diff --git a/apps/api/src/app/user/user.controller.ts b/apps/api/src/app/user/user.controller.ts index b3eeafc6d..7190060ff 100644 --- a/apps/api/src/app/user/user.controller.ts +++ b/apps/api/src/app/user/user.controller.ts @@ -54,7 +54,7 @@ export class UserController { public async deleteOwnUser( @Body() data: DeleteOwnUserDto ): Promise { - const user = await this.validateOwnAccessToken( + const user = await this.validateAccessToken( data.accessToken, this.request.user.id ); @@ -95,7 +95,7 @@ export class UserController { public async updateOwnAccessToken( @Body() data: UpdateOwnAccessTokenDto ): Promise { - const user = await this.validateOwnAccessToken( + const user = await this.validateAccessToken( data.accessToken, this.request.user.id ); @@ -183,7 +183,23 @@ export class UserController { }); } - private async validateOwnAccessToken( + private async rotateUserAccessToken( + userId: string + ): Promise { + const { accessToken, hashedAccessToken } = + this.userService.generateAccessToken({ + userId + }); + + await this.prismaService.user.update({ + data: { accessToken: hashedAccessToken }, + where: { id: userId } + }); + + return { accessToken }; + } + + private async validateAccessToken( accessToken: string, userId: string ): Promise { @@ -205,20 +221,4 @@ export class UserController { return user; } - - private async rotateUserAccessToken( - userId: string - ): Promise { - const { accessToken, hashedAccessToken } = - this.userService.generateAccessToken({ - userId - }); - - await this.prismaService.user.update({ - data: { accessToken: hashedAccessToken }, - where: { id: userId } - }); - - return { accessToken }; - } } diff --git a/apps/api/src/app/user/user.service.ts b/apps/api/src/app/user/user.service.ts index a229e36c4..0ca3fda33 100644 --- a/apps/api/src/app/user/user.service.ts +++ b/apps/api/src/app/user/user.service.ts @@ -354,6 +354,11 @@ export class UserService { let currentPermissions = getPermissions(user.role); + if (user.provider === 'ANONYMOUS') { + currentPermissions.push(permissions.deleteOwnUser); + currentPermissions.push(permissions.updateOwnAccessToken); + } + if (!(user.Settings.settings as UserSettings).isExperimentalFeatures) { // currentPermissions = without( // currentPermissions, diff --git a/apps/client/src/app/components/user-account-access/user-account-access.component.ts b/apps/client/src/app/components/user-account-access/user-account-access.component.ts index fbd643aac..285f7a603 100644 --- a/apps/client/src/app/components/user-account-access/user-account-access.component.ts +++ b/apps/client/src/app/components/user-account-access/user-account-access.component.ts @@ -1,4 +1,6 @@ import { CreateAccessDto } from '@ghostfolio/api/app/access/create-access.dto'; +import { ConfirmationDialogType } from '@ghostfolio/client/core/notification/confirmation-dialog/confirmation-dialog.type'; +import { NotificationService } from '@ghostfolio/client/core/notification/notification.service'; import { DataService } from '@ghostfolio/client/services/data.service'; import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service'; import { UserService } from '@ghostfolio/client/services/user/user.service'; @@ -19,8 +21,6 @@ import { DeviceDetectorService } from 'ngx-device-detector'; import { EMPTY, Subject } from 'rxjs'; import { catchError, takeUntil } from 'rxjs/operators'; -import { ConfirmationDialogType } from '../../core/notification/confirmation-dialog/confirmation-dialog.type'; -import { NotificationService } from '../../core/notification/notification.service'; import { CreateOrUpdateAccessDialog } from './create-or-update-access-dialog/create-or-update-access-dialog.component'; @Component({ @@ -37,6 +37,7 @@ export class UserAccountAccessComponent implements OnDestroy, OnInit { public deviceType: string; public hasPermissionToCreateAccess: boolean; public hasPermissionToDeleteAccess: boolean; + public hasPermissionToUpdateOwnAccessToken: boolean; public isAccessTokenHidden = true; public updateOwnAccessTokenForm = this.formBuilder.group({ accessToken: ['', Validators.required] @@ -80,6 +81,11 @@ export class UserAccountAccessComponent implements OnDestroy, OnInit { permissions.deleteAccess ); + this.hasPermissionToUpdateOwnAccessToken = hasPermission( + this.user.permissions, + permissions.updateOwnAccessToken + ); + this.changeDetectorRef.markForCheck(); } }); diff --git a/apps/client/src/app/components/user-account-access/user-account-access.html b/apps/client/src/app/components/user-account-access/user-account-access.html index 4d42dafde..2979fd6fa 100644 --- a/apps/client/src/app/components/user-account-access/user-account-access.html +++ b/apps/client/src/app/components/user-account-access/user-account-access.html @@ -1,50 +1,53 @@ -
+@if (hasPermissionToUpdateOwnAccessToken) {
-

- Security Token -

-
- - Security Token - - - -
- + + +
+ +
-
+
- +} +
@if (accessesGet.length > 0) {

Received Access

diff --git a/libs/common/src/lib/permissions.ts b/libs/common/src/lib/permissions.ts index 765332d3d..1ad0bd760 100644 --- a/libs/common/src/lib/permissions.ts +++ b/libs/common/src/lib/permissions.ts @@ -82,7 +82,6 @@ export function getPermissions(aRole: Role): string[] { permissions.deleteAccount, permissions.deleteAuthDevice, permissions.deleteOrder, - permissions.deleteOwnUser, permissions.deletePlatform, permissions.deleteTag, permissions.deleteUser, @@ -128,7 +127,6 @@ export function getPermissions(aRole: Role): string[] { permissions.deleteAccountBalance, permissions.deleteAuthDevice, permissions.deleteOrder, - permissions.deleteOwnUser, permissions.deleteWatchlistItem, permissions.readAiPrompt, permissions.readMarketDataOfOwnAssetProfile, @@ -137,7 +135,6 @@ export function getPermissions(aRole: Role): string[] { permissions.updateAuthDevice, permissions.updateMarketDataOfOwnAssetProfile, permissions.updateOrder, - permissions.updateOwnAccessToken, permissions.updateUserSettings, permissions.updateViewMode ];