From 888b29c63757c143d6f54eb30d30c390c165a4a2 Mon Sep 17 00:00:00 2001 From: alex <48489896+devnaumov@users.noreply.github.com> Date: Fri, 23 Feb 2024 15:47:39 +0100 Subject: [PATCH] Cb 4694 te admin can assign his own team (#2391) * CB-4716 admin can manage his own team * CB-4717 allow team assigning in distributed mode --------- Co-authored-by: Aleksandr Skoblikov Co-authored-by: kseniaguzeeva <112612526+kseniaguzeeva@users.noreply.github.com> --- .../service/admin/impl/WebServiceAdmin.java | 9 +++- .../core-localization/src/locales/en.ts | 1 + .../core-localization/src/locales/it.ts | 1 + .../core-localization/src/locales/ru.ts | 1 + .../core-localization/src/locales/zh.ts | 1 + .../Teams/GrantedUsers/GrantedUserList.tsx | 42 ++++++++++--------- .../Users/Teams/GrantedUsers/UserList.tsx | 37 +++++++++------- .../Administration/Users/UsersTable/User.tsx | 2 +- 8 files changed, 56 insertions(+), 38 deletions(-) diff --git a/server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java b/server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java index af94e9a4e9..69c203f7c8 100644 --- a/server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java +++ b/server/bundles/io.cloudbeaver.service.admin/src/io/cloudbeaver/service/admin/impl/WebServiceAdmin.java @@ -33,6 +33,7 @@ import io.cloudbeaver.service.DBWServiceServerConfigurator; import io.cloudbeaver.service.admin.*; import io.cloudbeaver.service.security.SMUtils; +import io.cloudbeaver.utils.WebAppUtils; import org.jkiss.code.NotNull; import org.jkiss.code.Nullable; import org.jkiss.dbeaver.DBException; @@ -257,7 +258,9 @@ public boolean grantUserTeam(@NotNull WebSession webSession, String user, String if (grantor == null) { throw new DBWebException("Cannot grant team in anonymous mode"); } - if (CommonUtils.equalObjects(user, webSession.getUser().getUserId())) { + if (!WebAppUtils.getWebApplication().isDistributed() + && CommonUtils.equalObjects(user, webSession.getUser().getUserId()) + ) { throw new DBWebException("You cannot edit your own permissions"); } try { @@ -281,7 +284,9 @@ public boolean revokeUserTeam(@NotNull WebSession webSession, String user, Strin if (grantor == null) { throw new DBWebException("Cannot revoke team in anonymous mode"); } - if (CommonUtils.equalObjects(user, webSession.getUser().getUserId())) { + if (!WebAppUtils.getWebApplication().isDistributed() && + CommonUtils.equalObjects(user, webSession.getUser().getUserId()) + ) { throw new DBWebException("You cannot edit your own permissions"); } try { diff --git a/webapp/packages/core-localization/src/locales/en.ts b/webapp/packages/core-localization/src/locales/en.ts index 7460c1e17c..fb8e36b3c3 100644 --- a/webapp/packages/core-localization/src/locales/en.ts +++ b/webapp/packages/core-localization/src/locales/en.ts @@ -114,6 +114,7 @@ export default [ ['ui_readonly', 'Read-only'], ['ui_test', 'Test'], ['ui_export', 'Export'], + ['ui_you', 'You'], ['root_permission_denied', "You don't have permissions"], ['root_permission_no_permission', "You don't have permission for this action"], diff --git a/webapp/packages/core-localization/src/locales/it.ts b/webapp/packages/core-localization/src/locales/it.ts index 973a53da48..f98cbff0c7 100644 --- a/webapp/packages/core-localization/src/locales/it.ts +++ b/webapp/packages/core-localization/src/locales/it.ts @@ -104,6 +104,7 @@ export default [ ['ui_readonly', 'In sola lettura'], ['ui_test', 'Test'], ['ui_export', 'Export'], + ['ui_you', 'You'], ['root_permission_denied', 'Non hai i permessi'], ['app_root_session_expire_warning_title', 'La sessione sta per scadere'], diff --git a/webapp/packages/core-localization/src/locales/ru.ts b/webapp/packages/core-localization/src/locales/ru.ts index dbe87c9686..a479779496 100644 --- a/webapp/packages/core-localization/src/locales/ru.ts +++ b/webapp/packages/core-localization/src/locales/ru.ts @@ -110,6 +110,7 @@ export default [ ['ui_readonly', 'Доступно только для чтения'], ['ui_test', 'Проверить'], ['ui_export', 'Экспорт'], + ['ui_you', 'Вы'], ['root_permission_denied', 'Отказано в доступе'], ['root_permission_no_permission', 'У вас нет разрешения на это действие'], diff --git a/webapp/packages/core-localization/src/locales/zh.ts b/webapp/packages/core-localization/src/locales/zh.ts index ecf73a1a19..cee7130839 100644 --- a/webapp/packages/core-localization/src/locales/zh.ts +++ b/webapp/packages/core-localization/src/locales/zh.ts @@ -111,6 +111,7 @@ export default [ ['ui_readonly', '只读'], ['ui_test', 'Test'], ['ui_export', 'Export'], + ['ui_you', 'You'], ['root_permission_denied', '您没有权限'], ['root_permission_no_permission', '您没有权限执行此操作'], diff --git a/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/GrantedUserList.tsx b/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/GrantedUserList.tsx index 6f36938940..af186ae5e1 100644 --- a/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/GrantedUserList.tsx +++ b/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/GrantedUserList.tsx @@ -26,6 +26,7 @@ import { } from '@cloudbeaver/core-blocks'; import { useService } from '@cloudbeaver/core-di'; import type { TLocalizationToken } from '@cloudbeaver/core-localization'; +import { ServerConfigResource } from '@cloudbeaver/core-root'; import type { AdminUserInfoFragment } from '@cloudbeaver/core-sdk'; import { getFilteredUsers } from './getFilteredUsers'; @@ -47,6 +48,7 @@ export const GrantedUserList = observer(function GrantedUserList({ grante const translate = useTranslate(); const usersResource = useService(UsersResource); + const serverConfigResource = useService(ServerConfigResource); const [selectedSubjects] = useState>(() => observable(new Map())); const [filterState] = useState(() => observable({ filterValue: '' })); @@ -70,6 +72,14 @@ export const GrantedUserList = observer(function GrantedUserList({ grante } } + function isEditable(userId: string) { + if (serverConfigResource.distributed) { + return true; + } + + return !usersResource.isActiveUser(userId); + } + return (
@@ -82,12 +92,7 @@ export const GrantedUserList = observer(function GrantedUserList({ grante
- !usersResource.isActiveUser(item)} - > +
isEditable(item)}> {tableInfoText && ( @@ -95,20 +100,17 @@ export const GrantedUserList = observer(function GrantedUserList({ grante {translate(tableInfoText)} )} - {users.map(user => { - const activeUser = usersResource.isActiveUser(user.userId); - return ( - - ); - })} + {users.map(user => ( + + ))}
diff --git a/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/UserList.tsx b/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/UserList.tsx index fdf08fc0da..21cb1e9bbf 100644 --- a/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/UserList.tsx +++ b/webapp/packages/plugin-authentication-administration/src/Administration/Users/Teams/GrantedUsers/UserList.tsx @@ -25,6 +25,7 @@ import { useTranslate, } from '@cloudbeaver/core-blocks'; import { useService } from '@cloudbeaver/core-di'; +import { ServerConfigResource } from '@cloudbeaver/core-root'; import type { AdminUserInfoFragment } from '@cloudbeaver/core-sdk'; import { getFilteredUsers } from './getFilteredUsers'; @@ -46,6 +47,7 @@ export const UserList = observer(function UserList({ userList, grantedUse const translate = useTranslate(); const usersResource = useService(UsersResource); + const serverConfigResource = useService(ServerConfigResource); const [selectedSubjects] = useState>(() => observable(new Map())); const [filterState] = useState(() => observable({ filterValue: '' })); @@ -60,6 +62,14 @@ export const UserList = observer(function UserList({ userList, grantedUse selectedSubjects.clear(); }, []); + function isEditable(userId: string) { + if (serverConfigResource.distributed) { + return true; + } + + return !usersResource.isActiveUser(userId); + } + return (
@@ -73,7 +83,7 @@ export const UserList = observer(function UserList({ userList, grantedUse className={s(styles, { table: true })} keys={keys} selectedItems={selectedSubjects} - isItemSelectable={item => !(usersResource.isActiveUser(item) || grantedUsers.includes(item))} + isItemSelectable={item => isEditable(item) && !grantedUsers.includes(item)} > @@ -82,20 +92,17 @@ export const UserList = observer(function UserList({ userList, grantedUse {translate('ui_search_no_result_placeholder')} )} - {users.map(user => { - const activeUser = usersResource.isActiveUser(user.userId); - return ( - - ); - })} + {users.map(user => ( + + ))}
diff --git a/webapp/packages/plugin-authentication-administration/src/Administration/Users/UsersTable/User.tsx b/webapp/packages/plugin-authentication-administration/src/Administration/Users/UsersTable/User.tsx index ec997bd6e7..e813c5b928 100644 --- a/webapp/packages/plugin-authentication-administration/src/Administration/Users/UsersTable/User.tsx +++ b/webapp/packages/plugin-authentication-administration/src/Administration/Users/UsersTable/User.tsx @@ -36,7 +36,6 @@ interface Props { export const User = observer(function User({ user, displayAuthRole, selectable }) { const usersAdministrationService = useService(UsersAdministrationService); - const teams = user.grantedTeams.join(', '); const usersService = useService(UsersResource); const notificationService = useService(NotificationService); const administrationUsersManagementService = useService(AdministrationUsersManagementService); @@ -57,6 +56,7 @@ export const User = observer(function User({ user, displayAuthRole, selec : undefined; const userManagementDisabled = administrationUsersManagementService.externalUserProviderEnabled; + const teams = user.grantedTeams.join(', '); return (