Skip to content

Role rework #638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ChemMitch wants to merge 31 commits into
base: development_3.0
Choose a base branch
from
Open

Role rework #638

ChemMitch wants to merge 31 commits into from

Conversation

@ChemMitch
Copy link
Collaborator

@ChemMitch ChemMitch commented Oct 28, 2025
edited
Loading

Ready to merge now

ChemMitch added 25 commits October 3, 2025 15:28
@ChemMitch
calling /api/v1/allmyprivs instead of whoami to get roles.
69b5116 
Begun
@ChemMitch
got editing priv check to work in some cases
49edd67
@ChemMitch
made the change to additional files
1f607d3
@ChemMitch
similar changes to several additional files
e248743
@ChemMitch
start working on converting calls that explicitly check roles to calls
ae2c84f 
that check privileges
@ChemMitch
20+ files changed from checking roles to checking privs.
40fe50c 
Untested so far
@ChemMitch
isAdmin replaced in another 24 files
4dc4c42
@ChemMitch
removed isAdmin from most files
37e0fc6
@ChemMitch
assigning roles based on call to server for list of available role names
7edb09e
@ChemMitch
return roles when updating a user
9f996f4
@ChemMitch
user edit dialog works with role assignments again using roles
d9a69ba 
dynamically obtained from the serr
@ChemMitch
got moieties to display molecular formulas correctly.
aaeb0d0 
got user creation/editing to use configured roles
@ChemMitch
hide Approve button when user does not have the priv to approve
6a6873a
@ChemMitch
added more items to menu
a699680 
diagnostic logs
@ChemMitch
new protection on import route
7ce8d4d
@ChemMitch
make sure access to applications works
db4668b
@ChemMitch
updated protection on import page.
829c84c 
added a method to auth.service to allow checking a set of privileges
(any that match yields a true response)
@ChemMitch
on admin page, verify user privs before navigating to tabs
2e3ae9e
@ChemMitch
set up admin tabs so that those to which a user has no access (based on
bc7f1ff 
privs) are invisible
@ChemMitch
made the various 'can activate's make valid priv checks
7ceeb7e
@ChemMitch
clear out roles when user logs off
b2d8e3a
@ChemMitch
save roles when first creating user
1e0a357
@ChemMitch
minor tweaks
437b4eb
@ChemMitch
check privileges for the advanced features on the substance edit page
c016ccb
@ChemMitch
updated version to 3.1.4-SNAPSHOT
ee9340a
@ChemMitch ChemMitch changed the title WIP Role rework Role rework Jan 23, 2026
iaromoskviak
iaromoskviak requested changes Jan 27, 2026
View reviewed changes
src/app/core/admin/can-activate-admin.ts Outdated
console.log(' has priv to configure system');
return true;
} else {
this.router.parseUrl('/home');
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
this.router.parseUrl('/home');
return this.router.parseUrl('/home');

src/app/core/admin/can-activate-admin-page.ts Outdated
console.log('user CAN');
return true;
} else {
this.router.parseUrl('/home');
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
this.router.parseUrl('/home');
return this.router.parseUrl('/home');

src/app/core/admin/import-browse/import-browse.component.html Outdated
<a class = "mat-icon-button" aria-label = "edit substance" mat-icon-button [routerLink]="['/substances', substance.uuid, 'edit']" *ngIf="isAdmin"
matTooltip='edit record'>
<a class = "mat-icon-button" aria-label = "edit substance" mat-icon-button [routerLink]="['/substances', substance.uuid, 'edit']"
*ngIf="canImportData" matTooltip='edit record'>
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
*ngIf="canImportData" matTooltip='edit record'>
*ngIf="canUserImportData" matTooltip='edit record'>

src/app/core/admin/admin.component.ts Outdated
console.log(`in admin.component ngOnInit`);
await this.checkPrivileges();

this.activatedRoute.params.subscribe(routeParams => {
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we unsubscribe here?

src/app/core/auth/auth.service.ts Outdated
const privs = await firstValueFrom(this.fetchPrivs());
return privs.some(p => p.privilege === 'Edit');
}
return this._privileges != null && this._privileges.some(p=>p.privilege=="Edit");
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return this._privileges != null && this._privileges.some(p=>p.privilege=="Edit");
return this._privileges != null && this._privileges.some(p=>p.privilege=="Edit");

src/app/core/admin/can-import-data.ts
const auth = this.authService.getAuth();
if (auth) {
console.log(` got auth `);
const canImporNow = await this.authService.hasSpecificPrivilege("Import Data");
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const canImporNow = await this.authService.hasSpecificPrivilege("Import Data");
const canImportNow = await this.authService.hasSpecificPrivilege("Import Data");

src/app/core/admin/user-management/user-edit-dialog/user-edit-dialog.component.ts Outdated
response: any;
isError: boolean = false;
availableRoleNames: string[];
assignableRoles: any[];
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

type safety imporvement e.g.
interface AssignableRole {
roleName: string;
assigned: boolean;
}
assignableRoles: AssignableRole[];

iaromoskviak
iaromoskviak requested changes Jan 28, 2026
View reviewed changes
src/app/core/admin/admin.component.ts Outdated

default: this.activeTab = 0; break;
}
this.subscriptions.push(routeSub);
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're pushing subscription inside subscribe callback.That's wrong

src/app/core/admin/admin.component.ts
if( this.activeTab <= -1) {
this.router.navigate(['/home' ] );
}
});
Copy link
Collaborator

@iaromoskviak iaromoskviak Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should be after callback here.
this.subscriptions.push(routeSub);

When you fix that you can simplify ngOnDestroy back to:
ngOnDestroy() {
this.subscriptions.forEach(sub => sub?.unsubscribe());
}

And test it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iaromoskviak iaromoskviak iaromoskviak requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ChemMitch @iaromoskviak