[ YC-805 ] Revise roles and permissions scheme

- added new roles - reworked permission schemes - improved creation of carriers - improved creation of fulfilment centres - change access to JAM sections, so that each role shows relevant section in JAM (cherry picked from commit 8e0ccbe)
inspire-software · Aug 31, 2017 · 83997bc · 83997bc
1 parent 1ee133f
commit 83997bc
Show file tree

Hide file tree

Showing 52 changed files with 644 additions and 254 deletions.
diff --git a/core-dto/src/main/java/org/yes/cart/service/dto/impl/ManagementServiceImpl.java b/core-dto/src/main/java/org/yes/cart/service/dto/impl/ManagementServiceImpl.java
@@ -294,8 +294,11 @@ public void deleteRole(final String role) {
      * {@inheritDoc}
      */
     @CacheEvict(value = {
-            "shopFederationStrategy-admin"
-    }, key = "#userId")
+            "shopFederationStrategy-admin",
+            "shopFederationStrategy-shop",
+            "shopFederationStrategy-shopId",
+            "shopFederationStrategy-shopCode",
+    }, allEntries = true)
     public void grantRole(final String userId, final String role) {
         final Role roleEntity = roleDao.findSingleByCriteria(Restrictions.eq(CODE, role));
         final Manager manager = managerService.findSingleByCriteria(Restrictions.eq(EMAIL, userId));
@@ -311,8 +314,11 @@ public void grantRole(final String userId, final String role) {
      * {@inheritDoc}
      */
     @CacheEvict(value = {
-            "shopFederationStrategy-admin"
-    }, key = "#userId")
+            "shopFederationStrategy-admin",
+            "shopFederationStrategy-shop",
+            "shopFederationStrategy-shopId",
+            "shopFederationStrategy-shopCode",
+    }, allEntries = true)
     public void revokeRole(final String userId, final String role) {
         final List<ManagerRole> managerRole = managerRoleDao.findByCriteria(
                 Restrictions.eq(CODE, role),
@@ -399,10 +405,11 @@ private void fillShopsDTOs(final List<ShopDTO> result, final Collection<Shop> sh
      * {@inheritDoc}
      */
     @CacheEvict(value = {
+            "shopFederationStrategy-admin",
             "shopFederationStrategy-shop",
             "shopFederationStrategy-shopId",
-            "shopFederationStrategy-shopCode"
-    }, key = "#userId")
+            "shopFederationStrategy-shopCode",
+    }, allEntries = true)
     public void grantShop(final String userId, final String shopCode) {
         final Manager manager = managerService.findSingleByCriteria(Restrictions.eq(EMAIL, userId));
         final Collection<ManagerShop> assigned = manager.getShops();
@@ -425,10 +432,11 @@ public void grantShop(final String userId, final String shopCode) {
      * {@inheritDoc}
      */
     @CacheEvict(value = {
+            "shopFederationStrategy-admin",
             "shopFederationStrategy-shop",
             "shopFederationStrategy-shopId",
-            "shopFederationStrategy-shopCode"
-    }, key = "#userId")
+            "shopFederationStrategy-shopCode",
+    }, allEntries = true)
     public void revokeShop(final String userId, final String shopCode) {
         final Manager manager = managerService.findSingleByCriteria(Restrictions.eq(EMAIL, userId));
         final Iterator<ManagerShop> assigned = manager.getShops().iterator();

diff --git a/domain-api/src/main/java/org/yes/cart/domain/dto/RoleDTO.java b/domain-api/src/main/java/org/yes/cart/domain/dto/RoleDTO.java
@@ -55,7 +55,7 @@ public interface RoleDTO extends Identifiable {
     void setCode(String code);
 
     /**
-     * Get role desription
+     * Get role description
      *
      * @return role description
      */

diff --git a/env/setup/dbi/initdata.sql b/env/setup/dbi/initdata.sql
@@ -1450,13 +1450,27 @@ INSERT INTO TCATEGORYATTRVALUE(ATTRVALUE_ID, CODE,VAL, CATEGORY_ID, GUID) VALUES
 ',10012,'12105_CAV');
 
 
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (1, 'ROLE_SMADMIN',         'ROLE_SMADMIN', 'System admin');
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (2, 'ROLE_SMSHOPADMIN',     'ROLE_SMSHOPADMIN', 'Shop manager');
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (3, 'ROLE_SMWAREHOUSEADMIN','ROLE_SMWAREHOUSEADMIN', 'Inventory manager');
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (4, 'ROLE_SMCALLCENTER',    'ROLE_SMCALLCENTER', 'Call centre operator');
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (5, 'ROLE_SMCONTENTADMIN',  'ROLE_SMCONTENTADMIN', 'Content manager');
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (6, 'ROLE_SMMARKETINGADMIN', 'ROLE_SMMARKETINGADMIN', 'Marketing manager');
-INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (7, 'ROLE_SMSHIPPINGADMIN',  'ROLE_SMSHIPPINGADMIN', 'Shipping manager');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (1, 'ROLE_SMADMIN',         'ROLE_SMADMIN', 'System admin (super user)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (2, 'ROLE_SMSHOPADMIN',     'ROLE_SMSHOPADMIN', 'Shop manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (200, 'ROLE_SMSHOPUSER',     'ROLE_SMSHOPUSER', 'Shop user (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (201, 'ROLE_SMSUBSHOPUSER',     'ROLE_SMSUBSHOPUSER', 'Sub-shop manager (limited access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (3, 'ROLE_SMWAREHOUSEADMIN','ROLE_SMWAREHOUSEADMIN', 'Inventory manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (300, 'ROLE_SMWAREHOUSEUSER','ROLE_SMWAREHOUSEUSER', 'Inventory user (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (4, 'ROLE_SMCALLCENTER',    'ROLE_SMCALLCENTER', 'Call centre operator (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (400, 'ROLE_SMCALLCENTERCUSTOMER',    'ROLE_SMCALLCENTERCUSTOMER', 'Call centre customer manager (customer access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (401, 'ROLE_SMCALLCENTERORDERAPPROVE',    'ROLE_SMCALLCENTERORDERAPPROVE', 'Call centre order manager (approve orders)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (402, 'ROLE_SMCALLCENTERORDERCONFIRM',    'ROLE_SMCALLCENTERORDERCONFIRM', 'Call centre order manager (confirm payments)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (403, 'ROLE_SMCALLCENTERORDERPROCESS',    'ROLE_SMCALLCENTERORDERPROCESS', 'Call centre order manager (progress orders)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (5, 'ROLE_SMCONTENTADMIN',  'ROLE_SMCONTENTADMIN', 'Content manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (500, 'ROLE_SMCONTENTUSER',  'ROLE_SMCONTENTUSER', 'Content user (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (6, 'ROLE_SMMARKETINGADMIN', 'ROLE_SMMARKETINGADMIN', 'Marketing manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (600, 'ROLE_SMMARKETINGUSER', 'ROLE_SMMARKETINGUSER', 'Marketing user (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (7, 'ROLE_SMSHIPPINGADMIN',  'ROLE_SMSHIPPINGADMIN', 'Shipping manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (700, 'ROLE_SMSHIPPINGUSER',  'ROLE_SMSHIPPINGUSER', 'Shipping user (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (8, 'ROLE_SMCATALOGADMIN',  'ROLE_SMCATALOGADMIN', 'Catalog manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (800, 'ROLE_SMCATALOGUSER',  'ROLE_SMCATALOGUSER', 'Catalog user (read access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (9, 'ROLE_SMPIMADMIN',  'ROLE_SMPIMADMIN', 'PIM manager (full access)');
+INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (900, 'ROLE_SMPIMUSER',  'ROLE_SMPIMUSER', 'PIM user (read access)');
 INSERT INTO TROLE (ROLE_ID, GUID, CODE, DESCRIPTION) VALUES (999, 'ROLE_LICENSEAGREED',  'ROLE_LICENSEAGREED', 'User agreed to license');
 
 -- default admin password 1234567

diff --git a/...rc/main/typescript/src/client/app/+fulfilment/components/fulfilment-centre.component.html b/...rc/main/typescript/src/client/app/+fulfilment/components/fulfilment-centre.component.html
@@ -81,36 +81,20 @@
 
       <tab heading="{{ 'TAB_SHOPS' | translate }}"  (select)="tabSelected('Shops')">
 
-        <template [ngIf]="!(centre.warehouseId > 0)">
-
-          <div class="row">
-            <div class="col-xs-12 block-padding-spacer">
-              <div class="bg-info text-padding">
-                <p>{{ 'SAVEDOBJECT_REQUIRED' | translate }}</p>
-              </div>
-            </div>
+        <div class="row">
+          <div class="col-md-6 col-lg-5">
+            <h3>{{ 'ASSIGNED' | translate }}</h3>
+              <span *ngFor="let supported of supportedShops">
+                <a class="btn js-click" (click)=onSupportedShopClick(supported)><span [ngClass]="supported.second.disabled ? 'text-strikethrough text-muted' : '' ">{{supported.first.name}} ( {{supported.first.code}} ) </span> <i class="fa fa-remove"></i></a>
+              </span>
           </div>
-
-        </template>
-
-        <template [ngIf]="centre.warehouseId > 0">
-
-          <div class="row">
-            <div class="col-md-6 col-lg-5">
-              <h3>{{ 'ASSIGNED' | translate }}</h3>
-                <span *ngFor="let supported of supportedShops">
-                  <a class="btn js-click" (click)=onSupportedShopClick(supported)><span [ngClass]="supported.second.disabled ? 'text-strikethrough text-muted' : '' ">{{supported.first.name}} ( {{supported.first.code}} ) </span> <i class="fa fa-remove"></i></a>
-                </span>
-            </div>
-            <div class="col-md-6 col-lg-5">
-              <h3>{{ 'AVAILABLE' | translate }}</h3>
-                <span *ngFor="let available of availableShops">
-                  <a class="btn js-click" (click)=onAvailableShopClick(available)>{{available.first.name}} ( {{available.first.code}} ) <i class="fa fa-plus"></i></a>
-                </span>
-            </div>
+          <div class="col-md-6 col-lg-5">
+            <h3>{{ 'AVAILABLE' | translate }}</h3>
+              <span *ngFor="let available of availableShops">
+                <a class="btn js-click" (click)=onAvailableShopClick(available)>{{available.first.name}} ( {{available.first.code}} ) <i class="fa fa-plus"></i></a>
+              </span>
           </div>
-
-        </template>
+        </div>
 
       </tab>
 

diff --git a/.../src/main/typescript/src/client/app/+fulfilment/components/fulfilment-centre.component.ts b/.../src/main/typescript/src/client/app/+fulfilment/components/fulfilment-centre.component.ts
@@ -173,7 +173,7 @@ export class FulfilmentCentreComponent implements OnInit, OnDestroy {
 
 
   private recalculateShops():void {
-    if (this._centre && this._centre.warehouseId > 0) {
+    if (this._centre) {
       this.availableShops = this.getAvailableShopNames();
       this.supportedShops = this.getSupportedShopNames();
     } else {

diff --git a/...client/src/main/typescript/src/client/app/+organisation/components/manager.component.html b/...client/src/main/typescript/src/client/app/+organisation/components/manager.component.html
@@ -73,13 +73,13 @@ <h3>{{ 'AVAILABLE' | translate }}</h3>
             <div class="col-md-6 col-lg-5">
               <h3>{{ 'ASSIGNED' | translate }}</h3>
                 <span *ngFor="let supported of supportedRoles">
-                  <a class="btn js-click" (click)=onSupportedRoleClick(supported)>{{supported.first.code}} <i class="fa fa-remove"></i></a>
+                  <a class="btn js-click" (click)=onSupportedRoleClick(supported) title="{{supported.first.code}}">{{supported.first.description}} <i class="fa fa-remove"></i></a>
                 </span>
             </div>
             <div class="col-md-6 col-lg-5">
               <h3>{{ 'AVAILABLE' | translate }}</h3>
                 <span *ngFor="let available of availableRoles">
-                  <a class="btn js-click" (click)=onAvailableRoleClick(available)>{{available.first.code}} <i class="fa fa-plus"></i></a>
+                  <a class="btn js-click" (click)=onAvailableRoleClick(available) title="{{available.first.code}}">{{available.first.description}} <i class="fa fa-plus"></i></a>
                 </span>
             </div>
           </div>

diff --git a/...m-jsclient/src/main/typescript/src/client/app/+shipping/components/carrier.component.html b/...m-jsclient/src/main/typescript/src/client/app/+shipping/components/carrier.component.html
@@ -31,36 +31,20 @@
 
       <tab heading="{{ 'TAB_SHOPS' | translate }}"  (select)="tabSelected('Shops')">
 
-        <template [ngIf]="!(carrier.carrierId > 0)">
-
-          <div class="row">
-            <div class="col-xs-12 block-padding-spacer">
-              <div class="bg-info text-padding">
-                <p>{{ 'SAVEDOBJECT_REQUIRED' | translate }}</p>
-              </div>
-            </div>
+        <div class="row">
+          <div class="col-md-6 col-lg-5">
+            <h3>{{ 'ASSIGNED' | translate }}</h3>
+              <span *ngFor="let supported of supportedShops">
+                <a class="btn js-click" (click)=onSupportedShopClick(supported)><span [ngClass]="supported.second.disabled ? 'text-strikethrough text-muted' : '' ">{{supported.first.name}} ( {{supported.first.code}} ) </span> <i class="fa fa-remove"></i></a>
+              </span>
           </div>
-
-        </template>
-
-        <template [ngIf]="carrier.carrierId > 0">
-
-          <div class="row">
-            <div class="col-md-6 col-lg-5">
-              <h3>{{ 'ASSIGNED' | translate }}</h3>
-                <span *ngFor="let supported of supportedShops">
-                  <a class="btn js-click" (click)=onSupportedShopClick(supported)><span [ngClass]="supported.second.disabled ? 'text-strikethrough text-muted' : '' ">{{supported.first.name}} ( {{supported.first.code}} ) </span> <i class="fa fa-remove"></i></a>
-                </span>
-            </div>
-            <div class="col-md-6 col-lg-5">
-              <h3>{{ 'AVAILABLE' | translate }}</h3>
-                <span *ngFor="let available of availableShops">
-                  <a class="btn js-click" (click)=onAvailableShopClick(available)>{{available.first.name}} ( {{available.first.code}} ) <i class="fa fa-plus"></i></a>
-                </span>
-            </div>
+          <div class="col-md-6 col-lg-5">
+            <h3>{{ 'AVAILABLE' | translate }}</h3>
+              <span *ngFor="let available of availableShops">
+                <a class="btn js-click" (click)=onAvailableShopClick(available)>{{available.first.name}} ( {{available.first.code}} ) <i class="fa fa-plus"></i></a>
+              </span>
           </div>
-
-        </template>
+        </div>
 
       </tab>
 

diff --git a/...jam-jsclient/src/main/typescript/src/client/app/+shipping/components/carrier.component.ts b/...jam-jsclient/src/main/typescript/src/client/app/+shipping/components/carrier.component.ts
@@ -143,7 +143,7 @@ export class CarrierComponent implements OnInit, OnDestroy {
 
 
   private recalculateShops():void {
-    if (this._carrier && this._carrier.carrierId > 0) {
+    if (this._carrier) {
       this.availableShops = this.getAvailableShopNames();
       this.supportedShops = this.getSupportedShopNames();
     } else {

diff --git a/manager/jam-jsclient/src/main/typescript/src/client/app/app.component.ts b/manager/jam-jsclient/src/main/typescript/src/client/app/app.component.ts
@@ -2,7 +2,7 @@ import { Component, OnDestroy, Inject } from '@angular/core';
 import { Config } from './shared/index';
 import './operators';
 
-import { ShopEventBus, ErrorEventBus, I18nEventBus, WindowMessageEventBus, UserEventBus, ValidationService, ManagementService } from './shared/services/index';
+import { ShopEventBus, ErrorEventBus, I18nEventBus, WindowMessageEventBus, UserEventBus, ValidationService, ManagementService, ShopService } from './shared/services/index';
 import { YcValidators } from './shared/validation/validators';
 import { CookieUtil } from './shared/cookies/index';
 import { LogUtil } from './shared/log/index';
@@ -31,6 +31,7 @@ export class AppComponent implements OnDestroy {
               @Inject(UserEventBus)          _userEventBus:UserEventBus,
               @Inject(ValidationService)     _validationService:ValidationService,
               @Inject(ManagementService)     _managementService:ManagementService,
+              @Inject(ShopService)           _shopService:ShopService,
               translate: TranslateService) {
     LogUtil.debug('Environment config', Config);
 
@@ -68,6 +69,13 @@ export class AppComponent implements OnDestroy {
         _sub2.unsubscribe();
       });
 
+      var _sub3:any = _shopService.getAllShops().subscribe( allshops => {
+        LogUtil.debug('Loading user shops', allshops);
+        ShopEventBus.getShopEventBus().emitAll(allshops);
+        _sub3.unsubscribe();
+      });
+
+
     });
 
   }

diff --git a/manager/jam-jsclient/src/main/typescript/src/client/app/shared/model/manager.model.ts b/manager/jam-jsclient/src/main/typescript/src/client/app/shared/model/manager.model.ts
@@ -66,6 +66,6 @@ export interface UserVO {
 
   manager: ManagerVO;
   name: string;
-  ui: string;
+  ui: any;
 
 }
diff --git a/...ger/jam-jsclient/src/main/typescript/src/client/app/shared/services/management.service.ts b/...ger/jam-jsclient/src/main/typescript/src/client/app/shared/services/management.service.ts
@@ -85,14 +85,72 @@ export class ManagementService {
    *
    * @return ui name
    */
-  getUserInterface(manager:ManagerVO):string {
-    let ui = 'ADMIN';
+  getUserInterface(manager:ManagerVO):any {
+    let ui = {
+      'CCC': false,
+      'PIM': false,
+      'CMS': false,
+      'MRK': false,
+      'INV': false,
+      'REP': false,
+      'SHP': false,
+      'SHO': false,
+      'ORG': false,
+      'SYS': false
+    };
     manager.managerRoles.forEach(role => {
-       if ('ROLE_SMCALLCENTER' == role.code) {
-         ui = 'CC';
-       } else if ('ROLE_SMADMIN' == role.code) {
-         ui = 'SYSADMIN';
-       }
+      switch (role.code) {
+        case 'ROLE_SMADMIN':
+        case 'ROLE_SMSHOPADMIN':
+          ui.CCC = true;
+          ui.PIM = true;
+          ui.CMS = true;
+          ui.MRK = true;
+          ui.INV = true;
+          ui.REP = true;
+          ui.SHP = true;
+          ui.SHO = true;
+          ui.ORG = true;
+          ui.SYS = true;
+          break;
+        case 'ROLE_SMSUBSHOPUSER':
+          ui.CCC = true;
+          ui.SHO = true;
+          break;
+        case 'ROLE_SMSHOPUSER':
+          ui.SHO = true;
+          break;
+        case 'ROLE_SMWAREHOUSEADMIN':
+        case 'ROLE_SMWAREHOUSEUSER':
+          ui.INV = true;
+          break;
+        case 'ROLE_SMCALLCENTER':
+        case 'ROLE_SMCALLCENTERCUSTOMER':
+        case 'ROLE_SMCALLCENTERORDERAPPROVE':
+        case 'ROLE_SMCALLCENTERORDERCONFIRM':
+        case 'ROLE_SMCALLCENTERORDERPROCESS':
+          ui.CCC = true;
+          break;
+        case 'ROLE_SMCONTENTADMIN':
+        case 'ROLE_SMCONTENTUSER':
+          ui.CMS = true;
+          break;
+        case 'ROLE_SMMARKETINGADMIN':
+        case 'ROLE_SMMARKETINGUSER':
+          ui.MRK = true;
+          break;
+        case 'ROLE_SMSHIPPINGADMIN':
+        case 'ROLE_SMSHIPPINGUSER':
+          ui.SHP = true;
+          break;
+        case 'ROLE_SMCATALOGADMIN':
+        case 'ROLE_SMCATALOGUSER':
+        case 'ROLE_SMPIMADMIN':
+        case 'ROLE_SMPIMUSER':
+          ui.PIM = true;
+          break;
+
+      }
     });
     return ui;
   }

diff --git a/manager/jam-jsclient/src/main/typescript/src/client/app/shared/shop/shop-select.component.ts b/manager/jam-jsclient/src/main/typescript/src/client/app/shared/shop/shop-select.component.ts
@@ -68,6 +68,9 @@ export class ShopSelectComponent implements OnInit, OnDestroy {
 
   ngOnInit() {
     LogUtil.debug('ShopListComponent ngOnInit');
+    if (this.shops == null) {
+      this.shops = ShopEventBus.getShopEventBus().currentAll();
+    }
     if (this.shops == null) {
       this.getAllShops();
     }