inteligr8/alfresco-ng2-components
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-ng2-components.git synced 2025-05-12 17:04:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
alfresco-ng2-components/lib/core/services/user-access.service.ts

116 lines
4.0 KiB
TypeScript
Raw Blame History

/*!
* @license
* Copyright 2019 Alfresco Software, Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import { Injectable } from '@angular/core';
import { JwtHelperService } from './jwt-helper.service';
import { ApplicationAccessModel } from '../models/application-access.model';
import { UserAccessModel } from '../models/user-access.model';
import { AppConfigService } from '../app-config/app-config.service';
import { OAuth2Service } from './oauth2.service';
const IDENTITY_MICRO_SERVICE_INGRESS = 'modeling-service';
@Injectable({
providedIn: 'root'
})
export class UserAccessService {
private globalAccess: string[];
private applicationAccess: ApplicationAccessModel[];
constructor(private jwtHelperService: JwtHelperService,
private appConfigService: AppConfigService,
private oAuth2Service: OAuth2Service) {
}
async fetchUserAccess() {
if (!this.hasFetchedAccess()) {
if (this.hasRolesInJwt()) {
this.fetchAccessFromJwt();
} else if (this.isOauth()) {
await this.fetchAccessFromApi();
}
}
}
private fetchAccessFromJwt() {
this.globalAccess = this.jwtHelperService.getValueFromLocalToken<any>(JwtHelperService.REALM_ACCESS).roles;
this.applicationAccess = this.jwtHelperService.getValueFromLocalToken<any>(JwtHelperService.RESOURCE_ACCESS);
}
private async fetchAccessFromApi() {
const url = `${this.identityHost}/${IDENTITY_MICRO_SERVICE_INGRESS}/v1/identity/roles`;
await this.oAuth2Service.get({ url })
.toPromise()
.then((response: UserAccessModel) => {
this.globalAccess = response.globalAccess.roles;
this.applicationAccess = response.applicationAccess;
});
}
private hasRolesInJwt(): boolean {
return !!this.jwtHelperService.getValueFromLocalToken(JwtHelperService.REALM_ACCESS);
}
private hasFetchedAccess(): boolean {
return !!this.globalAccess && !!this.applicationAccess;
}
private get identityHost(): string {
return `${this.appConfigService.get('bpmHost')}`;
}
private isOauth(): boolean {
return this.appConfigService.get('authType') === 'OAUTH';
}
/**
* Checks for global roles access.
*
* @param rolesToCheck List of the roles to check
* @returns True if it contains at least one of the given roles, false otherwise
*/
hasGlobalAccess(rolesToCheck: string[]): boolean {
if (rolesToCheck?.length > 0) {
return this.globalAccess ? this.globalAccess.some((role: string) => rolesToCheck.includes(role)) : false;
}
return true;
}
/**
* Checks for global roles access.
*
* @param appName The app name
* @param rolesToCheck List of the roles to check
* @returns True if it contains at least one of the given roles, false otherwise
*/
hasApplicationAccess(appName: string, rolesToCheck: string[]): boolean {
if (rolesToCheck?.length > 0) {
const appAccess = this.hasRolesInJwt() ? this.applicationAccess[appName] : this.applicationAccess.find((app: ApplicationAccessModel) => app.name === appName);
return appAccess ? appAccess.roles.some(appRole => rolesToCheck.includes(appRole)) : false;
}
return true;
}
/**
* Resets the cached user access
*/
resetAccess() {
this.globalAccess = undefined;
this.applicationAccess = undefined;
}
}
Reference in New Issue View Git Blame Copy Permalink