Release/4.4.x

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-management-ui",
-  "version": "4.3.3",
+  "version": "4.4.16",
   "scripts": {
     "start": "ng serve",
     "build": "ng build",

src/app/app.module.ts

@@ -1,5 +1,5 @@
 import {HTTP_INTERCEPTORS, HttpClientModule} from '@angular/common/http';
-import {APP_INITIALIZER, CUSTOM_ELEMENTS_SCHEMA, LOCALE_ID, NgModule} from '@angular/core';
+import {APP_INITIALIZER, CUSTOM_ELEMENTS_SCHEMA, Inject, LOCALE_ID, NgModule} from '@angular/core';
 import {BrowserModule} from '@angular/platform-browser';
 import {BrowserAnimationsModule} from '@angular/platform-browser/animations';
 import {MatTooltipModule} from '@angular/material/tooltip';
@@ -79,10 +79,11 @@ export class AppModule {
 	constructor(
 		private readonly config: ObMasterLayoutConfig,
 		meta: ObDocumentMetaService,
-		interceptor: ObHttpApiInterceptorConfig
+		interceptor: ObHttpApiInterceptorConfig,
+		@Inject('HOST') private readonly managementServiceHost: string
 	) {
 		ObLanguageService.locales.en = 'en-GB';
-		interceptor.api.url = '/v1';
+		interceptor.api.url = `${managementServiceHost}/api/v1`;
 		interceptor.api.notification.active = false;
 		meta.titleSuffix = 'application.title';
 		config.homePageRoute = '/dashboard';

src/app/auth/auth.service.spec.ts

@@ -3,14 +3,16 @@ import {of, ReplaySubject} from 'rxjs';
 import {Claims, OauthService} from './oauth.service';
 import {AuthFunction, AuthService} from './auth.service';
 import {ApiService} from 'shared/api.service';
+import {DataRoomCode} from "shared/model";
 import SpyInstance = jest.SpyInstance;
 
 describe('AuthService', () => {
 	let service: AuthService;
 	let apiService: ApiService;
 	let oauthService: OauthService;
 
-	let nextSpy: SpyInstance;
+	let authorizedFunctionsNextSpy: SpyInstance;
+	let authorizedDataRoomsNextSpy: SpyInstance;
 
 	const authFunctionsMock: AuthFunction[] = [AuthFunction.MAIN, AuthFunction.CERTIFICATE_REVOCATION];
 	let claimsMock: Claims;
@@ -40,7 +42,9 @@ describe('AuthService', () => {
 
 	beforeEach(() => {
 		// @ts-ignore
-		nextSpy = jest.spyOn(service.authorizedFunctions, 'next');
+		authorizedFunctionsNextSpy = jest.spyOn(service.authorizedFunctions, 'next');
+		// @ts-ignore
+		authorizedDataRoomsNextSpy = jest.spyOn(service.authorizedDataRooms, 'next');
 		claimsMock = {userroles: [AuthFunction.MAIN, AuthFunction.CERTIFICATE_REVOCATION]} as Claims;
 	});
 
@@ -54,6 +58,12 @@ describe('AuthService', () => {
 		});
 	});
 
+	describe('authorizedDataRooms$', () => {
+		it('should be defined', () => {
+			expect(service.authorizedDataRooms$).toBeDefined();
+		});
+	});
+
 	describe('hasAuthorizationFor$', () => {
 		it.each<[AuthFunction, AuthFunction[], boolean]>([
 			[AuthFunction.MAIN, [AuthFunction.MAIN], true],
@@ -64,9 +74,9 @@ describe('AuthService', () => {
 			[AuthFunction.MAIN, [AuthFunction.BULK_OPERATIONS, AuthFunction.CERTIFICATE_REVOCATION], false],
 			['MAIN' as AuthFunction, [AuthFunction.MAIN], false],
 			['' as AuthFunction, [], false]
-			// @ts-ignore
 		])(
 			'when neededIdentifier is %s, and current AuthFunctions are %s, should emit  %s',
+			// @ts-ignore
 			(neededIdentifier, currentAuthFunctions, expected, done) => {
 				service.hasAuthorizationFor$(neededIdentifier).subscribe(received => {
 					expect(received).toBe(expected);
@@ -81,23 +91,166 @@ describe('AuthService', () => {
 
 	describe('oauthService.claims$', () => {
 		beforeEach(() => {
-			nextSpy.mockReset();
+			authorizedFunctionsNextSpy.mockReset();
 		});
 
-		it.each<[Claims | null, AuthFunction[]]>([
-			[null, null],
-			[{} as Claims, null],
-			[{userroles: null} as Claims, null],
-			[{userroles: []} as Claims, null],
-			[{userroles: ['not', 'empty']} as Claims, authFunctionsMock]
-		])('when claims is %s, should call next with %s', (claims, expected) => {
-			oauthServiceClaims.next(claims);
-			if (expected) {
-				// @ts-ignore
-				expect(nextSpy).toHaveBeenCalledWith(expected);
-			} else {
-				expect(nextSpy).not.toHaveBeenCalled();
-			}
-		});
+		describe('authorizedFunctions', () => {
+			it.each<[Claims | null, AuthFunction[]]>([
+				[null, null],
+				[{} as Claims, null],
+				[{userroles: null} as Claims, null],
+				[{userroles: []} as Claims, null],
+				[{userroles: ['not', 'empty']} as Claims, authFunctionsMock]
+			])('when claims is %s, should call next with %s', (claims, expected) => {
+				oauthServiceClaims.next(claims);
+				if (expected) {
+					// @ts-ignore
+					expect(authorizedFunctionsNextSpy).toHaveBeenCalledWith(expected);
+				} else {
+					expect(authorizedFunctionsNextSpy).not.toHaveBeenCalled();
+				}
+			})
+		})
+
+		describe('authorizedDataRooms', () => {
+			it.each<[Claims | null, DataRoomCode[]]>([
+				[null, []],
+				[{} as Claims, []],
+				[{userroles: null} as Claims, []],
+				[{userroles: {}} as Claims, []],
+				[{
+					userroles: []
+				} as Claims, []],
+				[{
+					userroles: [
+						"bag-cc-dr_bs",
+						"bag-cc-dr_sh",
+						"bag-cc-covid_app_manager",
+						"bag-cc-vacccert_creator",
+						"bag-cc-dr_sg",
+						"bag-cc-dr_lu",
+						"bag-cc-dr_nw",
+						"bag-cc-rep_user_stats",
+						"bag-cc-dr_bl",
+						"bag-cc-dr_bv_intern",
+						"bag-cc-dr_ju",
+						"bag-cc-dr_fr",
+						"bag-cc-recoverycert_antibody_creator",
+						"bag-cc-rep_user_agg",
+						"bag-cc-recoverycert_creator",
+						"bag-cc-rep_user_detail",
+						"bag-cc-dr_be",
+						"bag-cc-recoverycert_rat_creator",
+						"offline_access",
+						"default-roles-bag-covidcertificate",
+						"bag-cc-vacccert_tourist_creator",
+						"bag-cc-dr_ne",
+						"uma_authorization",
+						"bag-cc-web_ui_revocator",
+						"bag-cc-dr_vs",
+						"bag-cc-dr_ar",
+						"bag-cc-dr_ti",
+						"bag-cc-dr_tg",
+						"bag-cc-web_ui_user",
+						"bag-cc-dr_sz",
+						"bag-cc-dr_ai",
+						"bag-cc-dr_ow",
+						"bag-cc-testccert_creator",
+						"bag-cc-dr_zg",
+						"bag-cc-bulkcert_manager",
+						"bag-cc-dr_vd",
+						"bag-cc-dr_zh",
+						"bag-cc-dr_armee",
+						"bag-cc-dr_gr",
+						"bag-cc-dr_gl",
+						"bag-cc-dr_ag",
+						"bag-cc-dr_ur",
+						"bag-cc-api_gw_user",
+						"bag-cc-dr_ge",
+						"bag-cc-exceptcert_creator",
+						"bag-cc-dr_so"
+					]
+				} as Claims, [
+					DataRoomCode.BS,
+					DataRoomCode.SH,
+					DataRoomCode.SG,
+					DataRoomCode.LU,
+					DataRoomCode.NW,
+					DataRoomCode.BL,
+					DataRoomCode.BV_INTERN,
+					DataRoomCode.JU,
+					DataRoomCode.FR,
+					DataRoomCode.BE,
+					DataRoomCode.NE,
+					DataRoomCode.VS,
+					DataRoomCode.AR,
+					DataRoomCode.TI,
+					DataRoomCode.TG,
+					DataRoomCode.SZ,
+					DataRoomCode.AI,
+					DataRoomCode.OW,
+					DataRoomCode.ZG,
+					DataRoomCode.VD,
+					DataRoomCode.ZH,
+					DataRoomCode.ARMEE,
+					DataRoomCode.GR,
+					DataRoomCode.GL,
+					DataRoomCode.AG,
+					DataRoomCode.UR,
+					DataRoomCode.GE,
+					DataRoomCode.SO,
+				]],
+				[{
+					userroles: [
+						"bag-cc-dr_be",
+						"bag-cc-recoverycert_rat_creator",
+						"offline_access",
+						"default-roles-bag-covidcertificate",
+						"bag-cc-vacccert_tourist_creator",
+						"bag-cc-dr_ne",
+						"uma_authorization",
+						"bag-cc-web_ui_revocator",
+						"bag-cc-dr_ow",
+						"bag-cc-testccert_creator",
+						"bag-cc-dr_zg",
+						"bag-cc-bulkcert_manager",
+						"bag-cc-dr_vd",
+						"bag-cc-dr_zh",
+						"bag-cc-dr_armee",
+						"bag-cc-dr_gr",
+						"bag-cc-dr_gl",
+						"bag-cc-dr_ag",
+						"bag-cc-dr_ur",
+						"bag-cc-api_gw_user",
+						"bag-cc-dr_ge",
+						"bag-cc-exceptcert_creator",
+						"bag-cc-dr_so"
+					]
+				} as Claims, [
+					DataRoomCode.BE,
+					DataRoomCode.NE,
+					DataRoomCode.OW,
+					DataRoomCode.ZG,
+					DataRoomCode.VD,
+					DataRoomCode.ZH,
+					DataRoomCode.ARMEE,
+					DataRoomCode.GR,
+					DataRoomCode.GL,
+					DataRoomCode.AG,
+					DataRoomCode.UR,
+					DataRoomCode.GE,
+					DataRoomCode.SO,
+				]],
+			])('when claims is %s, should call next with %s', (claims, expected) => {
+				oauthServiceClaims.next(claims);
+				if (expected) {
+					// @ts-ignore
+					expect(authorizedDataRoomsNextSpy).toHaveBeenCalledWith(expected);
+				} else {
+					expect(authorizedDataRoomsNextSpy).not.toHaveBeenCalled();
+				}
+			})
+		})
+
 	});
 });

src/app/auth/auth.service.ts

@@ -4,6 +4,7 @@ import {Claims, OauthService} from './oauth.service';
 import {Observable, of, ReplaySubject, Subscription} from 'rxjs';
 import {map, switchMap} from 'rxjs/operators';
 import {HttpParams} from '@angular/common/http';
+import {DataRoomCode} from "shared/model";
 
 export enum AuthFunction {
 	// Navigation
@@ -51,20 +52,29 @@ export enum AuthFunction {
 })
 export class AuthService implements OnDestroy {
 	public authorizedFunctions$: Observable<AuthFunction[]>;
+	public authorizedDataRooms$: Observable<DataRoomCode[]>;
 	private authorizedFunctions: ReplaySubject<AuthFunction[]> = new ReplaySubject<AuthFunction[]>(1);
+	private authorizedDataRooms: ReplaySubject<DataRoomCode[]> = new ReplaySubject<DataRoomCode[]>(1);
 	private claimsSubscription: Subscription;
 
 	private readonly URL: string = 'authorization/current/web-ui';
 
 	constructor(private http: ApiService, private oauthService: OauthService) {
 		this.authorizedFunctions$ = this.authorizedFunctions.asObservable();
-		this.claimsSubscription = oauthService.claims$
-			.pipe(switchMap(claims => this.getAuthorizedFunctions(claims)))
+		this.authorizedDataRooms$ = this.authorizedDataRooms.asObservable();
+		this.claimsSubscription = oauthService.claims$.subscribe(claims => {
+			this.emitAuthorizedDataRooms(claims)
+		})
+
+		this.claimsSubscription.add(oauthService.claims$
+			.pipe(
+				switchMap(claims => this.getAuthorizedFunctions(claims)),
+			)
 			.subscribe(authorizedFunctions => {
 				if (authorizedFunctions != null) {
 					this.authorizedFunctions.next(authorizedFunctions);
 				}
-			});
+			}));
 	}
 
 	ngOnDestroy(): void {
@@ -95,4 +105,21 @@ export class AuthService implements OnDestroy {
 			return of(null);
 		}
 	}
+
+	private emitAuthorizedDataRooms(claims: Claims): void {
+		if (claims?.userroles?.length) {
+			const authorizedDataRooms: DataRoomCode[] = []
+			for (const role of claims.userroles) {
+				Object.keys(DataRoomCode).forEach(code => {
+					const lowerCaseCode = code.toLocaleLowerCase()
+					if (role.endsWith(`bag-cc-dr_${lowerCaseCode}`)) {
+						authorizedDataRooms.push(DataRoomCode[code])
+					}
+				})
+			}
+			this.authorizedDataRooms.next(authorizedDataRooms);
+		} else {
+			this.authorizedDataRooms.next([]);
+		}
+	}
 }

src/app/auth/oauth.service.ts

@@ -23,6 +23,9 @@ export interface Claims {
 	sub: string;
 	typ: string;
 	allowedOrigins: string[];
+	realm_access: {
+		roles: string[]
+	}
 	userroles: string[];
 	resourceAccess: {
 		account: {

src/app/report/errorStateMatcher.ts

@@ -0,0 +1,14 @@
+import {InjectionToken} from "@angular/core";
+import {ErrorStateMatcher} from "@angular/material/core";
+import {FormControl} from "@angular/forms";
+
+export const REPORT_ERROR_STATE_MATCHER = new InjectionToken<ErrorStateMatcher>('ReportErrorStateMatcher')
+
+/** Use custom error state matcher for inputs in mat-form-field, otherwise switching between report types results
+ * in inputs being shown as invalid initially. */
+export class ReportErrorStateMatcher implements ErrorStateMatcher {
+	isErrorState(control: FormControl | null): boolean {
+		return !!(control && control.invalid && control.touched);
+	}
+}
+

src/app/report/report-generation/report-generation.component.spec.ts

@@ -5,6 +5,7 @@ import {SharedModule} from 'shared/shared.module';
 import {ReportGenerationComponent} from './report-generation.component';
 import {MatHorizontalStepper} from '@angular/material/stepper';
 import {HttpClientTestingModule} from '@angular/common/http/testing';
+import {TranslateModule} from "@ngx-translate/core";
 
 describe('ReportGenerationComponent', () => {
 	let component: ReportGenerationComponent;
@@ -16,7 +17,7 @@ describe('ReportGenerationComponent', () => {
 
 	beforeEach(async () => {
 		await TestBed.configureTestingModule({
-			imports: [ObliqueTestingModule, SharedModule, HttpClientTestingModule],
+			imports: [ObliqueTestingModule, SharedModule, HttpClientTestingModule, TranslateModule],
 			providers: [
 				{
 					provide: MatHorizontalStepper,