AW-4628 Add role-based security to authguard
All checks were successful
FarmMaps.Develop/FarmMapsLib/pipeline/head This commit looks good

This commit is contained in:
Peter (extern) 2023-02-10 15:30:35 +01:00
parent c61a4fe7f4
commit aeded938bd
5 changed files with 60 additions and 5 deletions

View File

@ -24,26 +24,33 @@ export class AuthGuard implements CanActivate, CanLoad, CanActivateChild {
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
let url: string = state.url;
return this.checkLogin(url);
return this.checkLogin(url, route);
}
canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
let url: string = state.url;
return this.checkLogin(url);
return this.checkLogin(url, childRoute);
}
canLoad(route: Route): Promise<boolean> {
return this.checkLogin(route.path);
return this.checkLogin(route.path, null);
}
checkLogin(url: string): Promise<boolean> {
checkLogin(url: string, route: ActivatedRouteSnapshot): Promise<boolean> {
return new Promise<boolean>((resolve) => {
if (!this.oauthService.hasValidAccessToken()) {
console.debug("No valid token");
this.oauthService.initCodeFlow(url);
resolve(false);
} else {
} else {
const requiredRoleClaim = route.data.role;
if (!requiredRoleClaim) { resolve(true); }
const ownedClaims = this.oauthService.getIdentityClaims();
if (!ownedClaims) { resolve(false); }
const ownedRoleClaims: string[] = ownedClaims['role'];
if (!ownedRoleClaims) { resolve(false); }
if (ownedRoleClaims.findIndex(r => r === requiredRoleClaim) <= -1) { resolve(false); }
resolve(true);
}
});

View File

@ -0,0 +1,25 @@
import { NgModule } from '@angular/core';
import { RouterModule } from '@angular/router';
import { AuthGuard } from 'dist/common';
import { AdminComponent } from './admin.component';
const routes = [
{
path: '',
component: AdminComponent,
canActivate: [AuthGuard],
data: {
role: 'admin'
}
}
];
@NgModule({
imports: [
RouterModule.forChild(routes),
],
exports: [
RouterModule
]
})
export class AdminRouterModule { }

View File

@ -0,0 +1,8 @@
import { Component } from '@angular/core';
@Component({
selector: 'app-test',
template: `<h1>Yes! You have access to the admin component.</h1>`
})
export class AdminComponent {
}

View File

@ -0,0 +1,14 @@
import { NgModule } from '@angular/core';
import { AdminRouterModule} from './admin-router.module';
import { AdminComponent } from './admin.component';
@NgModule({
imports: [
AdminRouterModule
],
declarations: [
AdminComponent
]
})
export class AdminModule { }

View File

@ -65,6 +65,7 @@ const routes = [
},
{ path: 'map', loadChildren: () => import('../../projects/common-map/src/public-api').then(m => m.AppCommonMapModule), canActivateChild: [AuthGuard],canActivate: [FullScreenGuard], },
{ path: 'map3d', loadChildren: () => import('./map3d/map3d.module').then(m => m.Map3DModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard] },
{ path: 'admin', loadChildren: () => import('./admin/admin.module').then(m => m.AdminModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard], data: { role: 'admin' } },
{
path: 'registerdevice/:deviceToken',
canActivate: [FullScreenGuard],