Merge pull request #117 from netgrif/release/6.2.2

Release 6.2.2

Author: machacjozef

CHANGELOG.md

@@ -5,7 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres
 to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-Full Changelog: [https://github.com/netgrif/components/commits/v6.2.1](https://github.com/netgrif/components/commits/v6.2.1)
+Full Changelog: [https://github.com/netgrif/components/commits/v6.2.2](https://github.com/netgrif/components/commits/v6.2.2)
+
+## [6.2.2](https://github.com/netgrif/components/releases/tag/v6.2.2) (2022-09-28)
+
+### Fixed
+
+- [NAE-1693] TaskController deleteFile endpoint lacks data about tasks
+- [NAE-1712] Advanced search in case of date operators is blinking (very quickly opening and closing)
+- [NAE-1713] Advanced search searching based on case data does not work
+- [NAE-1715] Currency component not working properly
+- [NAE-1716] Autocomplete component not working properly on enumration_map field
+- [NAE-1717] Banned roles not hiding menu entries
+- [NAE-1721] Create case event bad handling on frontend
+- [NAE-1724] Incorrect german translation
+
 
 ## [6.2.1](https://github.com/netgrif/components/releases/tag/v6.2.1) (2022-09-15)
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@netgrif/components-project",
-    "version": "6.2.1",
+    "version": "6.2.2-rc.1",
     "description": "Netgrif Application Engine Frontend project. Project includes angular libraries as base for NAE applications.",
     "homepage": "https://components.netgrif.com",
     "license": "SEE LICENSE IN LICENSE",

projects/netgrif-components-core/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@netgrif/components-core",
-    "version": "6.2.1",
+    "version": "6.2.2-rc.1",
     "description": "Netgrif Application engine frontend core Angular library",
     "homepage": "https://components.netgrif.com",
     "license": "SEE LICENSE IN LICENSE",

projects/netgrif-components-core/src/assets/i18n/de.json

@@ -87,14 +87,15 @@
             "errThird": "Sie müssen eine Farbe auswählen.",
             "noNets": "Es gibt keine erlaubte Netze",
             "createCase": "Neuen Fall würde erfolgreich erzeugt",
-            "defaultCaseName": "mit einem Standardfallnamen"
+            "defaultCaseName": "mit einem Standardfallnamen",
+            "createCaseError": "Neuer Fall wurde erstellt, aber beim Ausführen von Aktionen ist ein Fehler aufgetreten"
         },
         "user": {
-            "assign": "Benützer zuweisen",
-            "choose": "Benützer auswählen",
-            "noUser": "Es gibt keine Benützer",
-            "err": "Beim laden der Benützer ist eine Fehler aufgetreten",
-            "showcase": "Benützeransichtmodus ist nicht ausgewählt!"
+            "assign": "Benutzer zuweisen",
+            "choose": "Benutzer auswählen",
+            "noUser": "Es gibt keine Benutzer",
+            "err": "Beim laden der Benutzer ist eine Fehler aufgetreten",
+            "showcase": "Die Benutzeransicht ist nicht gesetzt!"
         },
         "ldapGroup": {
             "choose": "LDAP-Gruppe suchen",
@@ -288,8 +289,8 @@
             "enterEmail": "Ihre E-Mail Adresse eingeben"
         },
         "login": {
-            "length": "Das Benützername muss mindestens 4 Zeichen enthalten",
-            "login": "Benützername",
+            "length": "Das Benutzername muss mindestens 4 Zeichen enthalten",
+            "login": "Benutzername",
             "wrongCredentials": "Falsche Anmeldeinformationen!",
             "loginButton": "Anmelden",
             "reset": "Kennwort wiederherstellen",

projects/netgrif-components-core/src/assets/i18n/en.json

@@ -87,7 +87,8 @@
             "errThird": "Color is required.",
             "noNets": "No allowed Nets",
             "createCase": "Successful create new case",
-            "defaultCaseName": "with default case name"
+            "defaultCaseName": "with default case name",
+            "createCaseError": "A new case was created, but an error occurred while executing actions"
         },
         "user": {
             "assign": "User Assign",

projects/netgrif-components-core/src/assets/i18n/sk.json

@@ -87,7 +87,8 @@
             "errThird": "Farba je povinné pole.",
             "noNets": "Žiadne povolené siete",
             "createCase": "Úspešne vytvorený nový prípad",
-            "defaultCaseName": "s prednastaveným názvom prípadu"
+            "defaultCaseName": "s prednastaveným názvom prípadu",
+            "createCaseError": "Nový prípad vytvorený, nastala však chyba pri vykonávaní akcií"
         },
         "user": {
             "assign": "Priradiť používateľa",

projects/netgrif-components-core/src/commons/schema.ts

@@ -245,6 +245,7 @@ export interface Access {
      *  For `string` values the format is: <net import id>.<role name>
      */
     role?: Array<string> | string | RoleAccess | Array<RoleAccess>;
+    bannedRole?: Array<string> | string | RoleAccess | Array<RoleAccess>;
     group?: Array<string> | string;
     authority?: Array<string> | string;
 

projects/netgrif-components-core/src/lib/authorization/permission/access.service.ts

@@ -56,7 +56,7 @@ export class AccessService {
      * @returns whether the user passes the role guard condition for accessing the specified view
      */
     public passesRoleGuard(view: View, url: string): boolean {
-        return !view.access.hasOwnProperty('role') || this._roleGuard.canAccessView(view, url);
+        return (!view.access.hasOwnProperty('role') && !view.access.hasOwnProperty('bannedRole')) || this._roleGuard.canAccessView(view, url);
     }
 
     /**

projects/netgrif-components-core/src/lib/authorization/role/role-guard.service.spec.ts

@@ -0,0 +1,94 @@
+import {TestBed} from '@angular/core/testing';
+
+import {MaterialModule} from "../../material/material.module";
+import {CommonModule} from "@angular/common";
+import {FlexModule} from "@angular/flex-layout";
+import {BrowserAnimationsModule, NoopAnimationsModule} from "@angular/platform-browser/animations";
+import {TranslateLibModule} from "../../translate/translate-lib.module";
+import {HttpClientTestingModule} from "@angular/common/http/testing";
+import {UserService} from "../../user/services/user.service";
+import {MockUserService} from "../../utility/tests/mocks/mock-user.service";
+import { Injectable, NO_ERRORS_SCHEMA } from '@angular/core';
+import {ConfigurationService} from "../../configuration/configuration.service";
+import {TestConfigurationService} from "../../utility/tests/test-config";
+import {AuthenticationModule} from "../../authentication/authentication.module";
+import {RouterTestingModule} from "@angular/router/testing";
+import { RoleGuardService } from './role-guard.service';
+import { Access, View } from '../../../commons/schema';
+import { User } from '../../user/models/user';
+
+describe('RoleGuardService', () => {
+    let service: RoleGuardService;
+
+    beforeEach(() => {
+        TestBed.configureTestingModule({
+            imports: [
+                MaterialModule,
+                CommonModule,
+                FlexModule,
+                NoopAnimationsModule,
+                BrowserAnimationsModule,
+                TranslateLibModule,
+                HttpClientTestingModule,
+                AuthenticationModule,
+                RouterTestingModule.withRoutes([]),
+            ],
+            providers: [
+                RoleGuardService,
+                {provide: ConfigurationService, useClass: TestConfigurationService},
+                {provide: UserService, useClass: CustomMockUserService},
+            ],
+            declarations: [],
+            schemas: [NO_ERRORS_SCHEMA]
+        });
+        service = TestBed.inject(RoleGuardService);
+    });
+
+    it('should be created', () => {
+        expect(service).toBeTruthy();
+    });
+
+    it('should access view with role only', () => {
+        const view = {access: {role: ['test.role_user']} as Access} as View
+        expect(service.canAccessView(view, 'test')).toBeTrue();
+    });
+
+    it('should not access view', () => {
+        const view = {access: {role: [], bannedRole: []} as Access} as View
+        expect(service.canAccessView(view, 'test')).toBeFalse();
+    });
+
+    it('should not access view with banned role only', () => {
+        const view = {access: {bannedRole: ['test.banned_role']} as Access} as View
+        expect(service.canAccessView(view, 'test')).toBeFalse();
+    });
+
+    it('should not access view with role and banned role', () => {
+        const view = {access: {role: ['test.role_user'], bannedRole: ['test.banned_role']} as Access} as View
+        expect(service.canAccessView(view, 'test')).toBeFalse();
+    });
+});
+
+@Injectable()
+class CustomMockUserService extends MockUserService {
+    constructor() {
+        super();
+        this._user = new User('123', 'test@netgrif.com', 'Test', 'User', ['ROLE_USER'], [{
+            stringId: 'role_user',
+            name: 'role_user',
+            description: '',
+            importId: 'role_user',
+            netImportId: 'test',
+            netVersion: '1.0.0',
+            netStringId: 'test',
+        },{
+            stringId: 'banned_role',
+            name: 'banned_role',
+            description: '',
+            importId: 'banned_role',
+            netImportId: 'test',
+            netVersion: '1.0.0',
+            netStringId: 'test',
+        } ]);
+    }
+}

projects/netgrif-components-core/src/lib/authorization/role/role-guard.service.ts

@@ -37,29 +37,51 @@ export class RoleGuardService implements CanActivate {
     }
 
     public canAccessView(view: View, url: string): boolean {
-        if (typeof view.access !== 'string' && view.access.hasOwnProperty('role')) {
-            const allowedRoles = this.parseRoleConstraints(view.access.role, url);
-
-            return allowedRoles.some(constraint => {
-                if (constraint.roleIdentifier) {
-                    return this._userService.hasRoleByIdentifier(constraint.roleIdentifier, constraint.processIdentifier);
-                } else {
-                    return this._userService.hasRoleByName(constraint.roleName, constraint.processIdentifier);
+        if (typeof view.access !== 'string' && (view.access.hasOwnProperty('role') || view.access.hasOwnProperty('bannedRole'))) {
+
+            if (view.access.hasOwnProperty('role') && view.access.hasOwnProperty('bannedRole')) {
+                const bannedRoles = this.parseRoleConstraints(view.access.bannedRole, url);
+                const allowedRoles = this.parseRoleConstraints(view.access.role, url);
+
+                if (bannedRoles.some(role => this.decideAccessByRole(role))) {
+                    return false;
+                }
+
+                if (allowedRoles.length === 0) {
+                    this._log.warn(`View at '${url}' defines role access constraint with an empty array!`
+                        + ` No users will be allowed to enter this view!`);
                 }
-            });
+                return allowedRoles.some(role => this.decideAccessByRole(role)); // user was not denied access by a banned role, they need at least one allowed role
+            }
+
+            if (view.access.hasOwnProperty('bannedRole')) {
+                const bannedRoles = this.parseRoleConstraints(view.access.bannedRole, url);
+                return !bannedRoles.some(constraint => {
+                    return this.decideAccessByRole(constraint);
+                });
+            }
+
+            if (view.access.hasOwnProperty('role')) {
+                const allowedRoles = this.parseRoleConstraints(view.access.role, url);
+                if (allowedRoles.length === 0) {
+                    this._log.warn(`View at '${url}' defines role access constraint with an empty array!`
+                        + ` No users will be allowed to enter this view!`);
+                }
+                return allowedRoles.some(constraint => {
+                    return this.decideAccessByRole(constraint);
+                });
+            }
         }
         throw new Error('Role guard is declared for a view with no role guard configuration!'
             + ` Add role guard configuration for view at ${url}, or remove the guard.`);
     }
 
-    protected parseRoleConstraints(roleConstrains: Access['role'], viewUrl: string): Array<RoleConstraint> {
+    protected parseRoleConstraints(roleConstrains: Access['role'] | Access['bannedRole'], viewUrl: string): Array<RoleConstraint> {
         if (typeof roleConstrains === 'string') {
             return this.parseStringRoleConstraints(roleConstrains);
         }
         if (Array.isArray(roleConstrains)) {
             if (roleConstrains.length === 0) {
-                this._log.warn(`View at '${viewUrl}' defines role access constraint with an empty array!`
-                    + ` No users will be allowed to enter this view!`);
                 return [];
             }
             if (typeof roleConstrains[0] === 'string') {
@@ -102,4 +124,12 @@ export class RoleGuardService implements CanActivate {
         });
     }
 
+    private decideAccessByRole(constraint: RoleConstraint): boolean {
+        if (constraint.roleIdentifier) {
+            return this._userService.hasRoleByIdentifier(constraint.roleIdentifier, constraint.processIdentifier);
+        } else {
+            return this._userService.hasRoleByName(constraint.roleName, constraint.processIdentifier);
+        }
+    }
+
 }