Feature/add restricted view (#295)

* Add restricted view * Update changelog
3 years ago · 05b0efef82
22 changed files with 190 additions and 25 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 ## Unreleased

+### Added
+
+- Added an option to hide absolute values like performances and quantities (_Restricted View_)
+
 ### Changed

 - Restructured the allocations page
@ -21,6 +25,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Removed the current net performance
 - Removed the read foreign portfolio permission

+### Todo
+
+- Apply data migration (`yarn database:push`)
+
 ## 1.38.0 - 14.08.2021

 ### Added
--- a/apps/api/src/app/account/account.controller.ts
+++ b/apps/api/src/app/account/account.controller.ts
@ -1,3 +1,4 @@
+import { UserService } from '@ghostfolio/api/app/user/user.service';
 import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper';
 import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';
 import {
@ -33,7 +34,8 @@ export class AccountController {
  public constructor(
    private readonly accountService: AccountService,
    private readonly impersonationService: ImpersonationService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
+    @Inject(REQUEST) private readonly request: RequestWithUser,
+    private readonly userService: UserService
  ) {}

  @Delete(':id')
@ -94,7 +96,10 @@ export class AccountController {
      impersonationUserId || this.request.user.id
    );

-    if (impersonationUserId) {
+    if (
+      impersonationUserId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      accounts = nullifyValuesInObjects(accounts, [
        'balance',
        'fee',
--- a/apps/api/src/app/account/account.module.ts
+++ b/apps/api/src/app/account/account.module.ts
@ -1,4 +1,5 @@
 import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
+import { UserModule } from '@ghostfolio/api/app/user/user.module';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration.module';
 import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
 import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data.module';
@ -16,7 +17,8 @@ import { AccountService } from './account.service';
    ExchangeRateDataModule,
    ImpersonationModule,
    RedisCacheModule,
-    PrismaModule
+    PrismaModule,
+    UserModule
  ],
  controllers: [AccountController],
  providers: [AccountService]
--- a/apps/api/src/app/order/order.controller.ts
+++ b/apps/api/src/app/order/order.controller.ts
@ -1,3 +1,4 @@
+import { UserService } from '@ghostfolio/api/app/user/user.service';
 import { nullifyValuesInObjects } from '@ghostfolio/api/helper/object.helper';
 import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';
 import {
@ -34,7 +35,8 @@ export class OrderController {
  public constructor(
    private readonly impersonationService: ImpersonationService,
    private readonly orderService: OrderService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
+    @Inject(REQUEST) private readonly request: RequestWithUser,
+    private readonly userService: UserService
  ) {}

  @Delete(':id')
@ -88,7 +90,10 @@ export class OrderController {
      where: { userId: impersonationUserId || this.request.user.id }
    });

-    if (impersonationUserId) {
+    if (
+      impersonationUserId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      orders = nullifyValuesInObjects(orders, ['fee', 'quantity', 'unitPrice']);
    }

--- a/apps/api/src/app/order/order.module.ts
+++ b/apps/api/src/app/order/order.module.ts
@ -1,5 +1,6 @@
 import { CacheService } from '@ghostfolio/api/app/cache/cache.service';
 import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
+import { UserModule } from '@ghostfolio/api/app/user/user.module';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration.module';
 import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering.module';
 import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
@ -17,7 +18,8 @@ import { OrderService } from './order.service';
    DataProviderModule,
    ImpersonationModule,
    PrismaModule,
-    RedisCacheModule
+    RedisCacheModule,
+    UserModule
  ],
  controllers: [OrderController],
  providers: [CacheService, OrderService],
--- a/apps/api/src/app/portfolio/portfolio.controller.ts
+++ b/apps/api/src/app/portfolio/portfolio.controller.ts
@ -1,9 +1,9 @@
+import { UserService } from '@ghostfolio/api/app/user/user.service';
 import {
  hasNotDefinedValuesInObject,
  nullifyValuesInObject
 } from '@ghostfolio/api/helper/object.helper';
 import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data.service';
-import { ImpersonationService } from '@ghostfolio/api/services/impersonation.service';
 import {
  PortfolioPerformance,
  PortfolioPosition,
@ -39,9 +39,9 @@ import { PortfolioService } from './portfolio.service';
 export class PortfolioController {
  public constructor(
    private readonly exchangeRateDataService: ExchangeRateDataService,
-    private readonly impersonationService: ImpersonationService,
    private readonly portfolioService: PortfolioService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
+    @Inject(REQUEST) private readonly request: RequestWithUser,
+    private readonly userService: UserService
  ) {}

  @Get('investments')
@ -53,7 +53,10 @@ export class PortfolioController {
      impersonationId
    );

-    if (impersonationId) {
+    if (
+      impersonationId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      const maxInvestment = investments.reduce(
        (investment, item) => Math.max(investment, item.investment),
        1
@ -92,7 +95,10 @@ export class PortfolioController {
      res.status(StatusCodes.ACCEPTED);
    }

-    if (impersonationId) {
+    if (
+      impersonationId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      let maxValue = 0;

      chartData.forEach((portfolioItem) => {
@ -133,7 +139,10 @@ export class PortfolioController {
      res.status(StatusCodes.ACCEPTED);
    }

-    if (impersonationId) {
+    if (
+      impersonationId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      const totalInvestment = Object.values(details)
        .map((portfolioPosition) => {
          return portfolioPosition.investment;
@ -187,7 +196,10 @@ export class PortfolioController {
    }

    let performance = performanceInformation.performance;
-    if (impersonationId) {
+    if (
+      impersonationId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      performance = nullifyValuesInObject(performance, [
        'currentGrossPerformance',
        'currentValue'
@ -213,7 +225,10 @@ export class PortfolioController {
      res.status(StatusCodes.ACCEPTED);
    }

-    if (impersonationId) {
+    if (
+      impersonationId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      result.positions = result.positions.map((position) => {
        return nullifyValuesInObject(position, [
          'grossPerformance',
@ -233,7 +248,10 @@ export class PortfolioController {
  ): Promise<PortfolioSummary> {
    let summary = await this.portfolioService.getSummary(impersonationId);

-    if (impersonationId) {
+    if (
+      impersonationId ||
+      this.userService.isRestrictedView(this.request.user)
+    ) {
      summary = nullifyValuesInObject(summary, [
        'cash',
        'committedFunds',
@ -261,7 +279,10 @@ export class PortfolioController {
    );

    if (position) {
-      if (impersonationId) {
+      if (
+        impersonationId ||
+        this.userService.isRestrictedView(this.request.user)
+      ) {
        position = nullifyValuesInObject(position, [
          'grossPerformance',
          'investment',
--- a/apps/api/src/app/portfolio/portfolio.module.ts
+++ b/apps/api/src/app/portfolio/portfolio.module.ts
@ -1,6 +1,6 @@
 import { AccountService } from '@ghostfolio/api/app/account/account.service';
 import { OrderModule } from '@ghostfolio/api/app/order/order.module';
-import { UserService } from '@ghostfolio/api/app/user/user.service';
+import { UserModule } from '@ghostfolio/api/app/user/user.module';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration.module';
 import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering.module';
 import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
@ -24,7 +24,8 @@ import { RulesService } from './rules.service';
    ExchangeRateDataModule,
    ImpersonationModule,
    OrderModule,
-    PrismaModule
+    PrismaModule,
+    UserModule
  ],
  controllers: [PortfolioController],
  providers: [
@ -33,8 +34,7 @@ import { RulesService } from './rules.service';
    MarketDataService,
    PortfolioService,
    RulesService,
-    SymbolProfileService,
-    UserService
+    SymbolProfileService
  ]
 })
 export class PortfolioModule {}
--- a/apps/api/src/app/user/interfaces/user-settings.interface.ts
+++ b/apps/api/src/app/user/interfaces/user-settings.interface.ts
@ -0,0 +1,3 @@
+export interface UserSettings {
+  isRestrictedView?: boolean;
+}
--- a/apps/api/src/app/user/update-user-setting.dto.ts
+++ b/apps/api/src/app/user/update-user-setting.dto.ts
@ -0,0 +1,6 @@
+import { IsBoolean } from 'class-validator';
+
+export class UpdateUserSettingDto {
+  @IsBoolean()
+  isRestrictedView?: boolean;
+}
--- a/apps/api/src/app/user/user.controller.ts
+++ b/apps/api/src/app/user/user.controller.ts
@ -26,6 +26,8 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';

 import { UserItem } from './interfaces/user-item.interface';
 import { UserSettingsParams } from './interfaces/user-settings-params.interface';
+import { UserSettings } from './interfaces/user-settings.interface';
+import { UpdateUserSettingDto } from './update-user-setting.dto';
 import { UpdateUserSettingsDto } from './update-user-settings.dto';
 import { UserService } from './user.service';

@ -78,6 +80,32 @@ export class UserController {
    };
  }

+  @Put('setting')
+  @UseGuards(AuthGuard('jwt'))
+  public async updateUserSetting(@Body() data: UpdateUserSettingDto) {
+    if (
+      !hasPermission(
+        getPermissions(this.request.user.role),
+        permissions.updateUserSettings
+      )
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.FORBIDDEN),
+        StatusCodes.FORBIDDEN
+      );
+    }
+
+    const userSettings: UserSettings = {
+      ...(<UserSettings>this.request.user.Settings.settings),
+      ...data
+    };
+
+    return await this.userService.updateUserSetting({
+      userSettings,
+      userId: this.request.user.id
+    });
+  }
+
  @Put('settings')
  @UseGuards(AuthGuard('jwt'))
  public async updateUserSettings(@Body() data: UpdateUserSettingsDto) {
--- a/apps/api/src/app/user/user.module.ts
+++ b/apps/api/src/app/user/user.module.ts
@ -14,6 +14,7 @@ import { UserService } from './user.service';
    })
  ],
  controllers: [UserController],
-  providers: [ConfigurationService, PrismaService, UserService]
+  providers: [ConfigurationService, PrismaService, UserService],
+  exports: [UserService]
 })
 export class UserModule {}
--- a/apps/api/src/app/user/user.service.ts
+++ b/apps/api/src/app/user/user.service.ts
@ -9,6 +9,7 @@ import { Currency, Prisma, Provider, User, ViewMode } from '@prisma/client';
 import { isBefore } from 'date-fns';

 import { UserSettingsParams } from './interfaces/user-settings-params.interface';
+import { UserSettings } from './interfaces/user-settings.interface';

 const crypto = require('crypto');

@ -50,6 +51,7 @@ export class UserService {
      }),
      accounts: Account,
      settings: {
+        ...(<UserSettings>Settings.settings),
        locale,
        baseCurrency: Settings?.currency ?? UserService.DEFAULT_CURRENCY,
        viewMode: Settings?.viewMode ?? ViewMode.DEFAULT
@ -57,6 +59,10 @@ export class UserService {
    };
  }

+  public isRestrictedView(aUser: UserWithSettings) {
+    return (aUser.Settings.settings as UserSettings)?.isRestrictedView ?? false;
+  }
+
  public async user(
    userWhereUniqueInput: Prisma.UserWhereUniqueInput
  ): Promise<UserWithSettings | null> {
@ -84,6 +90,7 @@ export class UserService {
      // Set default settings if needed
      userFromDatabase.Settings = {
        currency: UserService.DEFAULT_CURRENCY,
+        settings: null,
        updatedAt: new Date(),
        userId: userFromDatabase?.id,
        viewMode: ViewMode.DEFAULT
@ -219,6 +226,35 @@ export class UserService {
    });
  }

+  public async updateUserSetting({
+    userId,
+    userSettings
+  }: {
+    userId: string;
+    userSettings: UserSettings;
+  }) {
+    const settings = userSettings as Prisma.JsonObject;
+
+    await this.prismaService.settings.upsert({
+      create: {
+        settings,
+        User: {
+          connect: {
+            id: userId
+          }
+        }
+      },
+      update: {
+        settings
+      },
+      where: {
+        userId: userId
+      }
+    });
+
+    return;
+  }
+
  public async updateUserSettings({
    currency,
    userId,
--- a/apps/client/src/app/components/access-table/access-table.component.html
+++ b/apps/client/src/app/components/access-table/access-table.component.html
@ -10,7 +10,7 @@
    <th *matHeaderCellDef class="px-1" i18n mat-header-cell>Type</th>
    <td *matCellDef="let element" class="px-1" mat-cell>
      <ion-icon class="mr-1" name="lock-closed-outline"></ion-icon>
-      Restricted Access
+      Restricted View
    </td></ng-container
  >

--- a/apps/client/src/app/pages/account/account-page.component.ts
+++ b/apps/client/src/app/pages/account/account-page.component.ts
@ -136,6 +136,24 @@ export class AccountPageComponent implements OnDestroy, OnInit {
      });
  }

+  public onRestrictedViewChange(aEvent: MatSlideToggleChange) {
+    this.dataService
+      .putUserSetting({ isRestrictedView: aEvent.checked })
+      .pipe(takeUntil(this.unsubscribeSubject))
+      .subscribe(() => {
+        this.userService.remove();
+
+        this.userService
+          .get()
+          .pipe(takeUntil(this.unsubscribeSubject))
+          .subscribe((user) => {
+            this.user = user;
+
+            this.changeDetectorRef.markForCheck();
+          });
+      });
+  }
+
  public onSignInWithFingerprintChange(aEvent: MatSlideToggleChange) {
    if (aEvent.checked) {
      this.registerDevice();
--- a/apps/client/src/app/pages/account/account-page.html
+++ b/apps/client/src/app/pages/account/account-page.html
@ -50,6 +50,22 @@
              </div>
            </div>
          </div>
+          <div class="align-items-center d-flex mt-4 py-1">
+            <div class="w-50">
+              <div i18n>Restricted View</div>
+              <div class="hint-text text-muted" i18n>
+                Hides absolute values like performances and quantities.
+              </div>
+            </div>
+            <div class="w-50">
+              <mat-slide-toggle
+                color="primary"
+                [checked]="user.settings.isRestrictedView"
+                [disabled]="!hasPermissionToUpdateUserSettings"
+                (change)="onRestrictedViewChange($event)"
+              ></mat-slide-toggle>
+            </div>
+          </div>
          <div class="d-flex mt-4 py-1">
            <form #changeUserSettingsForm="ngForm" class="w-100">
              <div class="d-flex mb-2">
--- a/apps/client/src/app/pages/account/account-page.scss
+++ b/apps/client/src/app/pages/account/account-page.scss
@ -2,6 +2,11 @@
  color: rgb(var(--dark-primary-text));
  display: block;

+  .hint-text {
+    font-size: 90%;
+    line-height: 1.2;
+  }
+
  .mat-form-field {
    ::ng-deep {
      .mat-form-field-wrapper {
--- a/apps/client/src/app/pages/home/home-page.html
+++ b/apps/client/src/app/pages/home/home-page.html
@ -61,7 +61,7 @@
            [isLoading]="isLoadingPerformance"
            [locale]="user?.settings?.locale"
            [performance]="performance"
-            [showDetails]="!hasImpersonationId"
+            [showDetails]="!hasImpersonationId && !user.settings.isRestrictedView"
          ></gf-portfolio-performance>
          <div class="text-center">
            <gf-toggle
--- a/apps/client/src/app/pages/zen/zen-page.html
+++ b/apps/client/src/app/pages/zen/zen-page.html
@ -49,7 +49,7 @@
            [isLoading]="isLoadingPerformance"
            [locale]="user?.settings?.locale"
            [performance]="performance"
-            [showDetails]="!hasImpersonationId"
+            [showDetails]="!hasImpersonationId && !user.settings.isRestrictedView"
          ></gf-portfolio-performance>
        </div>
      </div>
--- a/apps/client/src/app/services/data.service.ts
+++ b/apps/client/src/app/services/data.service.ts
@ -13,6 +13,7 @@ import { PortfolioPositions } from '@ghostfolio/api/app/portfolio/interfaces/por
 import { LookupItem } from '@ghostfolio/api/app/symbol/interfaces/lookup-item.interface';
 import { SymbolItem } from '@ghostfolio/api/app/symbol/interfaces/symbol-item.interface';
 import { UserItem } from '@ghostfolio/api/app/user/interfaces/user-item.interface';
+import { UpdateUserSettingDto } from '@ghostfolio/api/app/user/update-user-setting.dto';
 import { UpdateUserSettingsDto } from '@ghostfolio/api/app/user/update-user-settings.dto';
 import {
  Access,
@ -210,6 +211,10 @@ export class DataService {
    return this.http.put<UserItem>(`/api/order/${aOrder.id}`, aOrder);
  }

+  public putUserSetting(aData: UpdateUserSettingDto) {
+    return this.http.put<User>(`/api/user/setting`, aData);
+  }
+
  public putUserSettings(aData: UpdateUserSettingsDto) {
    return this.http.put<User>(`/api/user/settings`, aData);
  }
--- a/libs/common/src/lib/interfaces/user-settings.interface.ts
+++ b/libs/common/src/lib/interfaces/user-settings.interface.ts
@ -2,6 +2,7 @@ import { Currency, ViewMode } from '@prisma/client';

 export interface UserSettings {
  baseCurrency?: Currency;
+  isRestrictedView?: boolean;
  locale: string;
  viewMode?: ViewMode;
 }
--- a/prisma/migrations/20210815180121_added_settings_to_settings/migration.sql
+++ b/prisma/migrations/20210815180121_added_settings_to_settings/migration.sql
@ -0,0 +1,2 @@
+-- AlterTable
+ALTER TABLE "Settings" ADD COLUMN     "settings" JSONB;
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@ -109,8 +109,9 @@ model Property {

 model Settings {
  currency  Currency?
-  viewMode  ViewMode?
+  settings  Json?
  updatedAt DateTime  @updatedAt
+  viewMode  ViewMode?
  User      User      @relation(fields: [userId], references: [id])
  userId    String    @id
 }