[AAE-4985] - Make SSO Role Service accept a content admin role that is not part of the JWT token (#6942)

* Add ability to check if the user is an ACS_ADMIN - not part of JTW token * Make get user api call only once * Add unit tests * Add documentation * Fix comments * Exclude flaky tests, dependent on another test * Fix unit test * Fix comments * Update documentation
2025-07-24 17:32:15 +00:00 · 2021-04-26 14:27:22 +01:00
parent 585a1b6918
commit 574db8d7cc
7 changed files with 106 additions and 7 deletions
--- a/docs/core/services/auth-guard-sso-role.service.md
+++ b/docs/core/services/auth-guard-sso-role.service.md
@@ -31,9 +31,10 @@ const appRoutes: Routes = [
 ```

 If the user now clicks on a link or button that follows this route, they will be not able to access this content if they do not have the Realms roles.
+<br>**Note**: An additional role ALFRESCO_ADMINISTRATORS can be used in the roles array, which will result in checking whether the logged in user has Content Admin capabilities or not, as this role is not part of the JWT token it will call a Content API to determine it.


-Client role Example 
+Client role Example
 ```ts
 const appRoutes: Routes = [
    ...