rero · zannkukai · Jun 25, 2020 · Jun 15, 2020
diff --git a/projects/admin/src/app/routes/patrons-route.ts b/projects/admin/src/app/routes/patrons-route.ts
@@ -14,7 +14,10 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
+import { FormlyFieldConfig } from '@ngx-formly/core';
 import { DetailComponent, EditorComponent, RecordSearchComponent, RouteInterface } from '@rero/ng-core';
+import { JSONSchema7 } from 'json-schema';
+import { map } from 'rxjs/operators';
 import { CanUpdateGuard } from '../guard/can-update.guard';
 import { PatronsBriefViewComponent } from '../record/brief-view/patrons-brief-view.component';
 import { PatronDetailViewComponent } from '../record/detail-view/patron-detail-view/patron-detail-view.component';
@@ -58,6 +61,9 @@ export class PatronsRoute extends BaseRoute implements RouteInterface {
               }
               return record;
             },
+            formFieldMap: (field: FormlyFieldConfig, jsonSchema: JSONSchema7): FormlyFieldConfig => {
+              return this._limitUserFormField(field, jsonSchema);
+            },
             // use simple query for UI search
             preFilters: {
               simple: 1
@@ -68,4 +74,47 @@ export class PatronsRoute extends BaseRoute implements RouteInterface {
       }
     };
   }
+
+  /** Limit some field from user editor.
+   *
+   * @param field - FormlyFieldConfig
+   * @param jsonSchema - JSONSchema7
+   * @return FormlyFieldConfig
+   */
+  private _limitUserFormField(field: FormlyFieldConfig, jsonSchema: JSONSchema7): FormlyFieldConfig {
+    const formOptions = jsonSchema.form;
+    // ROLES FIELD MANAGEMENT ---------------------------------
+    //   Depending of current user, the roles user can managed could be restricted.
+    //   Call the 'role_management' API filter allowed roles. If user cannot manage a role, then this role
+    //   will be disabled.  We can't hide the restricted role because if the edited user has already this role
+    //   this information will be lost on save !
+    if (formOptions && formOptions.fieldMap === 'roles') {
+      const values = Object.assign([], field.templateOptions.options);  // create a clone of original values
+      field.templateOptions.options = this._routeToolService.recordPermissionService.getRolesManagementPermissions().pipe(
+        map(results => {
+          values.forEach((role: any) => role.disabled = !results.allowed_roles.includes(role.value));
+          return values;
+        })
+      );
+    }
+
+    // LIBRARY MANAGEMENT -------------------------------------
+    //   If current logged user doesn't have the 'system_librarian' role, then the only library available
+    //   should be the current_user.current_library. Set default value for library select the current_library URI
+    //   and disable the field (so the user can't change/manage other libraries)
+    if (formOptions && formOptions.fieldMap === 'library') {
+      if (!this._routeToolService.userService.hasRole('system_librarian')) {
+        if (!field.hasOwnProperty('templateOptions')) {
+          field.templateOptions = {};
+        }
+        const currentLibraryEndpoint = this._routeToolService.apiService.getRefEndpoint(
+          'libraries',
+          this._routeToolService.userService.getCurrentUser().getCurrentLibrary()
+        );
+        field.templateOptions.disabled = true;
+        field.fieldGroup[0].defaultValue = currentLibraryEndpoint;
+      }
+    }
+    return field;
+  }
 }
diff --git a/projects/admin/src/app/routes/route-tool.service.ts b/projects/admin/src/app/routes/route-tool.service.ts
@@ -63,6 +63,13 @@ export class RouteToolService {
     return this._recordService;
   }
 
+  /**
+   * @return recordPermissionService
+   */
+  get recordPermissionService() {
+    return this._recordPermissionService;
+  }
+
   /**
    * @return datePipe
    */

diff --git a/projects/admin/src/app/service/record-permission.service.ts b/projects/admin/src/app/service/record-permission.service.ts
@@ -18,6 +18,8 @@ import { I18nPluralPipe, NgLocaleLocalization } from '@angular/common';
 import { HttpClient, HttpHeaders } from '@angular/common/http';
 import { Injectable } from '@angular/core';
 import { TranslateService } from '@ngx-translate/core';
+import { Observable } from 'rxjs';
+import { map } from 'rxjs/operators';
 
 @Injectable({
   providedIn: 'root'
@@ -54,6 +56,15 @@ export class RecordPermissionService {
     return this._httpClient.get<RecordPermission>(url, this._httpOptions);
   }
 
+
+  /**
+   * Get roles that the current user can manage
+   * @return an observable on allowed roles management
+   */
+  getRolesManagementPermissions(): Observable<any> {
+    return this._httpClient.get('api/patrons/roles_management_permissions', this._httpOptions);
+  }
+
   /**
    * Generate tooltip messages
    * @param reasons - Object with reasons to insert into the tooltip