AB#129134 use-user-context-in-permissions

[GhaziAlibi]

Description

This PR adds support for literal values in role resource access filters.

For attribute filters, eq and neq can now compare either to another field or to a typed value. Text operators like contains, starts with, and ends with also work with attribute filters. On the backend, permission filters now correctly handle these literal attribute comparisons using the current user’s attributes.

Type of change

• New feature (non-breaking change which adds functionality)

How Has This Been Tested?

• Ran frontend checks with eslint and tsc --noEmit, and ran the backend unit test tests/unit-tests/utils/filter/getFormPermissionFilter.spec.ts.

• verified manually in Back Office -> Settings -> Roles -> Resources that attribute filters can switch between Field and Value, save correctly, and enforce access as expected.

Screenshots

Checklist:

( * == Mandatory )

• * I have set myself as assignee of the pull request
• * My code follows the style guidelines of this project
• * Linting does not generate new warnings
• * I have performed a self-review of my own code
• * I have put the ticket for review, adding the oort-frontend team to the list of reviewers
• * I have commented my code, particularly in hard-to-understand areas
• * I have put JSDoc comment in all required places
• * My changes generate no new warnings
• * I have included screenshots describing my changes if relevant
• * I have selected labels in the Pull Request, according to the changes with code brings
• I have made corresponding changes to the documentation ( if required )
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

More explanation

https://www.loom.com/share/05a716d61b9744faaf51fb304c21d1e5?sid=f87cf896-582a-4f76-93ae-8ceed801b145

[Copilot]

Pull request overview

Adds support for using literal values (in addition to other fields) when building role resource access filters against user attributes, and wires this through the shared filter/query-builder form infrastructure.

Changes:

• Adds valueSource support (field vs literal) to filter forms and access filter persistence/serialization.
• Extends attribute filter operator handling in the filter row UI (operator lists + editor switching + value source selector).
• Enables the new attribute value-source behavior specifically for Role → Resource access filters.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
libs/shared/src/lib/components/role-summary/role-resources/resource-access-filters/resource-access-filters.component.ts	Adds attribute operator configs, includes valueSource in filter form creation, and serializes access filters before diffing/saving.
libs/shared/src/lib/components/role-summary/role-resources/resource-access-filters/resource-access-filters.component.html	Enables attribute value-source switching for the embedded shared filter.
libs/shared/src/lib/components/role-summary/role-resources/permissions.types.ts	Extends access filter typing to allow non-string values and an optional valueSource.
libs/shared/src/lib/components/query-builder/query-builder-forms.ts	Adds optional creation of a valueSource control in filter form groups and propagates options recursively.
libs/shared/src/lib/components/filter/filter.component.ts	Adds an input flag to enable attribute value-source switching.
libs/shared/src/lib/components/filter/filter.component.html	Passes the new flag through to the filter-group component.
libs/shared/src/lib/components/filter/filter-row/filter-row.component.ts	Implements operator configuration + editor switching for attribute literal vs field comparisons; adds valueSource handling.
libs/shared/src/lib/components/filter/filter-row/filter-row.component.html	Adds the valueSource selector UI and a new attribute literal editor template.
libs/shared/src/lib/components/filter/filter-group/filter-group.component.ts	Ensures new rows include valueSource when the feature flag is enabled.
libs/shared/src/lib/components/filter/filter-group/filter-group.component.html	Passes the new flag down to nested groups/rows.

Comments suppressed due to low confidence (1)

libs/shared/src/lib/components/filter/filter-row/filter-row.component.ts:203

• Inside the operator valueChanges handler, selecting inthelast creates a new inTheLast.valueChanges.subscribe(...) each time the operator is changed to inthelast, and it is never unsubscribed. This can leak subscriptions and cause duplicate updates if the user toggles operators. Consider wiring this subscription with takeUntil(this.destroy$) and ensuring only one subscription is active (e.g., create it once and gate on the current operator, or use switchMap).

        if (value === 'inthelast') {
          // Replaces the date editor with in the last
          this.setEditor(this.field);
          // Subscribes to in the last value changes
          this.form
            .get('inTheLast')
            ?.valueChanges.subscribe((inTheLastValues) => {
              if (this.form.get('operator')?.value === 'inthelast') {
                if (
                  inTheLastValues.number !== 1 ||
                  inTheLastValues.unit !== 'days'

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.