feat(admin): user roles are split by source

* user-detail page splits his roles by source (directly assigned or obtained as a member of authorized group)
* tabs added to change what source we want to see
* (authorized) group based roles cannot be managed, only viewed

Author: Kuliak

apps/admin-gui/src/app/shared/components/roles-list/roles-page.component.html

@@ -1,9 +1,8 @@
-<h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
 <button
-  *ngIf="assignableRules.length !== 0"
+  *ngIf="assignableRules.length !== 0 && editable"
   mat-flat-button
   color="accent"
-  class="mb-3 mr-2"
+  class="mb-3 mr-2 mt-2"
   (click)="addRole()">
   {{'ROLES.ADD'| translate}}
 </button>
@@ -22,7 +21,7 @@ <h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
     </mat-expansion-panel-header>
     <ng-template matExpansionPanelContent>
       <span
-        *ngIf="role.roleName !== 'SELF' && role.roleName !== 'MEMBERSHIP' && role.roleName !== 'SPONSORSHIP'"
+        *ngIf="editable && role.roleName !== 'SELF' && role.roleName !== 'MEMBERSHIP' && role.roleName !== 'SPONSORSHIP'"
         matTooltip="{{'ROLES.REMOVE_DISABLED_TOOLTIP'| translate}}"
         matTooltipPosition="left"
         [matTooltipDisabled]="(selection.selected.length === 0 && selectedFacilities.selected.length === 0) || !disableRemove">
@@ -43,9 +42,11 @@ <h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
               {{('ROLES.' + role.roleName + '_VOS_' + entityType) | translate}}
             </div>
             <perun-web-apps-vos-list
-              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'name', 'shortName'] : ['checkbox', 'id', 'name', 'shortName']"
+              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'name', 'shortName'] : (editable ? ['checkbox', 'id', 'name', 'shortName'] : ['id', 'name', 'authzGroup', 'shortName'])"
               [vos]="vos | async"
-              [selection]="selection">
+              [selection]="selection"
+              [authzVoNames]="voNames"
+              [voWithAuthzGroupPairs]="_complementaryObjectsWithAuthzGroups?.get(role.roleName)?.get('vo')">
             </perun-web-apps-vos-list>
           </div>
           <div
@@ -55,9 +56,11 @@ <h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
               {{('ROLES.' + role.roleName + '_GROUPS_' + entityType) | translate}}
             </div>
             <perun-web-apps-groups-list
-              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'vo', 'name', 'description'] : ['select', 'id', 'vo', 'name', 'description']"
+              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'vo', 'name', 'description'] : (editable ? ['select', 'id', 'vo', 'name', 'description'] : ['id', 'vo', 'name', 'authzGroup', 'description'])"
               [groups]="groups | async"
-              [selection]="selection">
+              [selection]="selection"
+              [authzVoNames]="voNames"
+              [groupWithAuthzGroupPairs]="_complementaryObjectsWithAuthzGroups?.get(role.roleName)?.get('group')">
             </perun-web-apps-groups-list>
           </div>
           <div
@@ -68,9 +71,11 @@ <h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
             </div>
             <perun-web-apps-resources-list
               [resources]="resources | async"
-              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'name', 'vo', 'facility', 'description'] : ['select', 'id', 'name', 'vo', 'facility', 'description']"
+              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'name', 'vo', 'facility', 'description'] : (editable ? ['select', 'id', 'name', 'vo', 'facility', 'description'] : ['id', 'name', 'authzGroup', 'vo', 'facility', 'description'])"
               [routingVo]="true"
-              [selection]="selection">
+              [selection]="selection"
+              [authzVoNames]="voNames"
+              [resourceWithAuthzGroupPairs]="_complementaryObjectsWithAuthzGroups?.get(role.roleName)?.get('resource')">
             </perun-web-apps-resources-list>
           </div>
           <div
@@ -80,9 +85,11 @@ <h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
               {{('ROLES.' + role.roleName + '_FACILITIES_' + entityType) | translate}}
             </div>
             <perun-web-apps-facilities-list
-              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'name', 'description'] : ['select', 'id', 'name', 'description']"
+              [displayedColumns]="role.roleName === 'MEMBERSHIP' ? ['id', 'name', 'description'] : (editable ? ['select', 'id', 'name', 'description'] : ['id', 'name', 'authzGroup', 'description'])"
               [facilities]="facilities | async"
-              [selection]="selectedFacilities">
+              [selection]="selectedFacilities"
+              [authzVoNames]="voNames"
+              [facilityWithAuthzGroupPairs]="_complementaryObjectsWithAuthzGroups?.get(role.roleName)?.get('facility')">
             </perun-web-apps-facilities-list>
           </div>
           <div *ngIf="role.roleName === 'SPONSORSHIP'" class="mb-3">

apps/admin-gui/src/app/shared/components/roles-list/roles-page.component.ts

@@ -52,6 +52,7 @@ export class RolesPageComponent implements OnInit {
   @Input() showDescription: boolean;
   @Input() entityId: number;
   @Input() entityType: 'SELF' | 'USER' | 'GROUP';
+  @Input() editable = true;
   @Output() reload = new EventEmitter<void>();
   @Output() startLoading = new EventEmitter<void>();
 
@@ -62,6 +63,8 @@ export class RolesPageComponent implements OnInit {
   allRules: RoleManagementRules[] = [];
   disableRemove = false;
 
+  voNames: Map<number, string> = new Map<number, string>();
+
   selectedRole = new BehaviorSubject<RoleManagementRules>(null);
 
   groups: Observable<Group[]> = this.selectedRole.pipe(
@@ -139,6 +142,7 @@ export class RolesPageComponent implements OnInit {
     startWith([])
   );
 
+  _complementaryObjectsWithAuthzGroups = new Map<string, Map<string, Map<number, Group[]>>>();
   private _roles = new Map<string, Map<string, number[]>>();
 
   constructor(
@@ -169,6 +173,13 @@ export class RolesPageComponent implements OnInit {
       .filter((rule) => this._roles.has(rule.roleName));
   }
 
+  @Input() set complementaryObjectsWithAuthzGroups(
+    compObjects: Map<string, Map<string, Map<number, Group[]>>>
+  ) {
+    this._complementaryObjectsWithAuthzGroups = compObjects;
+    this.updateVoNames();
+  }
+
   ngOnInit(): void {
     this.assignableRules = this.guiAuthResolver.getAssignableRoleRules(
       this.entityType === 'GROUP' ? 'GROUP' : 'USER'
@@ -369,4 +380,27 @@ export class RolesPageComponent implements OnInit {
       modifiedByUid: resource.modifiedByUid,
     };
   }
+
+  private updateVoNames(): void {
+    const voIds = new Set<number>();
+    this._complementaryObjectsWithAuthzGroups.forEach((beanNamesMap) => {
+      beanNamesMap.forEach((beanIdsToGroupsMap) => {
+        beanIdsToGroupsMap.forEach((groups) => {
+          groups.forEach((group) => {
+            if (!voIds.has(group.voId) && !this.voNames.has(group.voId)) {
+              voIds.add(group.voId);
+            }
+          });
+        });
+      });
+    });
+
+    if (voIds.size > 0) {
+      this.vosService.getVosByIds([...voIds]).subscribe((vos) => {
+        vos.forEach((vo) => {
+          this.voNames.set(vo.id, vo.name);
+        });
+      });
+    }
+  }
 }

apps/admin-gui/src/app/users/pages/user-detail-page/user-settings/user-roles/user-roles.component.html

@@ -1,9 +1,39 @@
-<app-perun-web-apps-roles-page
-  [outerLoading]="this.outerLoading"
-  [roles]="this.roles"
-  [entityId]="this.userId"
-  [showDescription]="this.showDescription"
-  [entityType]="this.entityType"
-  (reload)="getData()"
-  (startLoading)="outerLoading = true;">
-</app-perun-web-apps-roles-page>
+<h1 class="page-subtitle d-flex">{{'ROLES.TITLE'| translate}}</h1>
+<mat-tab-group>
+  <mat-tab>
+    <ng-template matTabLabel>
+      {{'USER_DETAIL.DASHBOARD.DIRECT_ROLES' | translate}}
+    </ng-template>
+    <ng-template matTabContent>
+      <app-perun-web-apps-roles-page
+        [outerLoading]="this.outerLoading"
+        [roles]="this.roles"
+        [entityId]="this.userId"
+        [showDescription]="this.showDescription"
+        [entityType]="this.entityType"
+        [editable]="true"
+        (reload)="getData()"
+        (startLoading)="outerLoading = true;">
+      </app-perun-web-apps-roles-page>
+    </ng-template>
+  </mat-tab>
+
+  <mat-tab>
+    <ng-template matTabLabel>
+      {{'USER_DETAIL.DASHBOARD.AUTHORIZED_GROUP_BASED_ROLES' | translate}}
+    </ng-template>
+    <ng-template matTabContent>
+      <app-perun-web-apps-roles-page
+        [outerLoading]="this.outerLoading"
+        [roles]="this.indirectRoles"
+        [entityId]="this.userId"
+        [showDescription]="this.showDescription"
+        [entityType]="this.entityType"
+        [editable]="false"
+        [complementaryObjectsWithAuthzGroups]="this.rolesComplementaryObjectsWithAuthzGroups"
+        (reload)="getData()"
+        (startLoading)="outerLoading = true;">
+      </app-perun-web-apps-roles-page>
+    </ng-template>
+  </mat-tab>
+</mat-tab-group>

apps/admin-gui/src/app/users/pages/user-detail-page/user-settings/user-roles/user-roles.component.ts

@@ -1,9 +1,7 @@
 import { Component, HostBinding, OnInit } from '@angular/core';
-import { AuthzResolverService } from '@perun-web-apps/perun/openapi';
+import { AuthzResolverService, Group } from '@perun-web-apps/perun/openapi';
 import { ActivatedRoute } from '@angular/router';
 import { StoreService, RoleService } from '@perun-web-apps/perun/services';
-import { iif, of } from 'rxjs';
-import { mergeMap } from 'rxjs/operators';
 
 @Component({
   selector: 'app-user-roles',
@@ -16,6 +14,8 @@ export class UserRolesComponent implements OnInit {
   userId: number;
 
   roles = new Map<string, Map<string, number[]>>();
+  indirectRoles = new Map<string, Map<string, number[]>>();
+  rolesComplementaryObjectsWithAuthzGroups = new Map<string, Map<string, Map<number, Group[]>>>();
   outerLoading: boolean;
   showDescription = true;
   entityType: 'SELF' | 'USER';
@@ -44,21 +44,51 @@ export class UserRolesComponent implements OnInit {
 
   getData(): void {
     this.outerLoading = true;
+
+    // get user based roles
     this.roles.clear();
-    of(this.entityType)
-      .pipe(
-        mergeMap((type) =>
-          iif(
-            () => type === 'SELF',
-            of(this.store.getPerunPrincipal().roles),
-            this.authzResolverService.getUserRoles(this.userId)
-          )
-        )
-      )
-      .subscribe((roles) => {
+    this.authzResolverService.getUserDirectRoles(this.userId).subscribe({
+      next: (roles) => {
+        // prepare direct roles
         const roleNames = Object.keys(roles).map((role) => role.toUpperCase());
         this.roles = this.roleService.prepareRoles(roles, roleNames);
-        this.outerLoading = false;
-      });
+
+        // get group based roles
+        this.indirectRoles.clear();
+        this.authzResolverService
+          .getUserRolesObtainedFromAuthorizedGroupMemberships(this.userId)
+          .subscribe({
+            next: (groupBasedRoles) => {
+              // prepare group based roles
+              const groupBasedRoleNames = Object.keys(groupBasedRoles).map((role) =>
+                role.toUpperCase()
+              );
+              this.indirectRoles = this.roleService.prepareRoles(
+                groupBasedRoles,
+                groupBasedRoleNames
+              );
+
+              // get map of roles and complementary objects with authorized groups
+              this.rolesComplementaryObjectsWithAuthzGroups.clear();
+              this.authzResolverService
+                .getRoleComplementaryObjectsWithAuthorizedGroups(this.userId)
+                .subscribe({
+                  next: (obtainedComplementaryObjects) => {
+                    // prepare map
+                    this.rolesComplementaryObjectsWithAuthzGroups =
+                      this.roleService.prepareComplementaryObjects(
+                        Object.keys(obtainedComplementaryObjects),
+                        obtainedComplementaryObjects
+                      );
+                    this.outerLoading = false;
+                  },
+                  error: () => (this.outerLoading = false),
+                });
+            },
+            error: () => (this.outerLoading = false),
+          });
+      },
+      error: () => (this.outerLoading = false),
+    });
   }
 }

apps/admin-gui/src/assets/i18n/en.json

@@ -2512,7 +2512,9 @@
       "SHOW_RECENTLY_VIEWED": "Show Recently viewed",
       "SHOW_ROLES": "Show roles",
       "MAIL_CHANGE_SUCCESS": "Preferred mail has been changed",
-      "ANONYMIZED": "User anonymized"
+      "ANONYMIZED": "User anonymized",
+      "DIRECT_ROLES": "User based",
+      "AUTHORIZED_GROUP_BASED_ROLES": "Group based"
     },
     "OVERVIEW": {
       "GENERAL_SETTINGS": "General settings"
@@ -2691,7 +2693,8 @@
         "TECHNICAL_OWNERS": "Technical owners",
         "DESTINATIONS": "Destinations",
         "HOSTS": "Hosts",
-        "NO_FACILITIES_WARNING": "No facilities found"
+        "NO_FACILITIES_WARNING": "No facilities found",
+        "AUTHZ_GROUP": "Authorized group"
       },
       "CONSENT_HUBS_LIST": {
         "ID": "Id",
@@ -2845,7 +2848,8 @@
           "CREATE_RELATION_AUTH_TOOLTIP": "You don't have permission to create relation with this group.",
           "SYNCHRONIZED_GROUP": "Group is filled with members from an external source",
           "INDIRECT_GROUP": "This group is assigned as a part of a groups tree.",
-          "MULTIPLE_ASSIGNMENTS": "This group is assigned manually and also as a part of a groups tree. You can remove only manual assignment."
+          "MULTIPLE_ASSIGNMENTS": "This group is assigned manually and also as a part of a groups tree. You can remove only manual assignment.",
+          "AUTHZ_GROUP": "Authorized group"
         },
         "GROUP_MENU": {
           "MOVE": "Move group",
@@ -2860,7 +2864,8 @@
         "VOS_LIST": {
           "ID": "Id",
           "NAME": "Name",
-          "SHORTNAME": "Short name"
+          "SHORTNAME": "Short name",
+          "AUTHZ_GROUP": "Authorized group"
         },
         "VO_SEARCH_SELECT": {
           "SELECT_VO": "Select organization",
@@ -2891,7 +2896,8 @@
           "TABLE_RESOURCE_DESCRIPTION": "Description",
           "TABLE_GROUP_RESOURCE_STATUS": "Status",
           "NO_RESOURCES_WARNING": "No resources assigned.",
-          "INDIRECT_RESOURCE": "This resource is assigned indirectly."
+          "INDIRECT_RESOURCE": "This resource is assigned indirectly.",
+          "AUTHZ_GROUP": "Authorized group"
         },
         "RESOURCE_SEARCH_SELECT": {
           "SELECT_RESOURCE": "Select resource",

libs/perun/components/src/lib/facilities-list/facilities-list.component.html

@@ -51,6 +51,16 @@
           {{facility.facility.name}}
         </td>
       </ng-container>
+      <ng-container matColumnDef="authzGroup">
+        <th mat-header-cell *matHeaderCellDef mat-sort-header>
+          {{'SHARED.COMPONENTS.FACILITIES_LIST.AUTHZ_GROUP' | translate}}
+        </th>
+        <td mat-cell *matCellDef="let facility">
+          {{ facilityWithAuthzGroupPairs.has(facility.facility.id)
+              ? authzVoNames.get(facilityWithAuthzGroupPairs.get(facility.facility.id)[0].voId) + ":" + facilityWithAuthzGroupPairs.get(facility.facility.id)[0].name
+              : "" }}
+        </td>
+      </ng-container>
       <ng-container matColumnDef="description">
         <th *matHeaderCellDef mat-header-cell>
           {{'SHARED.COMPONENTS.FACILITIES_LIST.DESCRIPTION' | translate}}

libs/perun/components/src/lib/facilities-list/facilities-list.component.ts

@@ -1,7 +1,7 @@
 import { Component, Input, OnChanges, ViewChild } from '@angular/core';
 import { MatSort } from '@angular/material/sort';
 import { MatTableDataSource } from '@angular/material/table';
-import { EnrichedFacility } from '@perun-web-apps/perun/openapi';
+import { EnrichedFacility, Group } from '@perun-web-apps/perun/openapi';
 import {
   customDataSourceFilterPredicate,
   customDataSourceSort,
@@ -21,6 +21,8 @@ import { TableWrapperComponent } from '@perun-web-apps/perun/utils';
 })
 export class FacilitiesListComponent implements OnChanges {
   @Input() facilities: EnrichedFacility[];
+  @Input() facilityWithAuthzGroupPairs: Map<number, Group[]>;
+  @Input() authzVoNames: Map<number, string>;
   @Input() recentIds: number[];
   @Input() filterValue: string;
   @Input() tableId: string;

libs/perun/components/src/lib/groups-list/groups-list.component.html

@@ -90,6 +90,16 @@
           {{group.name}}
         </td>
       </ng-container>
+      <ng-container matColumnDef="authzGroup">
+        <th *matHeaderCellDef mat-header-cell mat-sort-header>
+          {{'SHARED_LIB.PERUN.COMPONENTS.GROUPS_LIST.AUTHZ_GROUP' | translate}}
+        </th>
+        <td *matCellDef="let group" mat-cell>
+          {{ groupWithAuthzGroupPairs.has(group.id)
+              ? authzVoNames.get(groupWithAuthzGroupPairs.get(group.id)[0].voId) + ":" + groupWithAuthzGroupPairs.get(group.id)[0].name
+              : ""}}
+        </td>
+      </ng-container>
       <ng-container matColumnDef="status">
         <th *matHeaderCellDef mat-header-cell mat-sort-header>
           {{'SHARED_LIB.PERUN.COMPONENTS.GROUPS_LIST.TABLE_GROUP_STATUS' | translate}}

libs/perun/components/src/lib/groups-list/groups-list.component.ts

@@ -45,6 +45,8 @@ import { GroupUtilsService } from '@perun-web-apps/perun/services';
 export class GroupsListComponent {
   @Input() theme = 'group-theme';
   @Input() selection = new SelectionModel<GroupWithStatus>(true, []);
+  @Input() groupWithAuthzGroupPairs: Map<number, Group[]>;
+  @Input() authzVoNames: Map<number, string>;
   @Input() disableMembers: boolean;
   @Input() disableGroups: boolean;
   @Input() groupsToDisableCheckbox: Set<number> = new Set<number>();