Cb 4694 te admin can assign his own team (#2391)

* CB-4716 admin can manage his own team * CB-4717 allow team assigning in distributed mode --------- Co-authored-by: Aleksandr Skoblikov <[email protected]> Co-authored-by: kseniaguzeeva <[email protected]>
dbeaver · Feb 23, 2024 · 888b29c · 888b29c
1 parent 9b050aa
commit 888b29c
Show file tree

Hide file tree

Showing 8 changed files with 56 additions and 38 deletions.
diff --git a/...s/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java b/...s/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java
@@ -33,6 +33,7 @@
 import io.cloudbeaver.service.DBWServiceServerConfigurator;
 import io.cloudbeaver.service.admin.*;
 import io.cloudbeaver.service.security.SMUtils;
+import io.cloudbeaver.utils.WebAppUtils;
 import org.jkiss.code.NotNull;
 import org.jkiss.code.Nullable;
 import org.jkiss.dbeaver.DBException;
@@ -257,7 +258,9 @@ public boolean grantUserTeam(@NotNull WebSession webSession, String user, String
         if (grantor == null) {
             throw new DBWebException("Cannot grant team in anonymous mode");
         }
-        if (CommonUtils.equalObjects(user, webSession.getUser().getUserId())) {
+        if (!WebAppUtils.getWebApplication().isDistributed()
+            && CommonUtils.equalObjects(user, webSession.getUser().getUserId())
+        ) {
             throw new DBWebException("You cannot edit your own permissions");
         }
         try {
@@ -281,7 +284,9 @@ public boolean revokeUserTeam(@NotNull WebSession webSession, String user, Strin
         if (grantor == null) {
             throw new DBWebException("Cannot revoke team in anonymous mode");
         }
-        if (CommonUtils.equalObjects(user, webSession.getUser().getUserId())) {
+        if (!WebAppUtils.getWebApplication().isDistributed() &&
+            CommonUtils.equalObjects(user, webSession.getUser().getUserId())
+        ) {
             throw new DBWebException("You cannot edit your own permissions");
         }
         try {

diff --git a/webapp/packages/core-localization/src/locales/en.ts b/webapp/packages/core-localization/src/locales/en.ts
@@ -114,6 +114,7 @@ export default [
   ['ui_readonly', 'Read-only'],
   ['ui_test', 'Test'],
   ['ui_export', 'Export'],
+  ['ui_you', 'You'],
 
   ['root_permission_denied', "You don't have permissions"],
   ['root_permission_no_permission', "You don't have permission for this action"],

diff --git a/webapp/packages/core-localization/src/locales/it.ts b/webapp/packages/core-localization/src/locales/it.ts
@@ -104,6 +104,7 @@ export default [
   ['ui_readonly', 'In sola lettura'],
   ['ui_test', 'Test'],
   ['ui_export', 'Export'],
+  ['ui_you', 'You'],
 
   ['root_permission_denied', 'Non hai i permessi'],
   ['app_root_session_expire_warning_title', 'La sessione sta per scadere'],

diff --git a/webapp/packages/core-localization/src/locales/ru.ts b/webapp/packages/core-localization/src/locales/ru.ts
@@ -110,6 +110,7 @@ export default [
   ['ui_readonly', 'Доступно только для чтения'],
   ['ui_test', 'Проверить'],
   ['ui_export', 'Экспорт'],
+  ['ui_you', 'Вы'],
 
   ['root_permission_denied', 'Отказано в доступе'],
   ['root_permission_no_permission', 'У вас нет разрешения на это действие'],

diff --git a/webapp/packages/core-localization/src/locales/zh.ts b/webapp/packages/core-localization/src/locales/zh.ts
@@ -111,6 +111,7 @@ export default [
   ['ui_readonly', '只读'],
   ['ui_test', 'Test'],
   ['ui_export', 'Export'],
+  ['ui_you', 'You'],
 
   ['root_permission_denied', '您没有权限'],
   ['root_permission_no_permission', '您没有权限执行此操作'],

diff --git a/...entication-administration/src/Administration/Users/Teams/GrantedUsers/GrantedUserList.tsx b/...entication-administration/src/Administration/Users/Teams/GrantedUsers/GrantedUserList.tsx
@@ -26,6 +26,7 @@ import {
 } from '@cloudbeaver/core-blocks';
 import { useService } from '@cloudbeaver/core-di';
 import type { TLocalizationToken } from '@cloudbeaver/core-localization';
+import { ServerConfigResource } from '@cloudbeaver/core-root';
 import type { AdminUserInfoFragment } from '@cloudbeaver/core-sdk';
 
 import { getFilteredUsers } from './getFilteredUsers';
@@ -47,6 +48,7 @@ export const GrantedUserList = observer<Props>(function GrantedUserList({ grante
   const translate = useTranslate();
 
   const usersResource = useService(UsersResource);
+  const serverConfigResource = useService(ServerConfigResource);
 
   const [selectedSubjects] = useState<Map<any, boolean>>(() => observable(new Map()));
   const [filterState] = useState<IFilterState>(() => observable({ filterValue: '' }));
@@ -70,6 +72,14 @@ export const GrantedUserList = observer<Props>(function GrantedUserList({ grante
     }
   }
 
+  function isEditable(userId: string) {
+    if (serverConfigResource.distributed) {
+      return true;
+    }
+
+    return !usersResource.isActiveUser(userId);
+  }
+
   return (
     <Group className={s(styles, { box: true })} box medium overflow>
       <div className={s(styles, { innerBox: true })}>
@@ -82,33 +92,25 @@ export const GrantedUserList = observer<Props>(function GrantedUserList({ grante
           </Button>
         </GrantedUsersTableHeader>
         <div className={s(styles, { tableBox: true })}>
-          <Table
-            className={s(styles, { table: true })}
-            keys={keys}
-            selectedItems={selectedSubjects}
-            isItemSelectable={item => !usersResource.isActiveUser(item)}
-          >
+          <Table className={s(styles, { table: true })} keys={keys} selectedItems={selectedSubjects} isItemSelectable={item => isEditable(item)}>
             <GrantedUsersTableInnerHeader disabled={disabled} />
             <TableBody>
               {tableInfoText && (
                 <TableItem item="tableInfo" selectDisabled>
                   <TableColumnValue colSpan={5}>{translate(tableInfoText)}</TableColumnValue>
                 </TableItem>
               )}
-              {users.map(user => {
-                const activeUser = usersResource.isActiveUser(user.userId);
-                return (
-                  <GrantedUsersTableItem
-                    key={user.userId}
-                    id={user.userId}
-                    name={`${user.userId}${activeUser ? ' (you)' : ''}`}
-                    tooltip={activeUser ? translate('administration_teams_team_granted_users_permission_denied') : user.userId}
-                    icon="/icons/user.svg"
-                    iconTooltip={translate('authentication_user_icon_tooltip')}
-                    disabled={disabled}
-                  />
-                );
-              })}
+              {users.map(user => (
+                <GrantedUsersTableItem
+                  key={user.userId}
+                  id={user.userId}
+                  name={`${user.userId}${usersResource.isActiveUser(user.userId) ? ` (${translate('ui_you')})` : ''}`}
+                  tooltip={isEditable(user.userId) ? user.userId : translate('administration_teams_team_granted_users_permission_denied')}
+                  icon="/icons/user.svg"
+                  iconTooltip={translate('authentication_user_icon_tooltip')}
+                  disabled={disabled}
+                />
+              ))}
             </TableBody>
           </Table>
         </div>

diff --git a/...in-authentication-administration/src/Administration/Users/Teams/GrantedUsers/UserList.tsx b/...in-authentication-administration/src/Administration/Users/Teams/GrantedUsers/UserList.tsx
@@ -25,6 +25,7 @@ import {
   useTranslate,
 } from '@cloudbeaver/core-blocks';
 import { useService } from '@cloudbeaver/core-di';
+import { ServerConfigResource } from '@cloudbeaver/core-root';
 import type { AdminUserInfoFragment } from '@cloudbeaver/core-sdk';
 
 import { getFilteredUsers } from './getFilteredUsers';
@@ -46,6 +47,7 @@ export const UserList = observer<Props>(function UserList({ userList, grantedUse
   const translate = useTranslate();
 
   const usersResource = useService(UsersResource);
+  const serverConfigResource = useService(ServerConfigResource);
 
   const [selectedSubjects] = useState<Map<any, boolean>>(() => observable(new Map()));
   const [filterState] = useState<IFilterState>(() => observable({ filterValue: '' }));
@@ -60,6 +62,14 @@ export const UserList = observer<Props>(function UserList({ userList, grantedUse
     selectedSubjects.clear();
   }, []);
 
+  function isEditable(userId: string) {
+    if (serverConfigResource.distributed) {
+      return true;
+    }
+
+    return !usersResource.isActiveUser(userId);
+  }
+
   return (
     <Group className={s(styles, { box: true })} box medium overflow>
       <div className={s(styles, { innerBox: true })}>
@@ -73,7 +83,7 @@ export const UserList = observer<Props>(function UserList({ userList, grantedUse
             className={s(styles, { table: true })}
             keys={keys}
             selectedItems={selectedSubjects}
-            isItemSelectable={item => !(usersResource.isActiveUser(item) || grantedUsers.includes(item))}
+            isItemSelectable={item => isEditable(item) && !grantedUsers.includes(item)}
           >
             <GrantedUsersTableInnerHeader disabled={disabled} />
             <TableBody>
@@ -82,20 +92,17 @@ export const UserList = observer<Props>(function UserList({ userList, grantedUse
                   <TableColumnValue colSpan={5}>{translate('ui_search_no_result_placeholder')}</TableColumnValue>
                 </TableItem>
               )}
-              {users.map(user => {
-                const activeUser = usersResource.isActiveUser(user.userId);
-                return (
-                  <GrantedUsersTableItem
-                    key={user.userId}
-                    id={user.userId}
-                    name={`${user.userId}${activeUser ? ' (you)' : ''}`}
-                    tooltip={activeUser ? translate('administration_teams_team_granted_users_permission_denied') : user.userId}
-                    icon="/icons/user.svg"
-                    iconTooltip={translate('authentication_user_icon_tooltip')}
-                    disabled={disabled}
-                  />
-                );
-              })}
+              {users.map(user => (
+                <GrantedUsersTableItem
+                  key={user.userId}
+                  id={user.userId}
+                  name={`${user.userId}${usersResource.isActiveUser(user.userId) ? ` (${translate('ui_you')})` : ''}`}
+                  tooltip={isEditable(user.userId) ? user.userId : translate('administration_teams_team_granted_users_permission_denied')}
+                  icon="/icons/user.svg"
+                  iconTooltip={translate('authentication_user_icon_tooltip')}
+                  disabled={disabled}
+                />
+              ))}
             </TableBody>
           </Table>
         </div>

diff --git a/...ackages/plugin-authentication-administration/src/Administration/Users/UsersTable/User.tsx b/...ackages/plugin-authentication-administration/src/Administration/Users/UsersTable/User.tsx
@@ -36,7 +36,6 @@ interface Props {
 
 export const User = observer<Props>(function User({ user, displayAuthRole, selectable }) {
   const usersAdministrationService = useService(UsersAdministrationService);
-  const teams = user.grantedTeams.join(', ');
   const usersService = useService(UsersResource);
   const notificationService = useService(NotificationService);
   const administrationUsersManagementService = useService(AdministrationUsersManagementService);
@@ -57,6 +56,7 @@ export const User = observer<Props>(function User({ user, displayAuthRole, selec
     : undefined;
 
   const userManagementDisabled = administrationUsersManagementService.externalUserProviderEnabled;
+  const teams = user.grantedTeams.join(', ');
 
   return (
     <TableItem item={user.userId} expandElement={UserEdit} selectDisabled={!selectable}>