AW-4628 Add role-based security to authguard
All checks were successful
FarmMaps.Develop/FarmMapsLib/pipeline/head This commit looks good
All checks were successful
FarmMaps.Develop/FarmMapsLib/pipeline/head This commit looks good
This commit is contained in:
parent
c61a4fe7f4
commit
aeded938bd
@ -24,26 +24,33 @@ export class AuthGuard implements CanActivate, CanLoad, CanActivateChild {
|
||||
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
|
||||
let url: string = state.url;
|
||||
|
||||
return this.checkLogin(url);
|
||||
return this.checkLogin(url, route);
|
||||
}
|
||||
|
||||
canActivateChild(childRoute: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
|
||||
let url: string = state.url;
|
||||
|
||||
return this.checkLogin(url);
|
||||
return this.checkLogin(url, childRoute);
|
||||
}
|
||||
|
||||
canLoad(route: Route): Promise<boolean> {
|
||||
return this.checkLogin(route.path);
|
||||
return this.checkLogin(route.path, null);
|
||||
}
|
||||
|
||||
checkLogin(url: string): Promise<boolean> {
|
||||
checkLogin(url: string, route: ActivatedRouteSnapshot): Promise<boolean> {
|
||||
return new Promise<boolean>((resolve) => {
|
||||
if (!this.oauthService.hasValidAccessToken()) {
|
||||
console.debug("No valid token");
|
||||
this.oauthService.initCodeFlow(url);
|
||||
resolve(false);
|
||||
} else {
|
||||
const requiredRoleClaim = route.data.role;
|
||||
if (!requiredRoleClaim) { resolve(true); }
|
||||
const ownedClaims = this.oauthService.getIdentityClaims();
|
||||
if (!ownedClaims) { resolve(false); }
|
||||
const ownedRoleClaims: string[] = ownedClaims['role'];
|
||||
if (!ownedRoleClaims) { resolve(false); }
|
||||
if (ownedRoleClaims.findIndex(r => r === requiredRoleClaim) <= -1) { resolve(false); }
|
||||
resolve(true);
|
||||
}
|
||||
});
|
||||
|
25
src/app/admin/admin-router.module.ts
Normal file
25
src/app/admin/admin-router.module.ts
Normal file
@ -0,0 +1,25 @@
|
||||
import { NgModule } from '@angular/core';
|
||||
import { RouterModule } from '@angular/router';
|
||||
import { AuthGuard } from 'dist/common';
|
||||
import { AdminComponent } from './admin.component';
|
||||
|
||||
const routes = [
|
||||
{
|
||||
path: '',
|
||||
component: AdminComponent,
|
||||
canActivate: [AuthGuard],
|
||||
data: {
|
||||
role: 'admin'
|
||||
}
|
||||
}
|
||||
];
|
||||
|
||||
@NgModule({
|
||||
imports: [
|
||||
RouterModule.forChild(routes),
|
||||
],
|
||||
exports: [
|
||||
RouterModule
|
||||
]
|
||||
})
|
||||
export class AdminRouterModule { }
|
8
src/app/admin/admin.component.ts
Normal file
8
src/app/admin/admin.component.ts
Normal file
@ -0,0 +1,8 @@
|
||||
import { Component } from '@angular/core';
|
||||
|
||||
@Component({
|
||||
selector: 'app-test',
|
||||
template: `<h1>Yes! You have access to the admin component.</h1>`
|
||||
})
|
||||
export class AdminComponent {
|
||||
}
|
14
src/app/admin/admin.module.ts
Normal file
14
src/app/admin/admin.module.ts
Normal file
@ -0,0 +1,14 @@
|
||||
import { NgModule } from '@angular/core';
|
||||
import { AdminRouterModule} from './admin-router.module';
|
||||
import { AdminComponent } from './admin.component';
|
||||
|
||||
@NgModule({
|
||||
imports: [
|
||||
AdminRouterModule
|
||||
],
|
||||
declarations: [
|
||||
AdminComponent
|
||||
]
|
||||
})
|
||||
|
||||
export class AdminModule { }
|
@ -65,6 +65,7 @@ const routes = [
|
||||
},
|
||||
{ path: 'map', loadChildren: () => import('../../projects/common-map/src/public-api').then(m => m.AppCommonMapModule), canActivateChild: [AuthGuard],canActivate: [FullScreenGuard], },
|
||||
{ path: 'map3d', loadChildren: () => import('./map3d/map3d.module').then(m => m.Map3DModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard] },
|
||||
{ path: 'admin', loadChildren: () => import('./admin/admin.module').then(m => m.AdminModule), canActivateChild: [AuthGuard], canActivate: [FullScreenGuard], data: { role: 'admin' } },
|
||||
{
|
||||
path: 'registerdevice/:deviceToken',
|
||||
canActivate: [FullScreenGuard],
|
||||
|
Loading…
Reference in New Issue
Block a user