-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dashboard permissions #2131
Merged
Merged
Dashboard permissions #2131
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit
Hold shift + click to select a range
7a48205
fix: entity permission guards waits for rules to be available
TheSlimvReal 15825c7
fix: menu items are correctly built with entity guard
TheSlimvReal 36ac816
feat: adding permissions to shortcut widget
TheSlimvReal 6a36152
feat: hiding widgets for which a user doesn't have access
TheSlimvReal 5323e7d
not using getters in template
TheSlimvReal b39107d
extracted route permission logic into own service
TheSlimvReal 447d1b4
moved logic for entity type detection to widgets
TheSlimvReal 910e2a2
added required roles attribute to dashboard config
TheSlimvReal 1131121
aligned interfaces
TheSlimvReal 3eeac13
Merge branch 'master' into permission_dashboard
TheSlimvReal 3e3fd29
refactor(permissions): generalized permission guard code
sleidig 9ae329b
Merge branch 'master' into permission_dashboard
sleidig 4004fcf
fix lint
sleidig File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
92 changes: 92 additions & 0 deletions
92
src/app/core/permissions/permission-guard/abstract-permission.guard.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| import { | ||
| ActivatedRouteSnapshot, | ||
| CanActivate, | ||
| Route, | ||
| Router, | ||
| } from "@angular/router"; | ||
| import { DynamicComponentConfig } from "../../config/dynamic-components/dynamic-component-config.interface"; | ||
|
|
||
| /** | ||
| * Abstract base class with functionality common to all guards that check configurable user permissions or roles. | ||
| */ | ||
| export abstract class AbstractPermissionGuard implements CanActivate { | ||
| constructor(private router: Router) {} | ||
|
|
||
| /** | ||
| * Check if current navigation is allowed. This is used by Angular Router. | ||
| * @param route | ||
| */ | ||
| async canActivate(route: ActivatedRouteSnapshot): Promise<boolean> { | ||
| const routeData: DynamicComponentConfig = route.data; | ||
| if (await this.canAccessRoute(routeData)) { | ||
| return true; | ||
| } else { | ||
| if (route instanceof ActivatedRouteSnapshot) { | ||
| // Route should only change if this is a "real" navigation check (not the check in the NavigationComponent) | ||
| this.router.navigate(["/404"]); | ||
| } | ||
| return false; | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Implement specific permission checks here, based on the given route data (from config) | ||
| * and any required services provided by Angular dependency injection. | ||
| * | ||
| * @param routeData The route data object defined either in routing code or loaded from config by the RouterService. | ||
| * @protected | ||
| */ | ||
| protected abstract canAccessRoute( | ||
| routeData: DynamicComponentConfig, | ||
| ): Promise<boolean>; | ||
|
|
||
| /** | ||
| * Pre-check if access to the given route would be allowed. | ||
| * This is used by components and services to evaluate permissions without actual navigation. | ||
| * | ||
| * @param path | ||
| */ | ||
| public checkRoutePermissions(path: string) { | ||
| let routeData = this.getRouteDataFromRouter(path, this.router.config); | ||
| return this.canAccessRoute(routeData?.data); | ||
| } | ||
|
|
||
| /** | ||
| * Extract the relevant route from Router, to get a merged route that contains the full trail of `permittedRoles` | ||
| * @param path | ||
| * @param routes | ||
| * @private | ||
| */ | ||
| private getRouteDataFromRouter(path: string, routes: Route[]) { | ||
| // removing leading slash | ||
| path = path.replace(/^\//, ""); | ||
|
|
||
| function isPathMatch(genericPath: string, path: string) { | ||
| const routeRegex = genericPath | ||
| .split("/") | ||
| // replace params with wildcard regex | ||
| .map((part) => (part.startsWith(":") ? "[^/]*" : part)) | ||
| .join("/"); | ||
| return path.match("^" + routeRegex + "[/.*]*$"); | ||
| } | ||
|
|
||
| const pathSections = path.split("/"); | ||
| let route = routes.find((r) => isPathMatch(r.path, path)); | ||
| if (!route && pathSections.length > 1) { | ||
| route = routes.find((r) => isPathMatch(r.path, pathSections[0])); | ||
| } | ||
|
|
||
| if (route?.children) { | ||
| const childRoute = this.getRouteDataFromRouter( | ||
| pathSections.slice(1).join("/"), | ||
| route.children, | ||
| ); | ||
| if (childRoute) { | ||
| childRoute.data = { ...route.data, ...childRoute?.data }; | ||
| route = childRoute; | ||
| } | ||
| } | ||
|
|
||
| return route; | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what do you mean by "full trail of
permittedRoles"?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this includes the "permittedRoles" from parent routes of nested routing. Not perfect merge of route data, however - for more complex use cases this might potentially break, I think.