fix: fix domain-specific access control for Advanced_Service

apps/web/src/lib/access-control/page-access-helper.ts

@@ -38,9 +38,9 @@ export const flattenMenu = (menuList: Menu[]): Menu[] => menuList.flatMap((menu)
     ...(menu.subMenuList ? flattenMenu(menu.subMenuList) : []),
 ]);
 
-export const getPageAccessMapFromRawData = (pageAccessPermissions?: string[]): PageAccessMap => {
+export const getPageAccessMapFromRawData = (pageAccessPermissions?: string[], domainId?: string): PageAccessMap => {
     const result: PageAccessMap = {};
-    const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICES') ?? []).includes('alert-v2');
+    const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainId);
     const menuListByVersion = (isAlertManagerVersionV2 ? MENU_LIST_FOR_ALERT_MANAGER_V2 : MENU_LIST);
     const flattenedMenuList = flattenMenu(menuListByVersion);
     const setPermissions = (id: string, read = true, write = true, access = true) => {

apps/web/src/lib/access-control/redirect-route-helper.ts

@@ -25,8 +25,8 @@ const getSubMenuIdsToMap = (menu: Menu, flattenedMenuMap: FlattenedMenuMap = {})
     return flattenedMenuMap;
 };
 
-const makeFlattenedMenuMap = () => {
-    const isAlertManagerVersionV2 = config.get('ADVANCED_SERVICES').includes('alert-v2');
+const makeFlattenedMenuMap = (domainId:string) => {
+    const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainId);
     const menuListByVersion = (isAlertManagerVersionV2 ? MENU_LIST_FOR_ALERT_MANAGER_V2 : MENU_LIST);
     menuListByVersion.forEach((menu) => {
         getSubMenuIdsToMap(menu, FLATTENED_MENU_MAP);
@@ -38,9 +38,9 @@ const getSubMenuListByMenuId = (menuId: MenuId): MenuId[] => {
     return [];
 };
 
-export const getRedirectRouteByPagePermission = (route: Route, pagePermissionsMap: PageAccessMap): Location => {
+export const getRedirectRouteByPagePermission = (route: Route, pagePermissionsMap: PageAccessMap, domainId:string): Location => {
     const isFlattenedMenuMapEmpty = Object.keys(FLATTENED_MENU_MAP).length === 0;
-    if (isFlattenedMenuMapEmpty) makeFlattenedMenuMap();
+    if (isFlattenedMenuMapEmpty) makeFlattenedMenuMap(domainId);
     const menuId = route.meta?.menuId;
     if (!menuId) return { name: ERROR_ROUTE._NAME, params: { statusCode: '404' } };
     const subMenuIdList = getSubMenuListByMenuId(menuId);

apps/web/src/lib/site-initializer/index.ts

@@ -46,11 +46,11 @@ const initRouter = (domainId?: string) => {
     const userStore = useUserStore(pinia);
     const allReferenceStore = useAllReferenceStore(pinia);
     const afterGrantedCallback = () => allReferenceStore.flush();
-    const isAlertManagerVersionV2 = config.get('ADVANCED_SERVICES').includes('alert-v2');
-    const routes = isAlertManagerVersionV2 ? integralRoutes : alertManagerV1IntegralRoutes;
     if (!domainId) {
         SpaceRouter.init(errorRoutes, afterGrantedCallback, userStore);
     } else {
+        const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainId);
+        const routes = isAlertManagerVersionV2 ? integralRoutes : alertManagerV1IntegralRoutes;
         SpaceRouter.init(routes, afterGrantedCallback, userStore);
     }
     isRouterInitialized = true;

apps/web/src/services/alert-manager-v2/routes/routes.ts

@@ -26,7 +26,7 @@ const alertManagerRoutesV2: RouteConfig = {
         menuId: MENU_ID.ALERT_MANAGER,
         translationId: MENU_INFO_MAP[MENU_ID.ALERT_MANAGER].translationId,
     },
-    redirect: (to) => getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap),
+    redirect: (to) => getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId),
     component: AlertManagerContainer,
     children: [
         {

apps/web/src/services/alert-manager/routes/routes.ts

@@ -26,7 +26,7 @@ const alertManagerRoutes: RouteConfig = {
     },
     redirect: (to) => {
         const userStore = useUserStore(pinia);
-        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap);
+        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId);
     },
     component: AlertManagerContainer,
     children: [

apps/web/src/services/asset-inventory-v1/routes/routes.ts

@@ -47,7 +47,7 @@ const assetInventoryRouteV1: RouteConfig = {
         menuId: MENU_ID.ASSET_INVENTORY,
         translationId: MENU_INFO_MAP[MENU_ID.ASSET_INVENTORY].translationId,
     },
-    redirect: (to) => getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap),
+    redirect: (to) => getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId),
     component: AssetInventoryContainer,
     children: [
         {

apps/web/src/services/asset-inventory/routes/routes.ts

@@ -45,7 +45,7 @@ const assetInventoryRoute: RouteConfig = {
     },
     redirect: (to) => {
         const userStore = useUserStore(pinia);
-        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap);
+        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId);
     },
     component: AssetInventoryContainer,
     children: [

apps/web/src/services/cost-explorer/routes/routes.ts

@@ -33,7 +33,7 @@ const costExplorerRoutes: RouteConfig = {
     },
     redirect: (to) => {
         const userStore = useUserStore(pinia);
-        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap);
+        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId);
     },
     component: CostExplorerContainer,
     children: [

apps/web/src/services/iam/components/RoleManagementTabDetail.vue

@@ -16,6 +16,8 @@ import { ROLE_TYPE } from '@/schema/identity/role/constant';
 import type { RoleModel } from '@/schema/identity/role/model';
 import { i18n } from '@/translations';
 
+import { useDomainStore } from '@/store/domain/domain-store';
+
 import { PAGE_ACCESS } from '@/lib/access-control/config';
 import {
     getPageAccessMapFromRawData,
@@ -39,6 +41,7 @@ interface DetailMenuItems {
 
 const rolePageStore = useRolePageStore();
 const rolePageState = rolePageStore.$state;
+const domainStore = useDomainStore();
 
 const detailMenuItems = computed<DetailMenuItems[]>(() => [
     { name: 'page_access', label: i18n.t('IAM.ROLE.DETAIL.PAGE_ACCESS') as string },
@@ -139,9 +142,9 @@ watch(() => state.selectedRole.role_id, async (roleId) => {
         : roleId;
 
     await getRoleDetailData(selectedRoleId);
-    state.pageAccessDataList = getPageAccessMenuListByRoleType(state.data.role_type);
+    state.pageAccessDataList = getPageAccessMenuListByRoleType(state.data.role_type, domainStore.state.domainId);
 
-    const pageAccessPermissionMap = getPageAccessMapFromRawData(state.pageAccess);
+    const pageAccessPermissionMap = getPageAccessMapFromRawData(state.pageAccess, domainStore.state.domainId);
 
     Object.entries(pageAccessPermissionMap).forEach(([itemId, accessible]) => {
         if (!itemId) return;

apps/web/src/services/iam/components/RoleUpdateFormPermissionForm.vue

@@ -10,6 +10,8 @@ import { PPaneLayout } from '@cloudforet/mirinae';
 import { ROLE_TYPE } from '@/schema/identity/role/constant';
 import type { RoleType } from '@/schema/identity/role/type';
 
+import { useDomainStore } from '@/store/domain/domain-store';
+
 import { PAGE_ACCESS } from '@/lib/access-control/config';
 import { getPageAccessMapFromRawData } from '@/lib/access-control/page-access-helper';
 
@@ -21,6 +23,8 @@ import { FORM_TYPE } from '@/services/iam/constants/role-constant';
 import { getPageAccessList, getPageAccessMenuListByRoleType } from '@/services/iam/helpers/role-page-access-menu-list';
 import type { PageAccessMenuItem, RoleFormData } from '@/services/iam/types/role-type';
 
+const domainStore = useDomainStore();
+
 interface Props {
     initialPageAccess?: string[];
     initialPermissions?: string[];
@@ -91,7 +95,7 @@ const handleUpdateEditor = (value: string) => {
 };
 const setPageAccessPermissionsData = () => {
     if (!props.initialPageAccess) return;
-    const pageAccessPermissionMap = getPageAccessMapFromRawData(props.initialPageAccess);
+    const pageAccessPermissionMap = getPageAccessMapFromRawData(props.initialPageAccess, domainStore.state.domainId);
     // eslint-disable-next-line no-restricted-syntax
     for (const [itemId, accessible] of Object.entries(pageAccessPermissionMap)) {
         if (!itemId) return;
@@ -126,7 +130,7 @@ watch(() => state.pageAccessPermissions, (pageAccessPermissions, prevPageAccessP
     emit('update-form', { page_access: pageAccessPermissions });
 });
 watch([() => props.roleType, () => props.initialPageAccess], ([roleType]) => {
-    menuItems.value = getPageAccessMenuListByRoleType(roleType);
+    menuItems.value = getPageAccessMenuListByRoleType(roleType, domainStore.state.domainId);
     setPageAccessPermissionsData();
 }, { immediate: true });
 </script>

apps/web/src/services/iam/helpers/role-page-access-menu-list.ts

@@ -30,10 +30,10 @@ const flattenSubMenuList = (subMenuList: Menu[], defaultMenuIds: MenuId[], trans
     return results;
 };
 
-export const getPageAccessMenuListByRoleType = (roleType: RoleType): PageAccessMenuItem[] => {
+export const getPageAccessMenuListByRoleType = (roleType: RoleType, domainId: string): PageAccessMenuItem[] => {
     const results: PageAccessMenuItem[] = [];
     const defaultMenuIdsByRoleType = getDefaultPageAccessPermissionList(roleType);
-    const isAlertManagerVersionV2 = config.get('ADVANCED_SERVICES').includes('alert-v2');
+    const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainId);
     const menuListByVersion = (isAlertManagerVersionV2 ? MENU_LIST_FOR_ALERT_MANAGER_V2 : MENU_LIST);
     menuListByVersion.forEach((menu) => {
         if (menu.needPermissionByRole && defaultMenuIdsByRoleType.includes(menu.id)) {

apps/web/src/services/iam/routes/routes.ts

@@ -25,7 +25,7 @@ const iamRoutes: RouteConfig = {
     },
     redirect: (to) => {
         const userStore = useUserStore(pinia);
-        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap);
+        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId);
     },
     component: IamContainer,
     children: [

apps/web/src/services/info/routes/routes.ts

@@ -24,7 +24,7 @@ const infoRoute: RouteConfig = {
     },
     redirect: (to) => {
         const userStore = useUserStore(pinia);
-        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap);
+        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId);
     },
     component: InfoContainer,
     children: [

apps/web/src/services/my-page/routes/routes.ts

@@ -28,7 +28,7 @@ const myPageRoutes: RouteConfig = {
     },
     redirect: (to) => {
         const userStore = useUserStore(pinia);
-        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap);
+        return getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId);
     },
     component: MyPageContainer,
     children: [

apps/web/src/services/ops-flow/routes/routes.ts

@@ -28,7 +28,7 @@ const opsFlowRoutes: RouteConfig = {
         menuId: MENU_ID.OPS_FLOW,
         translationId: MENU_INFO_MAP[MENU_ID.OPS_FLOW].translationId,
     },
-    redirect: (to) => getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap),
+    redirect: (to) => getRedirectRouteByPagePermission(to, userStore.getters.pageAccessPermissionMap, userStore.getters.domainId),
     component: OpsFlowContainer,
     children: [
         {

apps/web/src/store/display/display-store.ts

@@ -333,7 +333,7 @@ export const useDisplayStore = defineStore('display-store', () => {
         const appContextStore = useAppContextStore();
         const appContextState = appContextStore.$state;
         const userWorkspaceStore = useUserWorkspaceStore();
-        const isAlertManagerVersionV2 = config.get('ADVANCED_SERVICES').includes('alert-v2');
+        const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainStore.state.domainId);
         const menuListByVersion = (isAlertManagerVersionV2 ? MENU_LIST_FOR_ALERT_MANAGER_V2 : MENU_LIST);
         const adminMenuListByVersion = (isAlertManagerVersionV2 ? ADMIN_MENU_LIST_FOR_ALERT_MANAGER_V2 : ADMIN_MENU_LIST);
         const isAdminMode = appContextState.getters.isAdminMode;

apps/web/src/store/reference/collector-reference-store.ts

@@ -9,6 +9,7 @@ import type { ListResponse } from '@/schema/_common/api-verbs/list';
 import type { CollectorListParameters } from '@/schema/inventory/collector/api-verbs/list';
 import type { CollectorModel } from '@/schema/inventory/collector/model';
 
+import { useDomainStore } from '@/store/domain/domain-store';
 import type {
     ReferenceItem, ReferenceLoadOptions, ReferenceMap, ReferenceTypeInfo,
 } from '@/store/reference/type';
@@ -30,6 +31,8 @@ let lastLoadedTime = 0;
 
 export const useCollectorReferenceStore = defineStore('reference-collector', () => {
     const userStore = useUserStore();
+    const domainStore = useDomainStore();
+
     const state = reactive({
         items: null as CollectorReferenceMap | null,
     });
@@ -59,7 +62,7 @@ export const useCollectorReferenceStore = defineStore('reference-collector', ()
 
         const referenceMap: CollectorReferenceMap = {};
         try {
-            const isAlertManagerVersionV2 = config.get('ADVANCED_SERVICES').includes('alert-v2');
+            const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainStore.state.domainId);
             const collectorFetcher = isAlertManagerVersionV2 ? SpaceConnector.clientV2.inventoryV2.collector.list : SpaceConnector.clientV2.inventory.collector.list;
 
             const response = await collectorFetcher<CollectorListParameters, ListResponse<CollectorModel>>({

apps/web/src/store/reference/region-reference-store.ts

@@ -9,6 +9,7 @@ import type { ListResponse } from '@/schema/_common/api-verbs/list';
 import type { RegionListParameters } from '@/schema/inventory/region/api-verbs/list';
 import type { RegionModel } from '@/schema/inventory/region/model';
 
+import { useDomainStore } from '@/store/domain/domain-store';
 import type {
     ReferenceItem, ReferenceLoadOptions, ReferenceMap, ReferenceTypeInfo,
 } from '@/store/reference/type';
@@ -38,6 +39,8 @@ let lastLoadedTime = 0;
 
 export const useRegionReferenceStore = defineStore('reference-region', () => {
     const userStore = useUserStore();
+    const domainStore = useDomainStore();
+
     const state = reactive({
         items: null as RegionReferenceMap | null,
     });
@@ -67,7 +70,7 @@ export const useRegionReferenceStore = defineStore('reference-region', () => {
 
         const referenceMap: RegionReferenceMap = {};
         try {
-            const isAlertManagerVersionV2 = config.get('ADVANCED_SERVICES').includes('alert-v2');
+            const isAlertManagerVersionV2 = (config.get('ADVANCED_SERVICE')?.alert_manager_v2 ?? []).includes(domainStore.state.domainId);
             const regionFetcher = isAlertManagerVersionV2 ? SpaceConnector.clientV2.inventoryV2.region.list : SpaceConnector.clientV2.inventory.region.list;
 
             const response = await regionFetcher<RegionListParameters, ListResponse<RegionModel>>({

apps/web/src/store/user/type.ts

@@ -46,6 +46,7 @@ export interface UserStoreState {
 export interface UserStoreGetters {
     isDomainAdmin: ComputedRef<boolean>;
     isSystemAdmin: ComputedRef<boolean>;
+    domainId: ComputedRef<string>;
     languageLabel: ComputedRef<string>;
     isNoRoleUser: ComputedRef<boolean>;
     hasAdminOrWorkspaceOwnerRole: ComputedRef<boolean>;

apps/web/src/store/user/user-store.ts

@@ -25,6 +25,7 @@ import { setI18nLocale } from '@/translations';
 
 import { useAppContextStore } from '@/store/app-context/app-context-store';
 import { useUserWorkspaceStore } from '@/store/app-context/workspace/user-workspace-store';
+import { useDomainStore } from '@/store/domain/domain-store';
 import { useErrorStore } from '@/store/error/error-store';
 import { languages, MANAGED_ROLES, USER_STORAGE_KEY } from '@/store/user/constant';
 import type {
@@ -113,6 +114,7 @@ const getRoleTypeFromToken = (token: string): RoleType => {
 };
 
 export const useUserStore = defineStore('user-store', () => {
+    const domainStore = useDomainStore();
     let storedUserState: Partial<UserStoreState> = {};
     try {
         storedUserState = LocalStorageAccessor.getItem(USER_STORAGE_KEY) ?? {};
@@ -140,14 +142,15 @@ export const useUserStore = defineStore('user-store', () => {
     const getters = reactive<UserStoreGetters>({
         isDomainAdmin: computed<boolean>(() => state.roleType === ROLE_TYPE.DOMAIN_ADMIN),
         isSystemAdmin: computed<boolean>(() => state.roleType === ROLE_TYPE.SYSTEM_ADMIN),
+        domainId: computed<string>(() => domainStore.state.domainId),
         languageLabel: computed<string>(() => languages[state.language as string] || state.language),
         isNoRoleUser: computed<boolean>(() => !state.currentRoleInfo),
         hasAdminOrWorkspaceOwnerRole: computed<boolean>(() => state.roleType === 'DOMAIN_ADMIN' || state.roleType === 'WORKSPACE_OWNER'),
         hasPermission: computed<boolean>(() => !!state.currentRoleInfo),
         pageAccessPermissionList: computed<MenuId[]>(() => {
             const roleType = state.currentRoleInfo?.roleType ?? 'USER';
             const roleBasePagePermissions = state.currentRoleInfo?.pageAccess ?? ['my_page.*'];
-            const pagePermissionMap = getPageAccessMapFromRawData(roleBasePagePermissions);
+            const pagePermissionMap = getPageAccessMapFromRawData(roleBasePagePermissions, getters.domainId);
             const minimalPagePermissionList = getMinimalPageAccessPermissionList(roleType);
             const defaultPagePermissionList = getDefaultPageAccessPermissionList(roleType);
 
@@ -167,7 +170,7 @@ export const useUserStore = defineStore('user-store', () => {
 
             const roleType = state.currentRoleInfo?.roleType ?? 'USER';
             const roleBasePagePermissions = state.currentRoleInfo?.pageAccess ?? ['my_page.*'];
-            const pagePermissionMap = getPageAccessMapFromRawData(roleBasePagePermissions);
+            const pagePermissionMap = getPageAccessMapFromRawData(roleBasePagePermissions, getters.domainId);
             const minimalPagePermissionList = getMinimalPageAccessPermissionList(roleType);
 
             const isAllReadOnly = checkAllMenuReadonly(roleBasePagePermissions);