from "src/app/modules/admin/groups/groups.data.service"; import { GroupsDataService } from 'src/app/modules/admin/groups/groups.data.service';
import { Role } from 'src/app/model/entities/role';
import { CommonDataService } from 'src/app/modules/shared/service/common-data.service';
@Component({ @Component({
selector: "app-group-form-page", selector: 'app-group-form-page',
templateUrl: "./group-form-page.component.html", templateUrl: './group-form-page.component.html',
styleUrl: "./group-form-page.component.scss", styleUrl: './group-form-page.component.scss',
}) })
export class GroupFormPageComponent extends FormPageBase< export class GroupFormPageComponent extends FormPageBase<
Group, Group,
@ -20,8 +22,17 @@ export class GroupFormPageComponent extends FormPageBase<
GroupUpdateInput, GroupUpdateInput,
GroupsDataService GroupsDataService
> { > {
constructor(private toast: ToastService) { roles: Role[] = [];
constructor(
private toast: ToastService,
private cds: CommonDataService
) {
super(); super();
this.cds.getAllRoles().subscribe(roles => {
this.roles = roles;
});
if (!this.nodeId) { if (!this.nodeId) {
this.node = this.new(); this.node = this.new();
this.setForm(this.node); this.setForm(this.node);
@ -31,7 +42,7 @@ export class GroupFormPageComponent extends FormPageBase<
this.dataService this.dataService
.load([{ id: { equal: this.nodeId } }]) .load([{ id: { equal: this.nodeId } }])
.subscribe((apiKey) => { .subscribe(apiKey => {
this.node = apiKey.nodes[0]; this.node = apiKey.nodes[0];
this.setForm(this.node); this.setForm(this.node);
}); });
@ -45,40 +56,48 @@ export class GroupFormPageComponent extends FormPageBase<
this.form = new FormGroup({ this.form = new FormGroup({
id: new FormControl<number | undefined>(undefined), id: new FormControl<number | undefined>(undefined),
name: new FormControl<string | undefined>(undefined, Validators.required), name: new FormControl<string | undefined>(undefined, Validators.required),
roles: new FormControl<Role[]>([]),
}); });
this.form.controls["id"].disable(); this.form.controls['id'].disable();
} }
setForm(node?: Group) { setForm(node?: Group) {
this.form.controls["id"].setValue(node?.id); this.form.controls['id'].setValue(node?.id);
this.form.controls["name"].setValue(node?.name); this.form.controls['name'].setValue(node?.name);
this.form.controls['roles'].setValue(node?.roles ?? []);
} }
getCreateInput(): GroupCreateInput { getCreateInput(): GroupCreateInput {
return { return {
name: this.form.controls["name"].pristine name: this.form.controls['name'].pristine
? undefined ? undefined
: (this.form.controls["name"].value ?? undefined), : (this.form.controls['name'].value ?? undefined),
roles: this.form.controls['roles'].pristine
? undefined
: this.form.controls['roles'].value,
}; };
} }
getUpdateInput(): GroupUpdateInput { getUpdateInput(): GroupUpdateInput {
if (!this.node?.id) { if (!this.node?.id) {
throw new Error("Node id is missing"); throw new Error('Node id is missing');
} }
return { return {
id: this.form.controls["id"].value, id: this.form.controls['id'].value,
name: this.form.controls["name"].pristine name: this.form.controls['name'].pristine
? undefined ? undefined
: (this.form.controls["name"].value ?? undefined), : (this.form.controls['name'].value ?? undefined),
roles: this.form.controls['roles'].pristine
? undefined
: this.form.controls['roles'].value,
}; };
} }
create(apiKey: GroupCreateInput): void { create(apiKey: GroupCreateInput): void {
this.dataService.create(apiKey).subscribe(() => { this.dataService.create(apiKey).subscribe(() => {
this.spinner.hide(); this.spinner.hide();
this.toast.success("action.created"); this.toast.success('action.created');
this.close(); this.close();
}); });
} }
@ -86,7 +105,7 @@ export class GroupFormPageComponent extends FormPageBase<
update(apiKey: GroupUpdateInput): void { update(apiKey: GroupUpdateInput): void {
this.dataService.update(apiKey).subscribe(() => { this.dataService.update(apiKey).subscribe(() => {
this.spinner.hide(); this.spinner.hide();
this.toast.success("action.created"); this.toast.success('action.created');
this.close(); this.close();
}); });
} }

72
web/src/app/modules/admin/groups/groups.data.service.ts
View File

@ -1,24 +1,24 @@
import { Injectable, Provider } from "@angular/core"; import { Injectable, Provider } from '@angular/core';
import { Observable } from "rxjs"; import { Observable } from 'rxjs';
import { import {
Create, Create,
Delete, Delete,
PageDataService, PageDataService,
Restore, Restore,
Update, Update,
} from "src/app/core/base/page.data.service"; } from 'src/app/core/base/page.data.service';
import { Filter } from "src/app/model/graphql/filter/filter.model"; import { Filter } from 'src/app/model/graphql/filter/filter.model';
import { Sort } from "src/app/model/graphql/filter/sort.model"; import { Sort } from 'src/app/model/graphql/filter/sort.model';
import { Apollo, gql } from "apollo-angular"; import { Apollo, gql } from 'apollo-angular';
import { QueryResult } from "src/app/model/entities/query-result"; import { QueryResult } from 'src/app/model/entities/query-result';
import { DB_MODEL_FRAGMENT } from "src/app/model/graphql/db-model.query"; import { DB_MODEL_FRAGMENT } from 'src/app/model/graphql/db-model.query';
import { catchError, map } from "rxjs/operators"; import { catchError, map } from 'rxjs/operators';
import { SpinnerService } from "src/app/service/spinner.service"; import { SpinnerService } from 'src/app/service/spinner.service';
import { import {
Group, Group,
GroupCreateInput, GroupCreateInput,
GroupUpdateInput, GroupUpdateInput,
} from "src/app/model/entities/group"; } from 'src/app/model/entities/group';
@Injectable() @Injectable()
export class GroupsDataService export class GroupsDataService
@ -31,7 +31,7 @@ export class GroupsDataService
{ {
constructor( constructor(
private spinner: SpinnerService, private spinner: SpinnerService,
private apollo: Apollo, private apollo: Apollo
) { ) {
super(); super();
} }
@ -40,7 +40,7 @@ export class GroupsDataService
filter?: Filter[] | undefined, filter?: Filter[] | undefined,
sort?: Sort[] | undefined, sort?: Sort[] | undefined,
skip?: number | undefined, skip?: number | undefined,
take?: number | undefined, take?: number | undefined
): Observable<QueryResult<Group>> { ): Observable<QueryResult<Group>> {
return this.apollo return this.apollo
.query<{ groups: QueryResult<Group> }>({ .query<{ groups: QueryResult<Group> }>({
@ -57,6 +57,10 @@ export class GroupsDataService
nodes { nodes {
id id
name name
roles {
id
name
}
...DB_MODEL ...DB_MODEL
} }
@ -73,12 +77,12 @@ export class GroupsDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.groups)); .pipe(map(result => result.data.groups));
} }
loadById(id: number): Observable<Group> { loadById(id: number): Observable<Group> {
@ -89,6 +93,10 @@ export class GroupsDataService
group(filter: { id: { equal: $id } }) { group(filter: { id: { equal: $id } }) {
id id
name name
roles {
id
name
}
...DB_MODEL ...DB_MODEL
} }
@ -101,12 +109,12 @@ export class GroupsDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data.groups.nodes[0])); .pipe(map(result => result.data.groups.nodes[0]));
} }
create(object: GroupCreateInput): Observable<Group | undefined> { create(object: GroupCreateInput): Observable<Group | undefined> {
@ -129,16 +137,17 @@ export class GroupsDataService
variables: { variables: {
input: { input: {
name: object.name, name: object.name,
roles: object.roles?.map(x => x.id),
}, },
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.group.create)); .pipe(map(result => result.data?.group.create));
} }
update(object: GroupUpdateInput): Observable<Group | undefined> { update(object: GroupUpdateInput): Observable<Group | undefined> {
@ -162,16 +171,17 @@ export class GroupsDataService
input: { input: {
id: object.id, id: object.id,
name: object.name, name: object.name,
roles: object.roles?.map(x => x.id),
}, },
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.group.update)); .pipe(map(result => result.data?.group.update));
} }
delete(object: Group): Observable<boolean> { delete(object: Group): Observable<boolean> {
@ -189,12 +199,12 @@ export class GroupsDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.group.delete ?? false)); .pipe(map(result => result.data?.group.delete ?? false));
} }
restore(object: Group): Observable<boolean> { restore(object: Group): Observable<boolean> {
@ -212,12 +222,12 @@ export class GroupsDataService
}, },
}) })
.pipe( .pipe(
catchError((err) => { catchError(err => {
this.spinner.hide(); this.spinner.hide();
throw err; throw err;
}), })
) )
.pipe(map((result) => result.data?.group.restore ?? false)); .pipe(map(result => result.data?.group.restore ?? false));
} }
static provide(): Provider[] { static provide(): Provider[] {

2
web/src/app/modules/admin/short-urls/short-urls.page.html
View File

@ -109,7 +109,7 @@
</div> </div>
<div class="divider"></div> <div class="divider"></div>
<div class="bg2 rounded-xl p-3"> <div class="bg2 rounded-xl p-3" *ngIf="shortUrlsWithoutGroup.length > 0">
<div class="flex flex-wrap gap-1.5"> <div class="flex flex-wrap gap-1.5">
<ng-template *ngFor="let url of shortUrlsWithoutGroup" [ngTemplateOutlet]="shortUrl" <ng-template *ngFor="let url of shortUrlsWithoutGroup" [ngTemplateOutlet]="shortUrl"
[ngTemplateOutletContext]="{ $implicit: url }"></ng-template> [ngTemplateOutletContext]="{ $implicit: url }"></ng-template>

40
web/src/app/modules/shared/service/common-data.service.ts Normal file
View File

@ -0,0 +1,40 @@
import { Injectable } from '@angular/core';
import { Observable } from 'rxjs';
import { Role } from 'src/app/model/entities/role';
import { QueryResult } from 'src/app/model/entities/query-result';
import { Apollo, gql } from 'apollo-angular';
import { catchError, map } from 'rxjs/operators';
import { SpinnerService } from 'src/app/service/spinner.service';
@Injectable({
providedIn: 'root',
})
export class CommonDataService {
constructor(
private spinner: SpinnerService,
private apollo: Apollo
) {}
getAllRoles(): Observable<Role[]> {
return this.apollo
.query<{ roles: QueryResult<Role> }>({
query: gql`
query getRoles {
roles {
nodes {
id
name
}
}
}
`,
})
.pipe(
catchError(err => {
this.spinner.hide();
throw err;
})
)
.pipe(map(result => result.data.roles.nodes));
}
}

41
web/src/app/service/auth.service.ts
View File

@ -1,16 +1,16 @@
import { Injectable } from "@angular/core"; import { Injectable } from '@angular/core';
import { User } from "src/app/model/auth/user"; import { User } from 'src/app/model/auth/user';
import { BehaviorSubject, firstValueFrom, Observable } from "rxjs"; import { BehaviorSubject, concatWith, firstValueFrom, Observable } from 'rxjs';
import { Apollo, gql } from "apollo-angular"; import { Apollo, gql } from 'apollo-angular';
import { PermissionsEnum } from "src/app/model/auth/permissionsEnum"; import { PermissionsEnum } from 'src/app/model/auth/permissionsEnum';
import { KeycloakService } from "keycloak-angular"; import { KeycloakService } from 'keycloak-angular';
import { map } from "rxjs/operators"; import { map } from 'rxjs/operators';
import { Logger } from "src/app/service/logger.service"; import { Logger } from 'src/app/service/logger.service';
const log = new Logger("AuthService"); const log = new Logger('AuthService');
@Injectable({ @Injectable({
providedIn: "root", providedIn: 'root',
}) })
export class AuthService { export class AuthService {
protected anyPermissionForAdminPage = [ protected anyPermissionForAdminPage = [
@ -23,7 +23,7 @@ export class AuthService {
constructor( constructor(
private apollo: Apollo, private apollo: Apollo,
private keycloakService: KeycloakService, private keycloakService: KeycloakService
) {} ) {}
private requestUser() { private requestUser() {
@ -60,11 +60,11 @@ export class AuthService {
permission, permission,
}, },
}) })
.pipe(map((result) => result.data.userHasPermission)); .pipe(map(result => result.data.userHasPermission));
} }
private userHasAnyPermission( private userHasAnyPermission(
permissions: PermissionsEnum[], permissions: PermissionsEnum[]
): Observable<boolean> { ): Observable<boolean> {
return this.apollo return this.apollo
.query<{ userHasAnyPermission: boolean }>({ .query<{ userHasAnyPermission: boolean }>({
@ -77,7 +77,7 @@ export class AuthService {
permissions, permissions,
}, },
}) })
.pipe(map((result) => result.data.userHasAnyPermission)); .pipe(map(result => result.data.userHasAnyPermission));
} }
loadUser() { loadUser() {
@ -88,8 +88,8 @@ export class AuthService {
return; return;
} }
this.requestUser().subscribe((result) => { this.requestUser().subscribe(result => {
log.info("User loaded"); log.info('User loaded');
this.user$.next(result.data.user); this.user$.next(result.data.user);
}); });
} }
@ -111,18 +111,15 @@ export class AuthService {
if (!this.user$.value) return false; if (!this.user$.value) return false;
const userPermissions = this.user$.value.roles const userPermissions = this.user$.value.roles
.map((role) => (role.permissions ?? []).map((p) => p.name)) .map(role => (role.permissions ?? []).map(p => p.name))
.flat(); .flat();
return permissions.every((permission) => return permissions.some(permission => userPermissions.includes(permission));
userPermissions.includes(permission),
);
} }
async hasAnyPermissionLazy(permissions: PermissionsEnum[]): Promise<boolean> { async hasAnyPermissionLazy(permissions: PermissionsEnum[]): Promise<boolean> {
if (this.user$.value && this.user$.value.roles) { if (this.user$.value && this.user$.value.roles) {
return this.hasAnyPermission(permissions); return this.hasAnyPermission(permissions);
} }
return await firstValueFrom(this.userHasAnyPermission(permissions)); return await firstValueFrom(this.userHasAnyPermission(permissions));
} }
@ -130,7 +127,7 @@ export class AuthService {
if (!this.user$.value) return false; if (!this.user$.value) return false;
const permissions = this.user$.value.roles const permissions = this.user$.value.roles
.map((role) => (role.permissions ?? []).map((p) => p.name)) .map(role => (role.permissions ?? []).map(p => p.name))
.flat(); .flat();
return permissions.includes(permission); return permissions.includes(permission);
} }

48
web/src/app/service/error-handling.service.ts
View File

@ -1,22 +1,22 @@
import { TranslateService } from "@ngx-translate/core"; import { TranslateService } from '@ngx-translate/core';
import { Logger } from "src/app/service/logger.service"; import { Logger } from 'src/app/service/logger.service';
import { ErrorHandler, Injectable } from "@angular/core"; import { ErrorHandler, Injectable } from '@angular/core';
import { ToastService } from "src/app/service/toast.service"; import { ToastService } from 'src/app/service/toast.service';
import { HttpErrorResponse } from "@angular/common/http"; import { HttpErrorResponse } from '@angular/common/http';
import { ApolloError } from "@apollo/client/errors"; import { ApolloError } from '@apollo/client/errors';
import { MissingPermissionException } from "src/app/model/utils/error"; import { MissingPermissionException } from 'src/app/model/utils/error';
import { GraphQLError } from "graphql/error/GraphQLError"; import { GraphQLError } from 'graphql/error/GraphQLError';
import { ToastOptions } from "src/app/model/utils/toast-options"; import { ToastOptions } from 'src/app/model/utils/toast-options';
const logger = new Logger("ErrorHandler"); const logger = new Logger('ErrorHandler');
@Injectable({ @Injectable({
providedIn: "root", providedIn: 'root',
}) })
export class ErrorHandlingService implements ErrorHandler { export class ErrorHandlingService implements ErrorHandler {
constructor( constructor(
private t: TranslateService, private t: TranslateService,
private toast: ToastService, private toast: ToastService
) {} ) {}
handleError(error: HttpErrorResponse | ApolloError) { handleError(error: HttpErrorResponse | ApolloError) {
@ -30,7 +30,7 @@ export class ErrorHandlingService implements ErrorHandler {
return; return;
} }
console.error(error); console.error(error);
// this.handleHttpError(error); this.handleHttpError(error);
} }
private handleHttpError(e: HttpErrorResponse) { private handleHttpError(e: HttpErrorResponse) {
@ -40,14 +40,14 @@ export class ErrorHandlingService implements ErrorHandler {
error?: string; error?: string;
options?: ToastOptions; options?: ToastOptions;
} = { } = {
summary: this.t.instant("common.error"), summary: this.t.instant('common.error'),
detail: e.message, detail: e.message,
}; };
if (e.status === 401) { if (e.status === 401) {
toast = { toast = {
summary: this.t.instant("common.error"), summary: this.t.instant('common.error'),
detail: this.t.instant("error.unauthorized"), detail: this.t.instant('error.unauthorized'),
}; };
} }
@ -57,15 +57,15 @@ export class ErrorHandlingService implements ErrorHandler {
.permissions; .permissions;
toast = { toast = {
summary: this.t.instant("common.error"), summary: this.t.instant('common.error'),
detail: this.t.instant("error.missing_permissions", { detail: this.t.instant('error.missing_permissions', {
permissions: missingPermissions.join(", "), permissions: missingPermissions.join(', '),
}), }),
}; };
} else { } else {
toast = { toast = {
summary: this.t.instant("common.error"), summary: this.t.instant('common.error'),
detail: this.t.instant("error.permission_denied"), detail: this.t.instant('error.permission_denied'),
}; };
} }
} }
@ -73,7 +73,7 @@ export class ErrorHandlingService implements ErrorHandler {
if (e.status === 500 && e.error && e.error.errors) { if (e.status === 500 && e.error && e.error.errors) {
if (e.error.errors.length > 0) { if (e.error.errors.length > 0) {
toast = { toast = {
summary: this.t.instant("common.api_error"), summary: this.t.instant('common.api_error'),
detail: e.error.errors[0].message, detail: e.error.errors[0].message,
}; };
} }
@ -86,8 +86,8 @@ export class ErrorHandlingService implements ErrorHandler {
private handleGraphQlErrors(errors: GraphQLError[]) { private handleGraphQlErrors(errors: GraphQLError[]) {
errors.forEach((e: GraphQLError) => { errors.forEach((e: GraphQLError) => {
this.toast.error( this.toast.error(
this.t.instant("common.api_error"), this.t.instant('common.api_error'),
`${e.message}${e.path ? " " + e.path.join(".") : ""}`, `${e.message}${e.path ? ' ' + e.path.join('.') : ''}`
); );
}); });
} }

1
web/src/app/service/sidebar.service.ts
View File

@ -50,6 +50,7 @@ export class SidebarService {
routerLink: ['/admin/urls'], routerLink: ['/admin/urls'],
visible: await this.auth.hasAnyPermissionLazy([ visible: await this.auth.hasAnyPermissionLazy([
PermissionsEnum.shortUrls, PermissionsEnum.shortUrls,
PermissionsEnum.shortUrlsByAssignment,
]), ]),
}, },
await this.groupAdministration(), await this.groupAdministration(),

6
web/src/assets/i18n/de.json
View File

@ -116,6 +116,7 @@
"roles.delete": "Löschen", "roles.delete": "Löschen",
"roles.update": "Bearbeiten", "roles.update": "Bearbeiten",
"short_urls": "Kurz-URLs", "short_urls": "Kurz-URLs",
"short_urls.by_assignment": "Zuweisung",
"short_urls.create": "Erstellen", "short_urls.create": "Erstellen",
"short_urls.delete": "Löschen", "short_urls.delete": "Löschen",
"short_urls.update": "Bearbeiten", "short_urls.update": "Bearbeiten",
@ -127,6 +128,11 @@
"qr": { "qr": {
"width": "Breite" "width": "Breite"
}, },
"permission_descriptions": {
"users.update": "Benutzer inkl. der Rollen ändern",
"short_urls": "Alle URLs sehen",
"short_urls.by_assignment": "Alle Kurz-URLs anzeigen, die einer Gruppe nach Rolle zugewiesen sind"
},
"role": { "role": {
"count_header": "Rolle(n)" "count_header": "Rolle(n)"
}, },

6
web/src/assets/i18n/en.json
View File

@ -116,6 +116,7 @@
"roles.delete": "Delete", "roles.delete": "Delete",
"roles.update": "Update", "roles.update": "Update",
"short_urls": "Short URLs", "short_urls": "Short URLs",
"short_urls.by_assignment": "By assignment",
"short_urls.create": "Create", "short_urls.create": "Create",
"short_urls.delete": "Delete", "short_urls.delete": "Delete",
"short_urls.update": "Update", "short_urls.update": "Update",
@ -124,6 +125,11 @@
"users.delete": "Delete", "users.delete": "Delete",
"users.update": "Update" "users.update": "Update"
}, },
"permission_descriptions": {
"users.update": "Change users including their roles",
"short_urls": "See all URLs",
"short_urls.by_assignment": "See all short urls assigned to a group by role"
},
"qr": { "qr": {
"width": "Width" "width": "Width"
}, },