From 87bafab953495d5f9c88bf24c7db15d072e51daa Mon Sep 17 00:00:00 2001
From: August Andersen <aha@iterator-it.dk>
Date: Wed, 18 Sep 2024 11:39:55 +0200
Subject: [PATCH 1/3] added usergroups to user login

---
 .../admin/permission/permission.service.ts    | 35 ++++++++-
 .../users/user-edit/user-edit.component.html  | 19 +++++
 .../users/user-edit/user-edit.component.ts    | 74 ++++++++++++++-----
 src/app/admin/users/user.model.ts             |  1 +
 4 files changed, 110 insertions(+), 19 deletions(-)

diff --git a/src/app/admin/permission/permission.service.ts b/src/app/admin/permission/permission.service.ts
index 83bc2040..a01bcabb 100644
--- a/src/app/admin/permission/permission.service.ts
+++ b/src/app/admin/permission/permission.service.ts
@@ -51,7 +51,8 @@ export class PermissionService {
     orderByColumn?: string,
     orderByDirection?: string,
     userId?: number,
-    organisationId?: number
+    organisationId?: number,
+    ignoreGlobalAdmin?: boolean
   ): Observable<PermissionGetManyResponse> {
     if (userId || organisationId) {
       return this.restService.get(this.endpoint, {
@@ -61,6 +62,7 @@ export class PermissionService {
         sort: orderByDirection,
         userId: userId,
         organisationId: organisationId,
+        ignoreGlobalAdmin: ignoreGlobalAdmin,
       });
     } else {
       return this.restService.get(this.endpoint, {
@@ -68,6 +70,37 @@ export class PermissionService {
         offset: offset,
         orderOn: orderByColumn,
         sort: orderByDirection,
+        ignoreGlobalAdmin: ignoreGlobalAdmin,
+      });
+    }
+  }
+
+  getPermissionsWithoutUsers(
+    limit: number = 1000,
+    offset: number = 0,
+    orderByColumn?: string,
+    orderByDirection?: string,
+    userId?: number,
+    organisationId?: number,
+    ignoreGlobalAdmin?: boolean
+  ): Observable<PermissionGetManyResponse> {
+    if (userId || organisationId) {
+      return this.restService.get(this.endpoint + "/getAllPermissionsWithoutUsers", {
+        limit: limit,
+        offset: offset,
+        orderOn: orderByColumn,
+        sort: orderByDirection,
+        userId: userId,
+        organisationId: organisationId,
+        ignoreGlobalAdmin: ignoreGlobalAdmin,
+      });
+    } else {
+      return this.restService.get(this.endpoint + "/getAllPermissionsWithoutUsers", {
+        limit: limit,
+        offset: offset,
+        orderOn: orderByColumn,
+        sort: orderByDirection,
+        ignoreGlobalAdmin: ignoreGlobalAdmin,
       });
     }
   }
diff --git a/src/app/admin/users/user-edit/user-edit.component.html b/src/app/admin/users/user-edit/user-edit.component.html
index 0ee115ba..8f91eb08 100644
--- a/src/app/admin/users/user-edit/user-edit.component.html
+++ b/src/app/admin/users/user-edit/user-edit.component.html
@@ -77,6 +77,25 @@
       />
     </div>
   </div>
+
+  <div class="row mb-5">
+    <div class="form-group mt-3 col-12">
+      <label class="form-label" for="permissions">{{ "QUESTION.PERMISSION.SELECT-PERMISSION" | translate }}</label
+      >*
+      <mat-select
+        class="form-control"
+        name="permissions"
+        [compareWith]="compare"
+        [(ngModel)]="user.permissionIds"
+        [multiple]="true"
+      >
+        <mat-option *ngFor="let permission of permissions" [value]="permission.id">
+          {{ permission.name }}
+        </mat-option>
+      </mat-select>
+    </div>
+  </div>
+
   <div class="row mb-5">
     <mat-slide-toggle [(ngModel)]="user.active" id="active" name="active">
       {{ "USERS.FORM.ACTIVE" | translate }}</mat-slide-toggle
diff --git a/src/app/admin/users/user-edit/user-edit.component.ts b/src/app/admin/users/user-edit/user-edit.component.ts
index 552df7b5..9eacd38e 100644
--- a/src/app/admin/users/user-edit/user-edit.component.ts
+++ b/src/app/admin/users/user-edit/user-edit.component.ts
@@ -1,25 +1,27 @@
 import { HttpErrorResponse } from "@angular/common/http";
-import { Component, OnInit } from "@angular/core";
-import { UntypedFormGroup } from "@angular/forms";
+import { Component, OnDestroy, OnInit } from "@angular/core";
+import { UntypedFormControl, UntypedFormGroup } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
 import { UserRequest } from "../user.model";
 import { TranslateService } from "@ngx-translate/core";
 import { UserService } from "../user.service";
-import { Subscription } from "rxjs";
+import { Subject, Subscription } from "rxjs";
 import { Location } from "@angular/common";
-import { PermissionType } from "@app/admin/permission/permission.model";
-import { AuthService, CurrentUserInfoResponse } from "@auth/auth.service";
-import { SharedVariableService } from "@shared/shared-variable/shared-variable.service";
+import { PermissionResponse, PermissionType } from "@app/admin/permission/permission.model";
 import { MeService } from "@shared/services/me.service";
 import { OrganizationAccessScope } from "@shared/enums/access-scopes";
+import { PermissionService } from "@app/admin/permission/permission.service";
+import { SharedVariableService } from "@shared/shared-variable/shared-variable.service";
 
 @Component({
   selector: "app-user-edit",
   templateUrl: "./user-edit.component.html",
   styleUrls: ["./user-edit.component.scss"],
 })
-export class UserEditComponent implements OnInit {
-  user = new UserRequest();
+export class UserEditComponent implements OnInit, OnDestroy {
+  public user = new UserRequest();
+  public permissions: PermissionResponse[];
+  public permissionsSubscription: Subscription;
   public errorMessage: string;
   public errorMessages: any;
   public errorFields: string[];
@@ -28,20 +30,22 @@ export class UserEditComponent implements OnInit {
   public backButtonTitle = "";
   public title = "";
   public submitButton = "";
-  id: number;
-  subscription: Subscription;
-  isGlobalAdmin = false;
-  isKombit: boolean;
-  canEdit: boolean;
+  public id: number;
+  public subscription: Subscription;
+  public isGlobalAdmin = false;
+  public isKombit: boolean;
+  public canEdit: boolean;
+  public permissionMultiCtrl: UntypedFormControl = new UntypedFormControl();
+  private _onDestroy = new Subject<void>();
 
   constructor(
     private translate: TranslateService,
     private route: ActivatedRoute,
     private userService: UserService,
     private location: Location,
-    private authService: AuthService,
-    private sharedVariableService: SharedVariableService,
-    private meService: MeService
+    private meService: MeService,
+    private permissionService: PermissionService,
+    private sharedVariableService: SharedVariableService
   ) {}
 
   ngOnInit(): void {
@@ -60,6 +64,7 @@ export class UserEditComponent implements OnInit {
     }
     this.amIGlobalAdmin();
     this.canEdit = this.meService.hasAccessToTargetOrganization(OrganizationAccessScope.UserAdministrationWrite);
+    this.getPermissions(this.sharedVariableService.getUserInfo().user.id);
   }
 
   private getUser(id: number) {
@@ -70,6 +75,8 @@ export class UserEditComponent implements OnInit {
       this.user.active = response.active;
       this.user.globalAdmin = response.permissions.some(perm => perm.name === PermissionType.GlobalAdmin);
       this.isKombit = response.nameId != null;
+      this.user.permissionIds = response.permissions.map(pm => pm.id);
+
       // We cannot set the password.
     });
   }
@@ -80,8 +87,7 @@ export class UserEditComponent implements OnInit {
 
   private create(): void {
     this.userService.post(this.user).subscribe(
-      response => {
-        console.log(response);
+      () => {
         this.routeBack();
       },
       (error: HttpErrorResponse) => {
@@ -132,4 +138,36 @@ export class UserEditComponent implements OnInit {
   routeBack(): void {
     this.location.back();
   }
+
+  public compare(matOptionValue: number, ngModelObject: number): boolean {
+    return matOptionValue === ngModelObject;
+  }
+
+  private getPermissions(userId: number) {
+    this.permissionsSubscription = this.permissionService
+      .getPermissionsWithoutUsers(
+        1000,
+        0,
+        undefined,
+        undefined,
+        this.meService.hasGlobalAdmin() ? undefined : userId,
+        undefined,
+        true
+      )
+      .subscribe(res => {
+        this.permissions = res.data.sort((a, b) => a.name.localeCompare(b.name, "da-DK", { numeric: true }));
+        if (!this.id) {
+          this.permissionMultiCtrl.setValue(this.user.permissionIds);
+        }
+      });
+  }
+
+  ngOnDestroy() {
+    // prevent memory leak by unsubscribing
+    if (this.permissionsSubscription) {
+      this.permissionsSubscription.unsubscribe();
+    }
+    this._onDestroy.next();
+    this._onDestroy.complete();
+  }
 }
diff --git a/src/app/admin/users/user.model.ts b/src/app/admin/users/user.model.ts
index 95c39eaa..d2fb680e 100644
--- a/src/app/admin/users/user.model.ts
+++ b/src/app/admin/users/user.model.ts
@@ -9,6 +9,7 @@ export class UserRequest {
   active: boolean;
   globalAdmin: boolean;
   showWelcomeScreen: boolean;
+  permissionIds: number[]
 }
 
 export interface UserResponse {

From c36e3f9944093b69b936edc47b5d0d396c2cb981 Mon Sep 17 00:00:00 2001
From: August Andersen <aha@iterator-it.dk>
Date: Wed, 18 Sep 2024 14:13:32 +0200
Subject: [PATCH 2/3] update pr action vulnerabilities-scan

---
 .github/workflows/on-push-pr.action.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/on-push-pr.action.yml b/.github/workflows/on-push-pr.action.yml
index 8684ae5a..d8e43c1f 100644
--- a/.github/workflows/on-push-pr.action.yml
+++ b/.github/workflows/on-push-pr.action.yml
@@ -17,12 +17,9 @@ jobs:
   vulnerabilities-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-        name: Checkout repository
-      - uses: debricked/actions/scan@v1
-        name: Run a vulnerability scan
+      - uses: actions/checkout@v4
+      - uses: debricked/actions@v4
         env:
-          # Token must have API access scope to run scans
           DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
   code-build:
     runs-on: ubuntu-latest

From e5f340fe4b4f29c43bb70ad657ed1bf5d4483c40 Mon Sep 17 00:00:00 2001
From: August Andersen <aha@iterator-it.dk>
Date: Wed, 25 Sep 2024 11:27:45 +0200
Subject: [PATCH 3/3] PR changes.

---
 .../admin/permission/permission.service.ts    | 35 ++++---------------
 .../users/user-edit/user-edit.component.html  |  2 +-
 .../users/user-edit/user-edit.component.ts    | 10 +-----
 3 files changed, 9 insertions(+), 38 deletions(-)

diff --git a/src/app/admin/permission/permission.service.ts b/src/app/admin/permission/permission.service.ts
index a01bcabb..04365bc2 100644
--- a/src/app/admin/permission/permission.service.ts
+++ b/src/app/admin/permission/permission.service.ts
@@ -75,34 +75,13 @@ export class PermissionService {
     }
   }
 
-  getPermissionsWithoutUsers(
-    limit: number = 1000,
-    offset: number = 0,
-    orderByColumn?: string,
-    orderByDirection?: string,
-    userId?: number,
-    organisationId?: number,
-    ignoreGlobalAdmin?: boolean
-  ): Observable<PermissionGetManyResponse> {
-    if (userId || organisationId) {
-      return this.restService.get(this.endpoint + "/getAllPermissionsWithoutUsers", {
-        limit: limit,
-        offset: offset,
-        orderOn: orderByColumn,
-        sort: orderByDirection,
-        userId: userId,
-        organisationId: organisationId,
-        ignoreGlobalAdmin: ignoreGlobalAdmin,
-      });
-    } else {
-      return this.restService.get(this.endpoint + "/getAllPermissionsWithoutUsers", {
-        limit: limit,
-        offset: offset,
-        orderOn: orderByColumn,
-        sort: orderByDirection,
-        ignoreGlobalAdmin: ignoreGlobalAdmin,
-      });
-    }
+  getPermissionsWithoutUsers(userId?: number): Observable<PermissionGetManyResponse> {
+    return this.restService.get(this.endpoint + "/getAllPermissionsWithoutUsers", {
+      limit: 1000,
+      offset: 0,
+      userId: userId ?? undefined,
+      ignoreGlobalAdmin: true,
+    });
   }
 
   deletePermission(id: number) {
diff --git a/src/app/admin/users/user-edit/user-edit.component.html b/src/app/admin/users/user-edit/user-edit.component.html
index 8f91eb08..16979aaa 100644
--- a/src/app/admin/users/user-edit/user-edit.component.html
+++ b/src/app/admin/users/user-edit/user-edit.component.html
@@ -80,7 +80,7 @@
 
   <div class="row mb-5">
     <div class="form-group mt-3 col-12">
-      <label class="form-label" for="permissions">{{ "QUESTION.PERMISSION.SELECT-PERMISSION" | translate }}</label
+      <label class="form-label" id="permissions" for="permissions">{{ "QUESTION.PERMISSION.SELECT-PERMISSION" | translate }}</label
       >*
       <mat-select
         class="form-control"
diff --git a/src/app/admin/users/user-edit/user-edit.component.ts b/src/app/admin/users/user-edit/user-edit.component.ts
index 9eacd38e..65a9d256 100644
--- a/src/app/admin/users/user-edit/user-edit.component.ts
+++ b/src/app/admin/users/user-edit/user-edit.component.ts
@@ -145,15 +145,7 @@ export class UserEditComponent implements OnInit, OnDestroy {
 
   private getPermissions(userId: number) {
     this.permissionsSubscription = this.permissionService
-      .getPermissionsWithoutUsers(
-        1000,
-        0,
-        undefined,
-        undefined,
-        this.meService.hasGlobalAdmin() ? undefined : userId,
-        undefined,
-        true
-      )
+      .getPermissionsWithoutUsers(this.meService.hasGlobalAdmin() ? undefined : userId)
       .subscribe(res => {
         this.permissions = res.data.sort((a, b) => a.name.localeCompare(b.name, "da-DK", { numeric: true }));
         if (!this.id) {