feat(admin): route policies for whole admin gui

* Route authorization is now implemented in the whole admin gui.
* In side-menu and all overviews is now using canNavigate() function instead of isAuthorized() + 'policy', so all policies are now located in route-policy.service.ts.
* Fixed side-menu for resource under facility (resource and facility were displayed under VO in side-menu).

Author: HejdaJakub

apps/admin-gui/src/app/admin/admin-routing.module.ts

@@ -32,11 +32,13 @@ import { UserAccountsComponent } from '../users/pages/user-detail-page/user-acco
 import { AdminAuditLogComponent } from './pages/admin-page/admin-audit-log/admin-audit-log.component';
 import { AdminConsentHubsComponent } from './pages/admin-page/admin-consent-hubs/admin-consent-hubs.component';
 import { AdminSearcherComponent } from './pages/admin-page/admin-searcher/admin-searcher.component';
+import { RouteAuthGuardService } from '../shared/route-auth-guard.service';
 
 const routes: Routes = [
   {
     path: '',
     component: AdminPageComponent,
+    canActivateChild: [RouteAuthGuardService],
     children: [
       {
         path: '',
@@ -114,6 +116,7 @@ const routes: Routes = [
   {
     path: 'users/:userId',
     component: AdminUserDetailPageComponent,
+    canActivateChild: [RouteAuthGuardService],
     children: [
       {
         path: '',
@@ -191,6 +194,7 @@ const routes: Routes = [
   {
     path: 'services/:serviceId',
     component: ServiceDetailPageComponent,
+    canActivateChild: [RouteAuthGuardService],
     children: [
       {
         path: '',

apps/admin-gui/src/app/facilities/facilities-routing.module.ts

@@ -31,15 +31,25 @@ import { FacilityTaskResultsComponent } from './pages/facility-detail-page/facil
 import { ResourceTagsComponent } from './pages/resource-detail-page/resource-tags/resource-tags.component';
 import { FacilityConfigurationPageComponent } from './pages/facility-configuration-page/facility-configuration-page.component';
 import { ConfigureFacilityGuardService } from './services/configure-facility-guard.service';
+import { RouteAuthGuardService } from '../shared/route-auth-guard.service';
 
 const routes: Routes = [
   {
     path: '',
     component: FacilitySelectPageComponent,
+    canActivateChild: [RouteAuthGuardService],
+    children: [
+      {
+        path: '',
+        component: FacilitySelectPageComponent,
+        data: { animation: 'FacilitySelectPage' },
+      },
+    ],
   },
   {
     path: ':facilityId',
     component: FacilityDetailPageComponent,
+    canActivateChild: [RouteAuthGuardService],
     children: [
       {
         path: '',
@@ -138,6 +148,7 @@ const routes: Routes = [
   {
     path: ':facilityId/resources/:resourceId',
     component: ResourceDetailPageComponent,
+    canActivateChild: [RouteAuthGuardService],
     children: [
       {
         path: '',

apps/admin-gui/src/app/facilities/pages/facility-detail-page/facility-overview/facility-overview.component.ts

@@ -1,7 +1,11 @@
 import { Component, HostBinding, OnInit } from '@angular/core';
 import { MenuItem } from '@perun-web-apps/perun/models';
 import { FacilitiesManagerService, Facility } from '@perun-web-apps/perun/openapi';
-import { EntityStorageService, GuiAuthResolver } from '@perun-web-apps/perun/services';
+import {
+  EntityStorageService,
+  GuiAuthResolver,
+  RoutePolicyService,
+} from '@perun-web-apps/perun/services';
 
 @Component({
   selector: 'app-facility-overview',
@@ -18,7 +22,8 @@ export class FacilityOverviewComponent implements OnInit {
   constructor(
     private facilityManager: FacilitiesManagerService,
     private authResolver: GuiAuthResolver,
-    private entityStorageService: EntityStorageService
+    private entityStorageService: EntityStorageService,
+    private routePolicyService: RoutePolicyService
   ) {}
 
   ngOnInit(): void {
@@ -32,9 +37,7 @@ export class FacilityOverviewComponent implements OnInit {
     this.navItems = [];
 
     // Resources
-    if (
-      this.authResolver.isAuthorized('getAssignedRichResources_Facility_policy', [this.facility])
-    ) {
+    if (this.routePolicyService.canNavigate('facilities-resources', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-manage-facility',
         url: `/facilities/${this.facility.id}/resources`,
@@ -43,9 +46,7 @@ export class FacilityOverviewComponent implements OnInit {
       });
     }
     // Allowed users
-    if (
-      this.authResolver.isAuthorized('getAssignedUsers_Facility_Service_policy', [this.facility])
-    ) {
+    if (this.routePolicyService.canNavigate('facilities-allowed-users', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-user',
         url: `/facilities/${this.facility.id}/allowed-users`,
@@ -54,9 +55,7 @@ export class FacilityOverviewComponent implements OnInit {
       });
     }
     // Allowed groups
-    if (
-      this.authResolver.isAuthorized('getAllowedGroups_Facility_Vo_Service_policy', [this.facility])
-    ) {
+    if (this.routePolicyService.canNavigate('facilities-allowed-groups', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-group',
         url: `/facilities/${this.facility.id}/allowed-groups`,
@@ -65,9 +64,7 @@ export class FacilityOverviewComponent implements OnInit {
       });
     }
     // Service state
-    if (
-      this.authResolver.isAuthorized('getFacilityServicesState_Facility_policy', [this.facility])
-    ) {
+    if (this.routePolicyService.canNavigate('facilities-services-status', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-service-status',
         url: `/facilities/${this.facility.id}/services-status`,
@@ -76,7 +73,7 @@ export class FacilityOverviewComponent implements OnInit {
       });
     }
     // Service destination
-    if (this.authResolver.isAuthorized('getAllRichDestinations_Facility_policy', [this.facility])) {
+    if (this.routePolicyService.canNavigate('facilities-services-destinations', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-service_destination',
         url: `/facilities/${this.facility.id}/services-destinations`,
@@ -85,8 +82,7 @@ export class FacilityOverviewComponent implements OnInit {
       });
     }
     // Hosts
-    // TODO fix when policies are updated
-    if (this.authResolver.isFacilityAdmin()) {
+    if (this.routePolicyService.canNavigate('facilities-hosts', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-hosts',
         url: `/facilities/${this.facility.id}/hosts`,
@@ -95,20 +91,17 @@ export class FacilityOverviewComponent implements OnInit {
       });
     }
     // Attributes
-    this.navItems.push({
-      cssIcon: 'perun-attributes',
-      url: `/facilities/${this.facility.id}/attributes`,
-      label: 'MENU_ITEMS.FACILITY.ATTRIBUTES',
-      style: 'facility-btn',
-    });
+    if (this.routePolicyService.canNavigate('facilities-attributes', this.facility)) {
+      this.navItems.push({
+        cssIcon: 'perun-attributes',
+        url: `/facilities/${this.facility.id}/attributes`,
+        label: 'MENU_ITEMS.FACILITY.ATTRIBUTES',
+        style: 'facility-btn',
+      });
+    }
 
     // Settings
-    if (
-      this.authResolver.isAuthorized('getBansForFacility_int_policy', [this.facility]) ||
-      this.authResolver.isManagerPagePrivileged(this.facility) ||
-      this.authResolver.isAuthorized('getOwners_Facility_policy', [this.facility]) ||
-      this.authResolver.isAuthorized('getAssignedSecurityTeams_Facility_policy', [this.facility])
-    ) {
+    if (this.routePolicyService.canNavigate('facilities-settings', this.facility)) {
       this.navItems.push({
         cssIcon: 'perun-settings2',
         url: `/facilities/${this.facility.id}/settings`,

apps/admin-gui/src/app/facilities/pages/facility-detail-page/facility-settings/facility-settings-overview/facility-settings-overview.component.ts

@@ -1,7 +1,11 @@
 import { Component, HostBinding, OnInit } from '@angular/core';
 import { MenuItem } from '@perun-web-apps/perun/models';
 import { FacilitiesManagerService, Facility } from '@perun-web-apps/perun/openapi';
-import { EntityStorageService, GuiAuthResolver } from '@perun-web-apps/perun/services';
+import {
+  EntityStorageService,
+  GuiAuthResolver,
+  RoutePolicyService,
+} from '@perun-web-apps/perun/services';
 
 @Component({
   selector: 'app-facility-settings-overview',
@@ -18,7 +22,8 @@ export class FacilitySettingsOverviewComponent implements OnInit {
   constructor(
     private facilityManager: FacilitiesManagerService,
     private authResolver: GuiAuthResolver,
-    private entityStorageService: EntityStorageService
+    private entityStorageService: EntityStorageService,
+    private routePolicyService: RoutePolicyService
   ) {}
 
   ngOnInit(): void {
@@ -32,7 +37,7 @@ export class FacilitySettingsOverviewComponent implements OnInit {
     this.items = [];
 
     // Owners
-    if (this.authResolver.isAuthorized('getOwners_Facility_policy', [this.facility])) {
+    if (this.routePolicyService.canNavigate('facilities-settings-owners', this.facility)) {
       this.items.push({
         cssIcon: 'perun-owner-grey',
         url: `/facilities/${this.facility.id}/settings/owners`,
@@ -41,7 +46,7 @@ export class FacilitySettingsOverviewComponent implements OnInit {
       });
     }
     // Managers
-    if (this.authResolver.isManagerPagePrivileged(this.facility)) {
+    if (this.routePolicyService.canNavigate('facilities-settings-managers', this.facility)) {
       this.items.push({
         cssIcon: 'perun-manager',
         url: `/facilities/${this.facility.id}/settings/managers`,
@@ -50,9 +55,7 @@ export class FacilitySettingsOverviewComponent implements OnInit {
       });
     }
     // Security teams
-    if (
-      this.authResolver.isAuthorized('getAssignedSecurityTeams_Facility_policy', [this.facility])
-    ) {
+    if (this.routePolicyService.canNavigate('facilities-settings-security-teams', this.facility)) {
       this.items.push({
         cssIcon: 'perun-security-teams',
         url: `/facilities/${this.facility.id}/settings/security-teams`,
@@ -61,7 +64,7 @@ export class FacilitySettingsOverviewComponent implements OnInit {
       });
     }
     // Blacklist
-    if (this.authResolver.isAuthorized('getBansForFacility_int_policy', [this.facility])) {
+    if (this.routePolicyService.canNavigate('facilities-settings-blacklist', this.facility)) {
       this.items.push({
         cssIcon: 'perun-black-list',
         url: `/facilities/${this.facility.id}/settings/blacklist`,

apps/admin-gui/src/app/facilities/pages/resource-detail-page/resource-detail-page.component.ts

@@ -113,10 +113,11 @@ export class ResourceDetailPageComponent extends destroyDetailMixin() implements
     const resourceItem = this.sideMenuItemService.parseResource(this.resource, this.underVoUrl);
     if (this.underVoUrl) {
       parentItem = this.sideMenuItemService.parseVo(this.vo);
+      this.sideMenuService.setAccessMenuItems([parentItem, resourceItem]);
     } else {
       parentItem = this.sideMenuItemService.parseFacility(this.facility);
+      this.sideMenuService.setFacilityMenuItems([parentItem, resourceItem]);
     }
-    this.sideMenuService.setAccessMenuItems([parentItem, resourceItem]);
   }
 
   editResource(): void {

apps/admin-gui/src/app/facilities/pages/resource-detail-page/resource-overview/resource-overview.component.ts

@@ -2,7 +2,11 @@ import { Component, HostBinding, OnInit } from '@angular/core';
 import { ActivatedRoute } from '@angular/router';
 import { MenuItem } from '@perun-web-apps/perun/models';
 import { Resource, ResourcesManagerService } from '@perun-web-apps/perun/openapi';
-import { EntityStorageService, GuiAuthResolver } from '@perun-web-apps/perun/services';
+import {
+  EntityStorageService,
+  GuiAuthResolver,
+  RoutePolicyService,
+} from '@perun-web-apps/perun/services';
 
 @Component({
   selector: 'app-resource-overview',
@@ -20,7 +24,8 @@ export class ResourceOverviewComponent implements OnInit {
     private resourcesManager: ResourcesManagerService,
     private route: ActivatedRoute,
     public guiAuthResolver: GuiAuthResolver,
-    private entityStorageService: EntityStorageService
+    private entityStorageService: EntityStorageService,
+    private routePolicyService: RoutePolicyService
   ) {}
 
   ngOnInit(): void {
@@ -40,35 +45,31 @@ export class ResourceOverviewComponent implements OnInit {
       : `/facilities/${this.resource.facilityId}`;
     this.navItems = [];
 
-    if (this.guiAuthResolver.isAuthorized('getAssignedGroups_Resource_policy', [this.resource])) {
+    if (this.routePolicyService.canNavigate('resources-groups', this.resource)) {
       this.navItems.push({
         cssIcon: 'perun-group',
         url: `${urlStart}/resources/${this.resource.id}/groups`,
         label: 'MENU_ITEMS.RESOURCE.ASSIGNED_GROUPS',
         style: 'resource-btn',
       });
     }
-    if (this.guiAuthResolver.isAuthorized('getAssignedServices_Resource_policy', [this.resource])) {
+    if (this.routePolicyService.canNavigate('resources-services', this.resource)) {
       this.navItems.push({
         cssIcon: 'perun-service',
         url: `/${urlStart}/resources/${this.resource.id}/services`,
         label: 'MENU_ITEMS.RESOURCE.ASSIGNED_SERVICES',
         style: 'resource-btn',
       });
     }
-    if (this.guiAuthResolver.isAuthorized('getAssignedMembers_Resource_policy', [this.resource])) {
+    if (this.routePolicyService.canNavigate('resources-members', this.resource)) {
       this.navItems.push({
         cssIcon: 'perun-user',
         url: `${urlStart}/resources/${this.resource.id}/members`,
         label: 'MENU_ITEMS.RESOURCE.ASSIGNED_MEMBERS',
         style: 'resource-btn',
       });
     }
-    if (
-      this.guiAuthResolver.isAuthorized('getAllResourcesTagsForResource_Resource_policy', [
-        this.resource,
-      ])
-    ) {
+    if (this.routePolicyService.canNavigate('resources-tags', this.resource)) {
       this.navItems.push({
         cssIcon: 'perun-resource-tags',
         url: `${urlStart}/resources/${this.resource.id}/tags`,
@@ -77,15 +78,16 @@ export class ResourceOverviewComponent implements OnInit {
       });
     }
 
-    this.navItems.push({
-      cssIcon: 'perun-attributes',
-      url: `${urlStart}/resources/${this.resource.id}/attributes`,
-      label: 'MENU_ITEMS.RESOURCE.ATTRIBUTES',
-      style: 'resource-btn',
-    });
+    if (this.routePolicyService.canNavigate('resources-attributes', this.resource)) {
+      this.navItems.push({
+        cssIcon: 'perun-attributes',
+        url: `${urlStart}/resources/${this.resource.id}/attributes`,
+        label: 'MENU_ITEMS.RESOURCE.ATTRIBUTES',
+        style: 'resource-btn',
+      });
+    }
 
-    const managersAuth = this.guiAuthResolver.isManagerPagePrivileged(this.resource);
-    if (managersAuth) {
+    if (this.routePolicyService.canNavigate('resources-settings', this.resource)) {
       this.navItems.push({
         cssIcon: 'perun-settings2',
         url: `${urlStart}/resources/${this.resource.id}/settings`,

apps/admin-gui/src/app/facilities/pages/resource-detail-page/resource-settings/resource-settings-overview/resource-settings-overview.component.ts

@@ -2,7 +2,11 @@ import { Component, HostBinding, OnInit } from '@angular/core';
 import { ActivatedRoute } from '@angular/router';
 import { MenuItem } from '@perun-web-apps/perun/models';
 import { Resource, ResourcesManagerService } from '@perun-web-apps/perun/openapi';
-import { EntityStorageService, GuiAuthResolver } from '@perun-web-apps/perun/services';
+import {
+  EntityStorageService,
+  GuiAuthResolver,
+  RoutePolicyService,
+} from '@perun-web-apps/perun/services';
 
 @Component({
   selector: 'app-resource-settings-overview',
@@ -19,7 +23,8 @@ export class ResourceSettingsOverviewComponent implements OnInit {
     private route: ActivatedRoute,
     private resourceManager: ResourcesManagerService,
     private authResolver: GuiAuthResolver,
-    private entityStorageService: EntityStorageService
+    private entityStorageService: EntityStorageService,
+    private routePolicyService: RoutePolicyService
   ) {}
 
   ngOnInit(): void {
@@ -36,8 +41,7 @@ export class ResourceSettingsOverviewComponent implements OnInit {
   private initItems(inVo: boolean): void {
     this.items = [];
 
-    const managersAuth = this.authResolver.isManagerPagePrivileged(this.resource);
-    if (managersAuth) {
+    if (this.routePolicyService.canNavigate('resources-settings-managers', this.resource)) {
       this.items.push({
         cssIcon: 'perun-manager',
         url: `${