authorization: limit roles management using API

This commit restricts the role management for patrons using the role management API. Depending of the API result, some roles could be disabled into the role field. - Closes rero/rero-ils#930 Co-authored_by: Renaud Michotte <[email protected]>
rero · Jun 24, 2020 · b885e19 · b885e19
1 parent 5e42130
commit b885e19
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 0 deletions.
diff --git a/projects/admin/src/app/routes/patrons-route.ts b/projects/admin/src/app/routes/patrons-route.ts
@@ -14,7 +14,10 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
+import { FormlyFieldConfig } from '@ngx-formly/core';
 import { DetailComponent, EditorComponent, RecordSearchComponent, RouteInterface } from '@rero/ng-core';
+import { JSONSchema7 } from 'json-schema';
+import { map } from 'rxjs/operators';
 import { CanUpdateGuard } from '../guard/can-update.guard';
 import { PatronsBriefViewComponent } from '../record/brief-view/patrons-brief-view.component';
 import { PatronDetailViewComponent } from '../record/detail-view/patron-detail-view/patron-detail-view.component';
@@ -58,6 +61,11 @@ export class PatronsRoute extends BaseRoute implements RouteInterface {
               }
               return record;
             },
+            formFieldMap: (field: FormlyFieldConfig, jsonSchema: JSONSchema7): FormlyFieldConfig => {
+              // If the current logged user doens't have the 'system_librarian' role, then the user
+              // can't manage the role 'librarian' and 'system_librarian'
+              return this._limitRolesManagement(field, jsonSchema);
+            },
             // use simple query for UI search
             preFilters: {
               simple: 1
@@ -68,4 +76,24 @@ export class PatronsRoute extends BaseRoute implements RouteInterface {
       }
     };
   }
+
+  /** Limit the patron roles management.
+   *
+   * @param field - FormlyFieldConfig
+   * @param jsonSchema - JSONSchema7
+   * @return FormlyFieldConfig
+   */
+  private _limitRolesManagement(field: FormlyFieldConfig, jsonSchema: JSONSchema7): FormlyFieldConfig {
+    const formOptions = jsonSchema.form;
+    if (formOptions && formOptions.fieldMap === 'roles') {
+      const values = Object.assign([], field.templateOptions.options);  // create a clone of original values
+      field.templateOptions.options = this._routeToolService.recordPermissionService.getRolesManagementPermissions().pipe(
+        map(results => {
+          values.forEach((role: any) => role.disabled = !results.allowed_roles.includes(role.value));
+          return values;
+        })
+      );
+    }
+    return field;
+  }
 }
diff --git a/projects/admin/src/app/routes/route-tool.service.ts b/projects/admin/src/app/routes/route-tool.service.ts
@@ -63,6 +63,13 @@ export class RouteToolService {
     return this._recordService;
   }
 
+  /**
+   * @return recordPermissionService
+   */
+  get recordPermissionService() {
+    return this._recordPermissionService;
+  }
+
   /**
    * @return datePipe
    */

diff --git a/projects/admin/src/app/service/record-permission.service.ts b/projects/admin/src/app/service/record-permission.service.ts
@@ -18,6 +18,8 @@ import { I18nPluralPipe, NgLocaleLocalization } from '@angular/common';
 import { HttpClient, HttpHeaders } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 import { TranslateService } from '@ngx-translate/core';
+import { Observable } from 'rxjs';
+import { map } from 'rxjs/operators';
 
 @Injectable({
   providedIn: 'root'
@@ -54,6 +56,15 @@ export class RecordPermissionService {
     return this._httpClient.get<RecordPermission>(url, this._httpOptions);
   }
 
+
+  /**
+   * Get roles that the current user can manage
+   * @return an observable on allowed roles management
+   */
+  getRolesManagementPermissions(): Observable<any> {
+    return this._httpClient.get('api/patrons/roles_management_permissions', this._httpOptions);
+  }
+
   /**
    * Generate tooltip messages
    * @param reasons - Object with reasons to insert into the tooltip