user can issue and revoke for themselves

Author: JinkiJung

package.json

@@ -1,6 +1,6 @@
 {
   "name": "management-portal-clr",
-  "version": "0.6.7",
+  "version": "0.6.8",
   "license": "Apache license 2.0",
   "repository": {
     "type": "git",

src/app/common/mrnUtil.ts

@@ -17,4 +17,8 @@
 export const getMrnPrefixFromOrgMrn = (orgMrn: string): string => {
     const list = orgMrn.split(':');
     return list.slice(0,3).join(':')+':entity:'+list.slice(4,6).join(':')+":";
+}
+
+export const isUserEditingTheirOwnData = (userMrn: string, mrnInToken: string): boolean => {
+    return userMrn === mrnInToken;
 }

src/app/components/item-view/item-view.component.ts

@@ -32,11 +32,12 @@ import { CertificateRevocation } from 'src/app/backend-api/identity-registry';
 import { getReasonOptionFromRevocationReason, ReasonOption } from 'src/app/common/certRevokeInfo';
 import { migrateVesselAttributes } from 'src/app/common/filterObject';
 import { ItemFormComponent } from '../item-form/item-form.component';
-import { getMrnPrefixFromOrgMrn } from 'src/app/common/mrnUtil';
+import { getMrnPrefixFromOrgMrn, isUserEditingTheirOwnData } from 'src/app/common/mrnUtil';
 import { ORG_ADMIN_AT_MIR } from 'src/app/common/variables';
 import { ItemTableComponent } from "../item-table/item-table.component";
 import { InputGeometryComponent } from '../input-geometry/input-geometry.component';
 import { preprocessToShow } from 'src/app/common/itemPreprocessor';
+import { loadLang } from 'src/app/common/translateHelper';
 
 @Component({
   selector: 'app-item-view',
@@ -109,7 +110,7 @@ export class ItemViewComponent {
     private translate: TranslateService,
     private notifier: NotifierService,
     private fileHelper: FileHelperService,
-    authService: AuthService,
+    private authService: AuthService,
     @Inject(LOCALE_ID) public locale: string,
   ) {
     for (const reason in CertificateRevocation.RevocationReasonEnum) {
@@ -119,13 +120,25 @@ export class ItemViewComponent {
     authService.getOrgMrnFromToken().then((orgMrn) => {
       this.orgMrn = orgMrn;
     });
+
+    loadLang(translate);
   }
 
   ngOnChanges(simpleChange: any) {
     if (!simpleChange.item || !simpleChange.item.currentValue)
       return;
 
     this.item = simpleChange.item.currentValue && simpleChange.item.currentValue;
+
+    // give permission when user access their own profile
+    if (this.itemType === ItemType.User && !this.hasEditPermission) {
+      this.authService.getUserMrnFromToken().then((userMrn) => {
+        if (isUserEditingTheirOwnData(this.item.mrn, userMrn)) {
+          this.hasEditPermission = true;
+        }
+      });
+    }
+
     if (this.item && this.itemType === ItemType.Role) {
       this.itemId = this.item.id;
       this.setForm();

src/app/pages/detail-view/detail-view.component.ts

@@ -25,7 +25,7 @@ import { catchError, firstValueFrom, Observable, of, throwError } from 'rxjs';
 import { AuthService } from 'src/app/auth/auth.service';
 import { InstanceDto, XmlDto } from 'src/app/backend-api/service-registry';
 import { ItemType, MCPComponentContext } from 'src/app/common/menuType';
-import { getMrnPrefixFromOrgMrn } from 'src/app/common/mrnUtil';
+import { getMrnPrefixFromOrgMrn, isUserEditingTheirOwnData } from 'src/app/common/mrnUtil';
 import { mustIncludePatternValidator } from 'src/app/common/mustIncludeValidator';
 import { ItemManagerService } from 'src/app/common/shared/item-manager.service';
 import { loadLang } from 'src/app/common/translateHelper';
@@ -103,6 +103,12 @@ export class DetailViewComponent {
 
         this.itemManagerService.fetchMyRolesInOrg(orgMrn).then((roles) => { 
           this.hasEditPermission = this.authService.hasPermission(this.itemType, roles, mcpContext, orgMrn === this.id);
+          // user can't edit their own data
+          // if (this.itemType === ItemType.User && !this.hasEditPermission) {
+          //   this.authService.getUserMrnFromToken().then((mrn) => {
+          //     this.hasEditPermission = isUserEditingTheirOwnData(this.id, mrn);
+          //   });
+          // }
         });
         if (this.isEditing) {
           this.itemManagerService.fetchAllRolesInOrg(orgMrn).then((roles) => {

src/app/pages/list-view/list-view.component.ts

@@ -30,6 +30,7 @@ import { TranslateService } from '@ngx-translate/core';
 import { ORG_ADMIN_AT_MIR } from 'src/app/common/variables';
 import { ItemManagerService } from 'src/app/common/shared/item-manager.service';
 import RoleNameEnum = Role.RoleNameEnum;
+import { isUserEditingTheirOwnData } from 'src/app/common/mrnUtil';
 
 @Component({
   selector: 'app-list-view',
@@ -52,6 +53,7 @@ export class ListViewComponent {
   totalPages = 0;
   totalElements = 0;
   hasEditPermission = false;
+  currentUserMrn = '';
   apiBase = 'ir';
   private readonly notifier: NotifierService;
 
@@ -81,7 +83,11 @@ export class ListViewComponent {
         this.itemManagerService.fetchMyRolesInOrg(this.orgMrn).then((roles: RoleNameEnum[]) => {
           this.hasEditPermission = this.authService.hasPermission(this.itemType, roles, mcpContext);
         });
-        
+
+        // fetch user's own MRN from token and store it
+        // this.authService.getUserMrnFromToken().then((userMrn) => {
+        //   this.currentUserMrn = userMrn;
+        // });
       });
     });
   }
@@ -185,11 +191,17 @@ export class ListViewComponent {
       }
       this.moveToEditPage(selectedItem);
     }
-    if (!this.hasEditPermission) {
-      this.notifier.notify('error', this.translate.instant('error.resource.permissionError'));
-      return ;
-    } 
-    this.moveToEditPage(selectedItem);
+    // user can edit for their own profile
+    // else if (this.itemType === ItemType.User && isUserEditingTheirOwnData(selectedItem.mrn, this.currentUserMrn)) {
+    //   this.moveToEditPage(selectedItem);
+    // } 
+    else {
+      if (!this.hasEditPermission) {
+        this.notifier.notify('error', this.translate.instant('error.resource.permissionError'));
+        return ;
+      } 
+      this.moveToEditPage(selectedItem);
+    }
   }
 
   view = (selectedItem: any) => {