[ADF-3735] SSO Role guard and Login error improvement (#4377)

* fix lint and doc * Update auth-guard-sso-role.service.md * Update auth-guard-sso-role.service.md * fix json en * restore en.json file
2025-07-24 17:32:15 +00:00 · 2019-03-06 09:53:43 +00:00
parent 0802ff7e7d
commit aba5674e80
12 changed files with 387 additions and 69 deletions
--- a/lib/core/services/auth-guard-sso-role.service.ts
+++ b/lib/core/services/auth-guard-sso-role.service.ts
@@ -0,0 +1,82 @@
+/*!
+ * @license
+ * Copyright 2019 Alfresco Software, Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { Injectable } from '@angular/core';
+import { JwtHelperService } from './jwt-helper.service';
+import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from '@angular/router';
+import { StorageService } from './storage.service';
+
+@Injectable({
+    providedIn: 'root'
+})
+export class AuthGuardSsoRoleService implements CanActivate {
+
+    canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
+        let hasRole = false;
+
+        if (route.data) {
+            let rolesToCheck = route.data['roles'];
+            hasRole = this.hasRoles(rolesToCheck);
+        }
+
+        if (!hasRole && route.data && route.data['redirectUrl']) {
+            this.router.navigate(['/' + route.data['redirectUrl']]);
+        }
+
+        return hasRole;
+    }
+
+    constructor(private storageService: StorageService, private jwtHelperService: JwtHelperService, private router: Router) {
+    }
+
+    getRoles(): string[] {
+        const access = this.getValueFromToken<any>('realm_access');
+        const roles = access ? access['roles'] : [];
+        return roles;
+    }
+
+    getAccessToken(): string {
+        return this.storageService.getItem('access_token');
+    }
+
+    hasRole(role: string): boolean {
+        let hasRole = false;
+        if (this.getAccessToken()) {
+            const roles = this.getRoles();
+            hasRole = roles.some((currentRole) => {
+                return currentRole === role;
+            });
+        }
+        return hasRole;
+    }
+
+    hasRoles(rolesToCheck: string []): boolean {
+        return rolesToCheck.some((currentRole) => {
+            return this.hasRole(currentRole);
+        });
+    }
+
+    getValueFromToken<T>(key: string): T {
+        let value;
+        const accessToken = this.getAccessToken();
+        if (accessToken) {
+            const tokenPayload = this.jwtHelperService.decodeToken(accessToken);
+            value = tokenPayload[key];
+        }
+        return <T> value;
+    }
+}