From 6b1b5d1a65aa5382d441475ec372d18611c925f4 Mon Sep 17 00:00:00 2001 From: Thinh Nguyen <117440893+nhthinh-axonivy@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:53:41 +0700 Subject: [PATCH] =?UTF-8?q?feature/IVYPORTAL-18014-UserSetOwnPassword-perm?= =?UTF-8?q?ission-is-ignored-in-P=E2=80=A6=20(#1270)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feature/IVYPORTAL-18014-UserSetOwnPassword-permission-is-ignored-in-Portal-with-Change-password-feature _ adapt to check Permission _ adapt processes _ adapt document --- AxonIvyPortal/portal/cms/cms_de.yaml | 1 + AxonIvyPortal/portal/cms/cms_en.yaml | 1 + AxonIvyPortal/portal/cms/cms_es.yaml | 1 + AxonIvyPortal/portal/cms/cms_fr.yaml | 1 + .../processes/Functional Processes/ChangePassword.p.json | 4 ++++ .../ch/ivy/addon/portal/generic/bean/UserMenuBean.java | 8 +++++++- .../src/ch/ivy/addon/portalkit/util/PermissionUtils.java | 8 ++++++++ .../source/portal-user-guide/portal-header/index.rst | 8 +++++++- 8 files changed, 30 insertions(+), 2 deletions(-) diff --git a/AxonIvyPortal/portal/cms/cms_de.yaml b/AxonIvyPortal/portal/cms/cms_de.yaml index 6e5487adf0c..c99bdacf6a6 100644 --- a/AxonIvyPortal/portal/cms/cms_de.yaml +++ b/AxonIvyPortal/portal/cms/cms_de.yaml @@ -1011,6 +1011,7 @@ ch.ivy.addon.portalkit.ui.jsf: minSpecialCharacterRequired: mindestens {0} Sonderzeichen enthalten minUppercaseCharacterRequired: mindestens {0} Großbuchstaben enthalten newPassword: Neues Passwort + noPermission: Sie haben nicht die erforderlichen Berechtigungen, um das Passwort zu ändern. Bitte wenden Sie sich an Ihren Administrator, um Unterstützung zu erhalten. passwordMust: Das Passwort muss requireConfirmPassword: Wiederholen Sie Ihr Passwort, bitte requireCurrentPassword: Bitte geben Sie Ihr Passwort an diff --git a/AxonIvyPortal/portal/cms/cms_en.yaml b/AxonIvyPortal/portal/cms/cms_en.yaml index 09849801239..86216736f67 100644 --- a/AxonIvyPortal/portal/cms/cms_en.yaml +++ b/AxonIvyPortal/portal/cms/cms_en.yaml @@ -1012,6 +1012,7 @@ ch.ivy.addon.portalkit.ui.jsf: minSpecialCharacterRequired: contain at least {0} special character minUppercaseCharacterRequired: contain at least {0} uppercase character newPassword: New password + noPermission: You do not have the required permissions to change the password. Please contact your administrator for assistance. passwordMust: Password must requireConfirmPassword: Password confirmation was missing requireCurrentPassword: Please specify the current password diff --git a/AxonIvyPortal/portal/cms/cms_es.yaml b/AxonIvyPortal/portal/cms/cms_es.yaml index ae3ef4f43dc..688c257ad85 100644 --- a/AxonIvyPortal/portal/cms/cms_es.yaml +++ b/AxonIvyPortal/portal/cms/cms_es.yaml @@ -1010,6 +1010,7 @@ ch.ivy.addon.portalkit.ui.jsf: minSpecialCharacterRequired: contienen al menos {0} un carácter especial minUppercaseCharacterRequired: contener al menos {0} caracteres en mayúscula newPassword: Nueva contraseña + noPermission: No tienes los permisos necesarios para cambiar la contraseña. Por favor, contacta con tu administrador para obtener ayuda. passwordMust: La contraseña debe requireConfirmPassword: Falta la confirmación de la contraseña requireCurrentPassword: Por favor, especifique la contraseña actual diff --git a/AxonIvyPortal/portal/cms/cms_fr.yaml b/AxonIvyPortal/portal/cms/cms_fr.yaml index 5e0680c0317..aef110b91fc 100644 --- a/AxonIvyPortal/portal/cms/cms_fr.yaml +++ b/AxonIvyPortal/portal/cms/cms_fr.yaml @@ -1007,6 +1007,7 @@ ch.ivy.addon.portalkit.ui.jsf: minSpecialCharacterRequired: contenir au moins {0} caractère spécial minUppercaseCharacterRequired: contenir au moins {0} un caractère majuscule newPassword: Nouveau mot de passe + noPermission: Vous n'avez pas les autorisations nécessaires pour changer le mot de passe. Veuillez contacter votre administrateur pour obtenir de l'aide. passwordMust: Le mot de passe doit requireConfirmPassword: Veuillez confirmer votre mot de passe requireCurrentPassword: Veuillez indiquer votre mot de passe actuel diff --git a/AxonIvyPortal/portal/processes/Functional Processes/ChangePassword.p.json b/AxonIvyPortal/portal/processes/Functional Processes/ChangePassword.p.json index 34f002327e0..36a125247c0 100644 --- a/AxonIvyPortal/portal/processes/Functional Processes/ChangePassword.p.json +++ b/AxonIvyPortal/portal/processes/Functional Processes/ChangePassword.p.json @@ -132,6 +132,7 @@ "config" : { "output" : { "code" : [ + "import ch.ivy.addon.portalkit.util.PermissionUtils;", "import ch.ivy.addon.portalkit.bo.PasswordValidationStatus;", "import ch.ivy.addon.portalkit.service.PasswordCheckingService;", "import com.axonivy.portal.components.enums.ChangePasswordStatus;", @@ -144,6 +145,9 @@ "} else if(!pwValidationStatus.getStatus()){", " in.status = ChangePasswordStatus.FAIL;", " in.message = pwValidationStatus.getMessage();", + "} else if (!PermissionUtils.checkUserSetOwnPasswordPermission()) {", + " in.status = ChangePasswordStatus.FAIL;", + " in.message = ivy.cms.co(\"/ch.ivy.addon.portalkit.ui.jsf/passwordSetting/noPermission\");", "} else {", " in.status = ChangePasswordStatus.OK;", "}" diff --git a/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/UserMenuBean.java b/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/UserMenuBean.java index 602d2ee8aea..08c315e2577 100644 --- a/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/UserMenuBean.java +++ b/AxonIvyPortal/portal/src/ch/ivy/addon/portal/generic/bean/UserMenuBean.java @@ -101,7 +101,13 @@ public boolean isHiddenLogout() { public boolean isHiddenChangePassword() { return loggedByExternalSecuritySystem() - || GlobalSettingService.getInstance().findGlobalSettingValueAsBoolean(GlobalVariable.HIDE_CHANGE_PASSWORD_BUTTON); + || GlobalSettingService.getInstance().findGlobalSettingValueAsBoolean( + GlobalVariable.HIDE_CHANGE_PASSWORD_BUTTON) + || !hasChangePasswordPermission(); + } + + private boolean hasChangePasswordPermission() { + return PermissionUtils.checkUserSetOwnPasswordPermission(); } private boolean loggedByExternalSecuritySystem() { diff --git a/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/util/PermissionUtils.java b/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/util/PermissionUtils.java index 6e50ed8ce4a..8734fcfc99f 100644 --- a/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/util/PermissionUtils.java +++ b/AxonIvyPortal/portal/src/ch/ivy/addon/portalkit/util/PermissionUtils.java @@ -219,4 +219,12 @@ public static boolean hasAtLeastOnePermission(IPermission permission, IPermissio public static boolean checkReadAllWorkflowEventPermission() { return hasPermission(IPermission.WORKFLOW_EVENT_READ_ALL); } + + /** + * Check if current user has permission to set/change their account password + * @return true if current user has permission. + */ + public static boolean checkUserSetOwnPasswordPermission() { + return hasPermission(IPermission.USER_SET_OWN_PASSWORD); + } } \ No newline at end of file diff --git a/Documentation/portal-guide/source/portal-user-guide/portal-header/index.rst b/Documentation/portal-guide/source/portal-user-guide/portal-header/index.rst index d35ffe192c4..02fc04e5861 100644 --- a/Documentation/portal-guide/source/portal-user-guide/portal-header/index.rst +++ b/Documentation/portal-guide/source/portal-user-guide/portal-header/index.rst @@ -111,6 +111,12 @@ The menu entry :guilabel:`Change password` allows you to set a new password. |portal-password-change-dialog| +.. note:: + + Grant permission: :bdg-ref-warning:`🔑UserSetOwnPassword` to allow a user to change their password. + Configure permissions in the :dev-url:`Engine Cockpit + `. In the security area, open PersonalPermissions -> PersonalSecurityPermissions -> UserSetOwnPassword. + Info ---- @@ -183,4 +189,4 @@ You can configure these variables by :ref:`settings-admin-settings`. .. |portal-version-information| image:: ../../screenshots/settings/portal-version-information.png :alt: Version information dialog .. |portal-global-search-result-page| image:: ../../screenshots/search/global-search-result.png - :alt: Global search results page \ No newline at end of file + :alt: Global search results page