fix(console): move org domains into settings page of the organization (#6612)

* fix: hide domains settings for unauthorized users * refine sidenav object mapping * move domains to settings * change docs * set anchor to list element * remove canwrite check in ngif --------- Co-authored-by: Miguel A. C <doncicuto@gmail.com>
2025-12-05 11:12:02 +00:00 · 2023-09-29 09:31:35 +02:00
parent eb31c2a3be
commit d01f4d229f
42 changed files with 161 additions and 202 deletions
--- a/console/src/app/services/grpc-auth.service.ts
+++ b/console/src/app/services/grpc-auth.service.ts
@@ -309,10 +309,7 @@ export class GrpcAuthService {
        filter(([hL, p]) => {
          return hL === true && !!p.length;
        }),
-        map(([_, zroles]) => {
-          const what = this.hasRoles(zroles, roles, requiresAll);
-          return what;
-        }),
+        map(([_, zroles]) => this.hasRoles(zroles, roles, requiresAll)),
        distinctUntilChanged(),
      );
    } else {
@@ -320,6 +317,31 @@ export class GrpcAuthService {
    }
  }

+  /**
+   * filters objects based on roles
+   * @param objects array of objects
+   * @param mapper mapping function which maps to a string[] or Regexp[] of roles
+   * @param requiresAll wheter all, or just a single roles is required to fulfill
+   */
+  public isAllowedMapper<T>(
+    objects: T[],
+    mapper: (attr: any) => string[] | RegExp[],
+    requiresAll: boolean = false,
+  ): Observable<T[]> {
+    return this.fetchedZitadelPermissions.pipe(
+      withLatestFrom(this.zitadelPermissions),
+      filter(([hL, p]) => {
+        return hL === true && !!p.length;
+      }),
+      map(([_, zroles]) => {
+        return objects.filter((obj) => {
+          const roles = mapper(obj);
+          return this.hasRoles(zroles, roles, requiresAll);
+        });
+      }),
+    );
+  }
+
  /**
   * returns true if user has one of the provided roles
   * @param userRoles roles of the user