Refactoring

apps/api/src/app/user/user.controller.ts

@@ -54,7 +54,7 @@ export class UserController {
   public async deleteOwnUser(
     @Body() data: DeleteOwnUserDto
   ): Promise<UserModel> {
-    const user = await this.validateOwnAccessToken(
+    const user = await this.validateAccessToken(
       data.accessToken,
       this.request.user.id
     );
@@ -95,7 +95,7 @@ export class UserController {
   public async updateOwnAccessToken(
     @Body() data: UpdateOwnAccessTokenDto
   ): Promise<AccessTokenResponse> {
-    const user = await this.validateOwnAccessToken(
+    const user = await this.validateAccessToken(
       data.accessToken,
       this.request.user.id
     );
@@ -183,7 +183,23 @@ export class UserController {
     });
   }
 
-  private async validateOwnAccessToken(
+  private async rotateUserAccessToken(
+    userId: string
+  ): Promise<AccessTokenResponse> {
+    const { accessToken, hashedAccessToken } =
+      this.userService.generateAccessToken({
+        userId
+      });
+
+    await this.prismaService.user.update({
+      data: { accessToken: hashedAccessToken },
+      where: { id: userId }
+    });
+
+    return { accessToken };
+  }
+
+  private async validateAccessToken(
     accessToken: string,
     userId: string
   ): Promise<UserModel> {
@@ -205,20 +221,4 @@ export class UserController {
 
     return user;
   }
-
-  private async rotateUserAccessToken(
-    userId: string
-  ): Promise<AccessTokenResponse> {
-    const { accessToken, hashedAccessToken } =
-      this.userService.generateAccessToken({
-        userId
-      });
-
-    await this.prismaService.user.update({
-      data: { accessToken: hashedAccessToken },
-      where: { id: userId }
-    });
-
-    return { accessToken };
-  }
 }

apps/api/src/app/user/user.service.ts

@@ -354,6 +354,11 @@ export class UserService {
 
     let currentPermissions = getPermissions(user.role);
 
+    if (user.provider === 'ANONYMOUS') {
+      currentPermissions.push(permissions.deleteOwnUser);
+      currentPermissions.push(permissions.updateOwnAccessToken);
+    }
+
     if (!(user.Settings.settings as UserSettings).isExperimentalFeatures) {
       // currentPermissions = without(
       //   currentPermissions,

apps/client/src/app/components/user-account-access/user-account-access.component.ts

@@ -1,4 +1,6 @@
 import { CreateAccessDto } from '@ghostfolio/api/app/access/create-access.dto';
+import { ConfirmationDialogType } from '@ghostfolio/client/core/notification/confirmation-dialog/confirmation-dialog.type';
+import { NotificationService } from '@ghostfolio/client/core/notification/notification.service';
 import { DataService } from '@ghostfolio/client/services/data.service';
 import { TokenStorageService } from '@ghostfolio/client/services/token-storage.service';
 import { UserService } from '@ghostfolio/client/services/user/user.service';
@@ -19,8 +21,6 @@ import { DeviceDetectorService } from 'ngx-device-detector';
 import { EMPTY, Subject } from 'rxjs';
 import { catchError, takeUntil } from 'rxjs/operators';
 
-import { ConfirmationDialogType } from '../../core/notification/confirmation-dialog/confirmation-dialog.type';
-import { NotificationService } from '../../core/notification/notification.service';
 import { CreateOrUpdateAccessDialog } from './create-or-update-access-dialog/create-or-update-access-dialog.component';
 
 @Component({
@@ -37,6 +37,7 @@ export class UserAccountAccessComponent implements OnDestroy, OnInit {
   public deviceType: string;
   public hasPermissionToCreateAccess: boolean;
   public hasPermissionToDeleteAccess: boolean;
+  public hasPermissionToUpdateOwnAccessToken: boolean;
   public isAccessTokenHidden = true;
   public updateOwnAccessTokenForm = this.formBuilder.group({
     accessToken: ['', Validators.required]
@@ -80,6 +81,11 @@ export class UserAccountAccessComponent implements OnDestroy, OnInit {
             permissions.deleteAccess
           );
 
+          this.hasPermissionToUpdateOwnAccessToken = hasPermission(
+            this.user.permissions,
+            permissions.updateOwnAccessToken
+          );
+
           this.changeDetectorRef.markForCheck();
         }
       });

apps/client/src/app/components/user-account-access/user-account-access.html

@@ -1,50 +1,53 @@
-<form
-  class="w-100 mb-3"
-  [formGroup]="updateOwnAccessTokenForm"
-  (ngSubmit)="onGenerateAccessToken()"
->
+@if (hasPermissionToUpdateOwnAccessToken) {
   <div class="container">
-    <h1 class="d-flex align-items-center justify-content-center h3 mb-3" i18n>
-      Security Token
-    </h1>
-    <div class="d-flex align-items-center justify-content-center">
-      <mat-form-field
-        appearance="outline"
-        class="without-hint w-50"
-        [hideRequiredMarker]="true"
-      >
-        <mat-label i18n>Security Token</mat-label>
-        <input
-          formControlName="accessToken"
-          matInput
-          [type]="isAccessTokenHidden ? 'password' : 'text'"
-        />
-        <button
-          mat-button
-          matSuffix
-          type="button"
-          (click)="isAccessTokenHidden = !isAccessTokenHidden"
+    <h1 class="h3 mb-3 text-center" i18n>Security Token</h1>
+    <form
+      class="w-100"
+      [formGroup]="updateOwnAccessTokenForm"
+      (ngSubmit)="onGenerateAccessToken()"
+    >
+      <div class="align-items-center d-flex justify-content-center mb-5">
+        <mat-form-field
+          appearance="outline"
+          class="without-hint w-50"
+          [hideRequiredMarker]="true"
         >
-          <ion-icon
-            [name]="isAccessTokenHidden ? 'eye-outline' : 'eye-off-outline'"
+          <mat-label i18n>Security Token</mat-label>
+          <input
+            formControlName="accessToken"
+            matInput
+            [type]="isAccessTokenHidden ? 'password' : 'text'"
           />
-        </button>
-      </mat-form-field>
-      <div class="pl-2">
-        <button
-          color="warn"
-          mat-flat-button
-          type="submit"
-          [disabled]="
-            !(updateOwnAccessTokenForm.dirty && updateOwnAccessTokenForm.valid)
-          "
-        >
-          <span i18n>Generate</span>
-        </button>
+          <button
+            mat-button
+            matSuffix
+            type="button"
+            (click)="isAccessTokenHidden = !isAccessTokenHidden"
+          >
+            <ion-icon
+              [name]="isAccessTokenHidden ? 'eye-outline' : 'eye-off-outline'"
+            />
+          </button>
+        </mat-form-field>
+        <div class="pl-2">
+          <button
+            color="warn"
+            mat-flat-button
+            type="submit"
+            [disabled]="
+              !(
+                updateOwnAccessTokenForm.dirty && updateOwnAccessTokenForm.valid
+              )
+            "
+          >
+            <span i18n>Generate</span>
+          </button>
+        </div>
       </div>
-    </div>
+    </form>
   </div>
-</form>
+}
+
 <div class="container">
   @if (accessesGet.length > 0) {
     <h1 class="h3 mb-3 text-center" i18n>Received Access</h1>

libs/common/src/lib/permissions.ts

@@ -82,7 +82,6 @@ export function getPermissions(aRole: Role): string[] {
         permissions.deleteAccount,
         permissions.deleteAuthDevice,
         permissions.deleteOrder,
-        permissions.deleteOwnUser,
         permissions.deletePlatform,
         permissions.deleteTag,
         permissions.deleteUser,
@@ -128,7 +127,6 @@ export function getPermissions(aRole: Role): string[] {
         permissions.deleteAccountBalance,
         permissions.deleteAuthDevice,
         permissions.deleteOrder,
-        permissions.deleteOwnUser,
         permissions.deleteWatchlistItem,
         permissions.readAiPrompt,
         permissions.readMarketDataOfOwnAssetProfile,
@@ -137,7 +135,6 @@ export function getPermissions(aRole: Role): string[] {
         permissions.updateAuthDevice,
         permissions.updateMarketDataOfOwnAssetProfile,
         permissions.updateOrder,
-        permissions.updateOwnAccessToken,
         permissions.updateUserSettings,
         permissions.updateViewMode
       ];