feat(admin): attribute operation can be globally critical

* In Perun admin Attribute definition section we can now set attribute as globally critical (critical for all objects).

Author: HejdaJakub

apps/admin-gui/src/app/shared/components/dialogs/create-attribute-definition-dialog/create-attribute-definition-dialog.component.html

@@ -82,7 +82,9 @@ <h1 mat-dialog-title>{{'DIALOGS.CREATE_ATTRIBUTE_DEFINITION.TITLE' | translate}}
 
       <perun-web-apps-attribute-critical-operations-toggles
         (readOperationChanged)="finalReadOperations=$event"
-        (writeOperationChanged)="finalWriteOperations=$event">
+        (readGlobalChanged)="finalReadGlobal=$event"
+        (writeOperationChanged)="finalWriteOperations=$event"
+        (writeGlobalChanged)="finalWriteGlobal=$event">
       </perun-web-apps-attribute-critical-operations-toggles>
 
       <perun-web-apps-attribute-rights-tab-group [collections]="collections">

apps/admin-gui/src/app/shared/components/dialogs/create-attribute-definition-dialog/create-attribute-definition-dialog.component.ts

@@ -66,7 +66,9 @@ export class CreateAttributeDefinitionDialogComponent {
   });
   collections: AttributePolicyCollection[] = [];
   finalReadOperations: boolean;
+  finalReadGlobal = false;
   finalWriteOperations: boolean;
+  finalWriteGlobal = false;
   attDefCreated: AttributeDefinition;
 
   constructor(
@@ -101,6 +103,8 @@ export class CreateAttributeDefinitionDialogComponent {
           this.attributeRightsService.updateAttributeAction(
             this.finalReadOperations,
             false,
+            this.finalReadGlobal,
+            false,
             this.attDefCreated.id,
             AttributeAction.READ
           )
@@ -109,6 +113,8 @@ export class CreateAttributeDefinitionDialogComponent {
           this.attributeRightsService.updateAttributeAction(
             this.finalWriteOperations,
             true, // we want all newly created attributes by default with critical write operations
+            this.finalWriteGlobal,
+            false,
             this.attDefCreated.id,
             AttributeAction.WRITE
           )

apps/admin-gui/src/app/shared/components/dialogs/edit-attribute-definition-dialog/edit-attribute-definition-dialog.component.html

@@ -47,9 +47,13 @@ <h1 mat-dialog-title>{{'DIALOGS.EDIT_ATTRIBUTE_DEFINITION.TITLE' | translate}}</
 
         <perun-web-apps-attribute-critical-operations-toggles
           [readOperation]="initReadOperations"
+          [readGlobal]="initReadGlobal"
           [writeOperation]="initWriteOperations"
+          [writeGlobal]="initWriteGlobal"
           (readOperationChanged)="finalReadOperations=$event"
-          (writeOperationChanged)="finalWriteOperations=$event">
+          (readGlobalChanged)="finalReadGlobal=$event"
+          (writeOperationChanged)="finalWriteOperations=$event"
+          (writeGlobalChanged)="finalWriteGlobal=$event">
         </perun-web-apps-attribute-critical-operations-toggles>
 
         <perun-web-apps-attribute-rights-tab-group

apps/admin-gui/src/app/shared/components/dialogs/edit-attribute-definition-dialog/edit-attribute-definition-dialog.component.ts

@@ -34,9 +34,13 @@ export class EditAttributeDefinitionDialogComponent implements OnInit {
   showKeys = false;
   attDef: AttributeDefinition = this.data.attDef;
   initReadOperations: boolean;
+  initReadGlobal: boolean;
   initWriteOperations: boolean;
+  initWriteGlobal: boolean;
   finalReadOperations: boolean;
+  finalReadGlobal: boolean;
   finalWriteOperations: boolean;
+  finalWriteGlobal: boolean;
   attributeControl: UntypedFormGroup = this.formBuilder.group({
     name: [this.attDef.displayName, Validators.required],
     description: [this.attDef.description, Validators.required],
@@ -64,8 +68,10 @@ export class EditAttributeDefinitionDialogComponent implements OnInit {
     this.dialogRef.addPanelClass('mat-dialog-height-transition');
     this.attributesManager.getAttributeRules(this.attDef.id).subscribe((attrRights) => {
       this.collections$ = new BehaviorSubject(attrRights.attributePolicyCollections);
-      this.initReadOperations = attrRights.criticalActions.includes('READ');
-      this.initWriteOperations = attrRights.criticalActions.includes('WRITE');
+      this.initReadOperations = 'READ' in attrRights.criticalActions;
+      this.initWriteOperations = 'WRITE' in attrRights.criticalActions;
+      this.initReadGlobal = attrRights.criticalActions['READ'] || false;
+      this.initWriteGlobal = attrRights.criticalActions['WRITE'] || false;
       this.loading = false;
     });
   }
@@ -85,6 +91,8 @@ export class EditAttributeDefinitionDialogComponent implements OnInit {
           this.attributeRightsService.updateAttributeAction(
             this.finalReadOperations,
             this.initReadOperations,
+            this.finalReadGlobal,
+            this.initReadGlobal,
             this.attDef.id,
             AttributeAction.READ
           )
@@ -93,6 +101,8 @@ export class EditAttributeDefinitionDialogComponent implements OnInit {
           this.attributeRightsService.updateAttributeAction(
             this.finalWriteOperations,
             this.initWriteOperations,
+            this.finalWriteGlobal,
+            this.initWriteGlobal,
             this.attDef.id,
             AttributeAction.WRITE
           )
@@ -105,7 +115,10 @@ export class EditAttributeDefinitionDialogComponent implements OnInit {
           );
           this.dialogRef.close(true);
         },
-        error: () => (this.loading = false),
+        error: (err) => {
+          this.loading = false;
+          console.error(err);
+        },
       });
   }
 

apps/admin-gui/src/assets/i18n/en.json

@@ -3330,6 +3330,7 @@
         "ATTRIBUTE_CRITICAL_OPERATIONS_TOGGLE": {
           "READ": "READ operations critical",
           "WRITE": "WRITE operations critical",
+          "GLOBAL": "Critical for all objects",
           "INFO": "All operations of the selected type (READ/WRITE) for this attribute will require multi-factor authentication for objects that are marked as critical."
         },
         "DATA_QUOTAS": {

libs/perun/components/src/lib/attribute-critical-operations-toggles/attribute-critical-operations-toggles.component.html

@@ -1,19 +1,37 @@
 <mat-slide-toggle
-  class="toggle-font mb-25"
+  class="toggle-font"
+  [class.mb-25]="!readOperation"
   labelPosition="before"
   data-cy="toggle-read-critical"
   [(ngModel)]="readOperation"
-  (toggleChange)="readOperationChanged.emit(!readOperation)">
+  (toggleChange)="changeReadOperation()">
   {{'SHARED_LIB.PERUN.COMPONENTS.ATTRIBUTE_CRITICAL_OPERATIONS_TOGGLE.READ' | translate}}
 </mat-slide-toggle>
-<br />
+<div *ngIf="readOperation">
+  <mat-checkbox
+    [(ngModel)]="readGlobal"
+    (change)="readGlobalChanged.emit(readGlobal)"
+    class="ms-2 fst-italic">
+    {{'SHARED_LIB.PERUN.COMPONENTS.ATTRIBUTE_CRITICAL_OPERATIONS_TOGGLE.GLOBAL' | translate}}
+  </mat-checkbox>
+</div>
+<br *ngIf="!readOperation" />
 <mat-slide-toggle
-  class="toggle-font mb-25"
+  class="toggle-font"
+  [class.mb-25]="!writeOperation"
   labelPosition="before"
   [(ngModel)]="writeOperation"
-  (toggleChange)="writeOperationChanged.emit(!writeOperation)">
+  (toggleChange)="changeWriteOperation()">
   {{'SHARED_LIB.PERUN.COMPONENTS.ATTRIBUTE_CRITICAL_OPERATIONS_TOGGLE.WRITE' | translate}}
 </mat-slide-toggle>
+<div *ngIf="writeOperation">
+  <mat-checkbox
+    [(ngModel)]="writeGlobal"
+    (change)="writeGlobalChanged.emit(writeGlobal)"
+    class="ms-2 fst-italic">
+    {{'SHARED_LIB.PERUN.COMPONENTS.ATTRIBUTE_CRITICAL_OPERATIONS_TOGGLE.GLOBAL' | translate}}
+  </mat-checkbox>
+</div>
 <perun-web-apps-alert alert_type="info">
   {{'SHARED_LIB.PERUN.COMPONENTS.ATTRIBUTE_CRITICAL_OPERATIONS_TOGGLE.INFO' | translate}}
 </perun-web-apps-alert>

libs/perun/components/src/lib/attribute-critical-operations-toggles/attribute-critical-operations-toggles.component.ts

@@ -7,7 +7,29 @@ import { Component, EventEmitter, Input, Output } from '@angular/core';
 })
 export class AttributeCriticalOperationsTogglesComponent {
   @Input() readOperation = false;
+  @Input() readGlobal = false;
   @Input() writeOperation = true;
+  @Input() writeGlobal = false;
   @Output() readOperationChanged: EventEmitter<boolean> = new EventEmitter<boolean>();
+  @Output() readGlobalChanged: EventEmitter<boolean> = new EventEmitter<boolean>();
   @Output() writeOperationChanged: EventEmitter<boolean> = new EventEmitter<boolean>();
+  @Output() writeGlobalChanged: EventEmitter<boolean> = new EventEmitter<boolean>();
+
+  changeReadOperation(): void {
+    this.readOperationChanged.emit(!this.readOperation);
+    // if the operation is changing from true to false, then we want to change also global criticality to false
+    if (this.readOperation) {
+      this.readGlobal = false;
+      this.readGlobalChanged.emit(this.readGlobal);
+    }
+  }
+
+  changeWriteOperation(): void {
+    this.writeOperationChanged.emit(!this.writeOperation);
+    // if the operation is changing from true to false, then we want to change also global criticality to false
+    if (this.writeOperation) {
+      this.writeGlobal = false;
+      this.writeGlobalChanged.emit(this.writeGlobal);
+    }
+  }
 }

libs/perun/openapi/src/lib/.openapi-generator/FILES

@@ -58,6 +58,9 @@ model/ban.ts
 model/banOnFacility.ts
 model/banOnResource.ts
 model/banOnVo.ts
+model/blockedLogin.ts
+model/blockedLoginsOrderColumn.ts
+model/blockedLoginsPageQuery.ts
 model/brand.ts
 model/candidate.ts
 model/category.ts
@@ -144,6 +147,7 @@ model/inputGetMatchResources.ts
 model/inputGetMembersByUserAttributes.ts
 model/inputGetMessagesPage.ts
 model/inputGetPaginatedApplications.ts
+model/inputGetPaginatedBlockedLogins.ts
 model/inputGetPaginatedGroups.ts
 model/inputGetPaginatedMembers.ts
 model/inputGetPaginatedSubgroups.ts

libs/perun/openapi/src/lib/api/attributesManager.service.ts

@@ -746,30 +746,30 @@ export class AttributesManagerService {
   }
 
   /**
-   * Returns all namespaces in which login can be blocked.
+   * Returns all AttributeDefinitions.
    * @param useNon if set to true sends the request to the backend server as 'non' instead of the usual (oauth, krb...).
    * @param observe set whether or not to return the data Observable as the body, response or events. defaults to returning the body.
    * @param reportProgress flag to report request and response progress.
    */
-  public getAllNamespaces(
+  public getAllAttributeDefinitions(
     useNon?: boolean,
     observe?: 'body',
     reportProgress?: boolean,
     options?: { httpHeaderAccept?: 'application/json'; context?: HttpContext }
-  ): Observable<Array<string>>;
-  public getAllNamespaces(
+  ): Observable<Array<AttributeDefinition>>;
+  public getAllAttributeDefinitions(
     useNon?: boolean,
     observe?: 'response',
     reportProgress?: boolean,
     options?: { httpHeaderAccept?: 'application/json'; context?: HttpContext }
-  ): Observable<HttpResponse<Array<string>>>;
-  public getAllNamespaces(
+  ): Observable<HttpResponse<Array<AttributeDefinition>>>;
+  public getAllAttributeDefinitions(
     useNon?: boolean,
     observe?: 'events',
     reportProgress?: boolean,
     options?: { httpHeaderAccept?: 'application/json'; context?: HttpContext }
-  ): Observable<HttpEvent<Array<string>>>;
-  public getAllNamespaces(
+  ): Observable<HttpEvent<Array<AttributeDefinition>>>;
+  public getAllAttributeDefinitions(
     useNon: boolean = false,
     observe: any = 'body',
     reportProgress: boolean = false,
@@ -816,7 +816,7 @@ export class AttributesManagerService {
       }
     }
 
-    let requestUrl = `${this.configuration.basePath}/json/attributesManager/getAllNamespaces`;
+    let requestUrl = `${this.configuration.basePath}/json/attributesManager/getAttributesDefinition`;
     if (useNon) {
       // replace the authentication part of url with 'non' authentication
       let helperUrl = new URL(requestUrl);
@@ -825,7 +825,7 @@ export class AttributesManagerService {
       helperUrl.pathname = path.join('/');
       requestUrl = helperUrl.toString();
     }
-    return this.httpClient.get<Array<string>>(requestUrl, {
+    return this.httpClient.get<Array<AttributeDefinition>>(requestUrl, {
       context: localVarHttpContext,
       responseType: <any>responseType_,
       withCredentials: this.configuration.withCredentials,
@@ -836,30 +836,30 @@ export class AttributesManagerService {
   }
 
   /**
-   * Returns all AttributeDefinitions.
+   * Returns list of all possible namespaces.
    * @param useNon if set to true sends the request to the backend server as 'non' instead of the usual (oauth, krb...).
    * @param observe set whether or not to return the data Observable as the body, response or events. defaults to returning the body.
    * @param reportProgress flag to report request and response progress.
    */
-  public getAllAttributeDefinitions(
+  public getAllNamespaces(
     useNon?: boolean,
     observe?: 'body',
     reportProgress?: boolean,
     options?: { httpHeaderAccept?: 'application/json'; context?: HttpContext }
-  ): Observable<Array<AttributeDefinition>>;
-  public getAllAttributeDefinitions(
+  ): Observable<Array<string>>;
+  public getAllNamespaces(
     useNon?: boolean,
     observe?: 'response',
     reportProgress?: boolean,
     options?: { httpHeaderAccept?: 'application/json'; context?: HttpContext }
-  ): Observable<HttpResponse<Array<AttributeDefinition>>>;
-  public getAllAttributeDefinitions(
+  ): Observable<HttpResponse<Array<string>>>;
+  public getAllNamespaces(
     useNon?: boolean,
     observe?: 'events',
     reportProgress?: boolean,
     options?: { httpHeaderAccept?: 'application/json'; context?: HttpContext }
-  ): Observable<HttpEvent<Array<AttributeDefinition>>>;
-  public getAllAttributeDefinitions(
+  ): Observable<HttpEvent<Array<string>>>;
+  public getAllNamespaces(
     useNon: boolean = false,
     observe: any = 'body',
     reportProgress: boolean = false,
@@ -906,7 +906,7 @@ export class AttributesManagerService {
       }
     }
 
-    let requestUrl = `${this.configuration.basePath}/json/attributesManager/getAttributesDefinition`;
+    let requestUrl = `${this.configuration.basePath}/json/attributesManager/getAllNamespaces`;
     if (useNon) {
       // replace the authentication part of url with 'non' authentication
       let helperUrl = new URL(requestUrl);
@@ -915,7 +915,7 @@ export class AttributesManagerService {
       helperUrl.pathname = path.join('/');
       requestUrl = helperUrl.toString();
     }
-    return this.httpClient.get<Array<AttributeDefinition>>(requestUrl, {
+    return this.httpClient.get<Array<string>>(requestUrl, {
       context: localVarHttpContext,
       responseType: <any>responseType_,
       withCredentials: this.configuration.withCredentials,
@@ -16790,6 +16790,7 @@ export class AttributesManagerService {
    * @param attributeDefinition id of AttributeDefinition
    * @param action
    * @param critical if action should be marked as critical
+   * @param global if action should be globally critical (for all objects)
    * @param useNon if set to true sends the request to the backend server as 'non' instead of the usual (oauth, krb...).
    * @param observe set whether or not to return the data Observable as the body, response or events. defaults to returning the body.
    * @param reportProgress flag to report request and response progress.
@@ -16798,6 +16799,7 @@ export class AttributesManagerService {
     attributeDefinition: number,
     action: AttributeAction,
     critical: boolean,
+    global?: boolean,
     useNon?: boolean,
     observe?: 'body',
     reportProgress?: boolean,
@@ -16807,6 +16809,7 @@ export class AttributesManagerService {
     attributeDefinition: number,
     action: AttributeAction,
     critical: boolean,
+    global?: boolean,
     useNon?: boolean,
     observe?: 'response',
     reportProgress?: boolean,
@@ -16816,6 +16819,7 @@ export class AttributesManagerService {
     attributeDefinition: number,
     action: AttributeAction,
     critical: boolean,
+    global?: boolean,
     useNon?: boolean,
     observe?: 'events',
     reportProgress?: boolean,
@@ -16825,6 +16829,7 @@ export class AttributesManagerService {
     attributeDefinition: number,
     action: AttributeAction,
     critical: boolean,
+    global?: boolean,
     useNon: boolean = false,
     observe: any = 'body',
     reportProgress: boolean = false,
@@ -16868,6 +16873,13 @@ export class AttributesManagerService {
         'critical'
       );
     }
+    if (global !== undefined && global !== null) {
+      localVarQueryParameters = this.addToHttpParams(
+        localVarQueryParameters,
+        <any>global,
+        'global'
+      );
+    }
 
     let localVarHeaders = this.defaultHeaders;