AW-4628 Add role-based security to authguard
	
		
			
	
		
	
	
		
	
		
			All checks were successful
		
		
	
	
		
			
				
	
				FarmMaps.Develop/FarmMapsLib/pipeline/head This commit looks good
				
			
		
		
	
	
				
					
				
			
		
			All checks were successful
		
		
	
	FarmMaps.Develop/FarmMapsLib/pipeline/head This commit looks good
				
			This commit is contained in:
		| @@ -24,26 +24,33 @@ export class AuthGuard implements CanActivate, CanLoad, CanActivateChild  { | |||||||
|   canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> { |   canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> { | ||||||
|     let url: string = state.url; |     let url: string = state.url; | ||||||
|  |  | ||||||
|     return this.checkLogin(url); |     return this.checkLogin(url, route); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> { |   canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> { | ||||||
|     let url: string = state.url; |     let url: string = state.url; | ||||||
|  |  | ||||||
|     return this.checkLogin(url); |     return this.checkLogin(url, childRoute); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   canLoad(route: Route): Promise<boolean> { |   canLoad(route: Route): Promise<boolean> { | ||||||
|     return this.checkLogin(route.path); |     return this.checkLogin(route.path, null); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   checkLogin(url: string): Promise<boolean> { |   checkLogin(url: string, route: ActivatedRouteSnapshot): Promise<boolean> { | ||||||
|     return new Promise<boolean>((resolve) => { |     return new Promise<boolean>((resolve) => { | ||||||
|       if (!this.oauthService.hasValidAccessToken()) { |       if (!this.oauthService.hasValidAccessToken()) { | ||||||
|         console.debug("No valid token"); |         console.debug("No valid token"); | ||||||
|         this.oauthService.initCodeFlow(url); |         this.oauthService.initCodeFlow(url); | ||||||
|         resolve(false); |         resolve(false); | ||||||
|       } else {         |       } else { | ||||||
|  |         const requiredRoleClaim = route.data.role; | ||||||
|  |         if (!requiredRoleClaim) { resolve(true); } | ||||||
|  |         const ownedClaims = this.oauthService.getIdentityClaims(); | ||||||
|  |         if (!ownedClaims) { resolve(false); } | ||||||
|  |         const ownedRoleClaims: string[] = ownedClaims['role']; | ||||||
|  |         if (!ownedRoleClaims) { resolve(false); } | ||||||
|  |         if (ownedRoleClaims.findIndex(r => r === requiredRoleClaim) <= -1) { resolve(false); } | ||||||
|         resolve(true); |         resolve(true); | ||||||
|       } |       } | ||||||
|     }); |     }); | ||||||
|   | |||||||
							
								
								
									
										25
									
								
								src/app/admin/admin-router.module.ts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										25
									
								
								src/app/admin/admin-router.module.ts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,25 @@ | |||||||
|  | import { NgModule } from '@angular/core'; | ||||||
|  | import { RouterModule } from '@angular/router'; | ||||||
|  | import { AuthGuard } from 'dist/common'; | ||||||
|  | import { AdminComponent } from './admin.component'; | ||||||
|  |  | ||||||
|  | const routes = [    | ||||||
|  |   { | ||||||
|  |       path: '', | ||||||
|  |       component: AdminComponent, | ||||||
|  |       canActivate: [AuthGuard], | ||||||
|  |       data: { | ||||||
|  |         role: 'admin' | ||||||
|  |       }    | ||||||
|  |   } | ||||||
|  | ]; | ||||||
|  |  | ||||||
|  | @NgModule({ | ||||||
|  |   imports: [ | ||||||
|  |       RouterModule.forChild(routes), | ||||||
|  |   ], | ||||||
|  |   exports: [ | ||||||
|  |       RouterModule | ||||||
|  |   ] | ||||||
|  | }) | ||||||
|  | export class AdminRouterModule { } | ||||||
							
								
								
									
										8
									
								
								src/app/admin/admin.component.ts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										8
									
								
								src/app/admin/admin.component.ts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,8 @@ | |||||||
|  | import { Component } from '@angular/core'; | ||||||
|  |  | ||||||
|  | @Component({ | ||||||
|  |   selector: 'app-test', | ||||||
|  |   template: `<h1>Yes! You have access to the admin component.</h1>` | ||||||
|  | }) | ||||||
|  | export class AdminComponent { | ||||||
|  | } | ||||||
							
								
								
									
										14
									
								
								src/app/admin/admin.module.ts
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								src/app/admin/admin.module.ts
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | |||||||
|  | import { NgModule } from '@angular/core'; | ||||||
|  | import { AdminRouterModule} from './admin-router.module'; | ||||||
|  | import { AdminComponent } from './admin.component'; | ||||||
|  |  | ||||||
|  | @NgModule({ | ||||||
|  |   imports: [ | ||||||
|  |       AdminRouterModule | ||||||
|  |   ], | ||||||
|  |   declarations: [ | ||||||
|  |       AdminComponent | ||||||
|  |   ] | ||||||
|  | }) | ||||||
|  |    | ||||||
|  | export class AdminModule { } | ||||||
| @@ -65,6 +65,7 @@ const routes = [ | |||||||
|   }, |   }, | ||||||
|   { path: 'map', loadChildren: () => import('../../projects/common-map/src/public-api').then(m => m.AppCommonMapModule), canActivateChild: [AuthGuard],canActivate: [FullScreenGuard], }, |   { path: 'map', loadChildren: () => import('../../projects/common-map/src/public-api').then(m => m.AppCommonMapModule), canActivateChild: [AuthGuard],canActivate: [FullScreenGuard], }, | ||||||
|   { path: 'map3d', loadChildren: () => import('./map3d/map3d.module').then(m => m.Map3DModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard] }, |   { path: 'map3d', loadChildren: () => import('./map3d/map3d.module').then(m => m.Map3DModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard] }, | ||||||
|  |   { path: 'admin', loadChildren: () => import('./admin/admin.module').then(m => m.AdminModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard], data: { role: 'admin' } }, | ||||||
|   { |   { | ||||||
|     path: 'registerdevice/:deviceToken', |     path: 'registerdevice/:deviceToken', | ||||||
|     canActivate: [FullScreenGuard], |     canActivate: [FullScreenGuard], | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user