inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-05-19 17:14:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
alfresco-ng2-components/lib/core/services/auth-guard-sso-role.service.ts
arditdomi 574db8d7cc
[AAE-4985] - Make SSO Role Service accept a content admin role that is not part of the JWT token (#6942) 
* Add ability to check if the user is an ACS_ADMIN - not part of JTW token

* Make get user api call only once

* Add unit tests

* Add documentation

* Fix comments

* Exclude flaky tests, dependent on another test

* Fix unit test

* Fix comments

* Update documentation
2021-04-26 14:27:22 +01:00

66 lines
2.4 KiB
TypeScript
Raw Blame History

/*!
* @license
* Copyright 2019 Alfresco Software, Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Injectable } from '@angular/core';
import { JwtHelperService } from './jwt-helper.service';
import { ActivatedRouteSnapshot, CanActivate, Router } from '@angular/router';
import { MatDialog } from '@angular/material/dialog';
import { ContentGroups, PeopleContentService } from './people-content.service';
@Injectable({
providedIn: 'root'
})
export class AuthGuardSsoRoleService implements CanActivate {
constructor(private jwtHelperService: JwtHelperService,
private router: Router,
private dialog: MatDialog,
private peopleContentService: PeopleContentService) {
}
async canActivate(route: ActivatedRouteSnapshot): Promise<boolean> {
let hasRole;
let hasRealmRole = false;
let hasClientRole = true;
if (route.data) {
if (route.data['roles']) {
const rolesToCheck: string[] = route.data['roles'];
const isContentAdmin = rolesToCheck.includes(ContentGroups.ALFRESCO_ADMINISTRATORS) ? await this.peopleContentService.isContentAdmin() : false;
hasRealmRole = this.jwtHelperService.hasRealmRoles(rolesToCheck) || isContentAdmin;
}
if (route.data['clientRoles']) {
const clientRoleName = route.params[route.data['clientRoles']];
const rolesToCheck = route.data['roles'];
hasClientRole = this.jwtHelperService.hasRealmRolesForClientRole(clientRoleName, rolesToCheck);
}
}
hasRole = hasRealmRole && hasClientRole;
if (!hasRole && route.data && route.data['redirectUrl']) {
this.router.navigate(['/' + route.data['redirectUrl']]);
}
if (!hasRole) {
this.dialog.closeAll();
}
return hasRole;
}
}
Reference in New Issue View Git Blame Copy Permalink