inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-05-12 17:04:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AAE-9365] - Auth guards should return true when no roles to check are passed (#7695)

Browse Source
This commit is contained in:
Ardit Domi 2022-06-30 09:38:48 +01:00 committed by GitHub
parent e27833d770
commit ad9a468b11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/core/services/user-access.service.spec.ts
View File

@ -51,6 +51,22 @@ describe('UserAccessService', () => {
}); });
} }
it('should return true when no roles to check are passed in global access', async () => {
spyUserAccess(['MOCK_USER_ROLE'], {});
await userAccessService.fetchUserAccess();
const hasGlobalAccess = userAccessService.hasGlobalAccess([]);
expect(hasGlobalAccess).toBe(true);
});
it('should return true when no roles to check are passed in application access', async () => {
spyUserAccess([], { mockApp: { roles: ['MOCK_APP_ROLE'] } });
await userAccessService.fetchUserAccess();
const hasApplicationAccess = userAccessService.hasApplicationAccess('mockApp', []);
expect(hasApplicationAccess).toBe(true);
});
describe('Access from JWT token', () => { describe('Access from JWT token', () => {
it('should return true when the user has one of the global roles', async () => { it('should return true when the user has one of the global roles', async () => {

12
lib/core/services/user-access.service.ts
View File

@ -84,7 +84,10 @@ export class UserAccessService {
* @returns True if it contains at least one of the given roles, false otherwise * @returns True if it contains at least one of the given roles, false otherwise
*/ */
hasGlobalAccess(rolesToCheck: string[]): boolean { hasGlobalAccess(rolesToCheck: string[]): boolean {
return this.globalAccess ? this.globalAccess.some((role: string) => rolesToCheck.includes(role)) : false; if (rolesToCheck?.length > 0) {
return this.globalAccess ? this.globalAccess.some((role: string) => rolesToCheck.includes(role)) : false;
}
return true;
} }
/** /**
@ -95,8 +98,11 @@ export class UserAccessService {
* @returns True if it contains at least one of the given roles, false otherwise * @returns True if it contains at least one of the given roles, false otherwise
*/ */
hasApplicationAccess(appName: string, rolesToCheck: string[]): boolean { hasApplicationAccess(appName: string, rolesToCheck: string[]): boolean {
const appAccess = this.hasRolesInJwt() ? this.applicationAccess[appName] : this.applicationAccess.find((app: ApplicationAccessModel) => app.name === appName); if (rolesToCheck?.length > 0) {
return appAccess ? appAccess.roles.some(appRole => rolesToCheck.includes(appRole)) : false; const appAccess = this.hasRolesInJwt() ? this.applicationAccess[appName] : this.applicationAccess.find((app: ApplicationAccessModel) => app.name === appName);
return appAccess ? appAccess.roles.some(appRole => rolesToCheck.includes(appRole)) : false;
}
return true;
} }
/** /**