feat(console): set primary domain, fix org create permission (#688)

* feat: set primary domain, fix org perm

* lint

console/src/app/app-routing.module.ts

@@ -84,7 +84,7 @@ const routes: Routes = [
                     .then(m => m.UserGrantCreateModule),
                 canActivate: [RoleGuard],
                 data: {
-                    roles: ['project.user.grant.write'],
+                    roles: ['user.grant.write'],
                 },
             },
         ],

console/src/app/app.component.html

@@ -28,7 +28,7 @@
                     {{temporg?.name ? temporg.name : 'NO NAME'}}
                 </button>
 
-                <ng-template appHasRole [appHasRole]="['(org.create)?(iam.write)?']">
+                <ng-template appHasRole [appHasRole]="['org.create','iam.write']">
                     <button mat-menu-item [routerLink]="[ '/org/create' ]">
                         <mat-icon class="avatar">add</mat-icon>
                         {{'MENU.NEWORG' | translate}}

console/src/app/pages/orgs/org-detail/org-detail.component.html

@@ -13,6 +13,8 @@
 
                     <i matTooltip="verified" *ngIf="domain.verified" class="verified las la-check-circle"></i>
                     <i matTooltip="primary" *ngIf="domain.primary" class="primary las la-star"></i>
+                    <a *ngIf="!domain.primary" class="primaryset"
+                        (click)="setPrimary(domain)">{{'ORG.DOMAINS.SETPRIMARY' | translate}}</a>
 
                     <span class="fill-space"></span>
                     <button [disabled]="(canwrite$ | async) == false" matTooltip="Remove domain" color="warn"

console/src/app/pages/orgs/org-detail/org-detail.component.scss

@@ -25,6 +25,15 @@
     }
   }
 
+  .primaryset {
+    font-size: 13px;
+    cursor: pointer;
+
+    &:hover {
+      text-decoration: underline;
+    }
+  }
+
   .verified,
   .primary {
     color: #5282c1;

console/src/app/pages/orgs/org-detail/org-detail.component.ts

@@ -84,6 +84,15 @@ export class OrgDetailComponent implements OnInit, OnDestroy {
         });
     }
 
+    public setPrimary(domain: OrgDomainView.AsObject): void {
+        this.mgmtService.setMyPrimaryOrgDomain(domain.domain).then(() => {
+            this.toast.showInfo('ORG.TOAST.SETPRIMARY', true);
+            this.getData();
+        }).catch((error) => {
+            this.toast.showError(error);
+        });
+    }
+
     public changeState(event: MatButtonToggleChange | any): void {
         if (event.value === OrgState.ORGSTATE_ACTIVE) {
             this.mgmtService.ReactivateMyOrg().then(() => {

console/src/app/services/grpc-auth.service.ts

@@ -128,6 +128,10 @@ export class GrpcAuthService {
         });
     }
 
+    /**
+     * returns true if user has one of the provided roles
+     * @param roles roles of the user
+     */
     public isAllowed(roles: string[] | RegExp[]): Observable<boolean> {
         if (roles && roles.length > 0) {
             return this.zitadelPermissions.pipe(switchMap(zroles => {
@@ -138,6 +142,11 @@ export class GrpcAuthService {
         }
     }
 
+    /**
+     * returns true if user has one of the provided roles
+     * @param userRoles roles of the user
+     * @param requestedRoles required roles for accessing the respective component
+     */
     public hasRoles(userRoles: string[], requestedRoles: string[] | RegExp[]): boolean {
         return requestedRoles.findIndex((regexp: any) => {
             return userRoles.findIndex(role => {

console/src/app/services/mgmt.service.ts

@@ -63,6 +63,7 @@ import {
     PasswordLockoutPolicyID,
     PasswordLockoutPolicyUpdate,
     PasswordRequest,
+    PrimaryOrgDomainRequest,
     Project,
     ProjectCreateRequest,
     ProjectGrant,
@@ -254,6 +255,12 @@ export class ManagementService {
         return this.grpcService.mgmt.searchMyOrgDomains(req);
     }
 
+    public async setMyPrimaryOrgDomain(domain: string): Promise<Empty> {
+        const req: PrimaryOrgDomainRequest = new PrimaryOrgDomainRequest();
+        req.setDomain(domain);
+        return this.grpcService.mgmt.setMyPrimaryOrgDomain(req);
+    }
+
     public async GenerateMyOrgDomainValidation(domain: string, type: OrgDomainValidationType):
         Promise<OrgDomainValidationResponse> {
         const req: OrgDomainValidationRequest = new OrgDomainValidationRequest();

console/src/assets/i18n/de.json

@@ -335,6 +335,7 @@
             "NEW":"Domain hinzufügen",
             "TITLE":"Domains",
             "DESCRIPTION":"Konfiguriere die Domains mit denen sich deine Benutzer einloggen können.",
+            "SETPRIMARY":"Primäre Domain setzen",
             "DELETE": {
                 "TITLE":"Domain löschen?",
                 "DESCRIPTION":"Du bist im Begriff eine Domain aus deiner Organisation zu löschen. Deine Benutzer können diese nach dem Löschen nicht mehr für den Login nutzen."
@@ -408,7 +409,8 @@
             "DOMAINREMOVED":"Domain entfernt!",
             "MEMBERADDED":"Manager hinzugefügt!",
             "MEMBERREMOVED":"Manager entfernt!",
-            "MEMBERCHANGED":"Manager verändert!"
+            "MEMBERCHANGED":"Manager verändert!",
+            "SETPRIMARY":"Primäre Domain gesetzt"
         }
     },
     "ORG_DETAIL": {

console/src/assets/i18n/en.json

@@ -335,6 +335,7 @@
             "NEW":"Add Domain",
             "TITLE":"Domains",
             "DESCRIPTION":"Configure your domains. This domain can be used to login with your users.",
+            "SETPRIMARY":"Set as primary",
             "DELETE": {
                 "TITLE":"Delete domain?",
                 "DESCRIPTION":"You are about to delete one of your domains. Note that your users can no longer use this domain for their logins."
@@ -408,7 +409,8 @@
             "DOMAINREMOVED":"Removed domain!",
             "MEMBERADDED":"Manager added!",
             "MEMBERREMOVED":"Manager removed!",
-            "MEMBERCHANGED":"Manager changed!"
+            "MEMBERCHANGED":"Manager changed!",
+            "SETPRIMARY":"Primary Domain set"
         }
     },
     "ORG_DETAIL": {