From 56b247fcd4587f35369fdb642f5bef30a2ae3eee Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@sdg.moe>
Date: Mon, 30 Mar 2020 21:24:20 +0200
Subject: [PATCH] Making the guard works with any permissions

---
 src/app/app-routing.module.ts                 |  2 +-
 src/app/app.module.ts                         |  2 +-
 .../guards/authenticated-guard.service.ts     | 28 +++++++++++++++----
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/src/app/app-routing.module.ts b/src/app/app-routing.module.ts
index 93171795..ab69098c 100644
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -19,7 +19,7 @@ import {AutologinComponent} from "./autologin/autologin.component";
 import {AuthGuard} from "./misc/guards/authenticated-guard.service";
 
 const routes: Routes = [
-	{ path: "browse", component: BrowseComponent, pathMatch: "full", resolve: { shows: LibraryResolverService }, },// canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
+	{ path: "browse", component: BrowseComponent, pathMatch: "full", resolve: { shows: LibraryResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
 	{ path: "browse/:library-slug", component: BrowseComponent, resolve: { shows: LibraryResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
 	{ path: "show/:show-slug", component: ShowDetailsComponent, resolve: { show: ShowResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
 	{ path: "collection/:collection-slug", component: CollectionComponent, resolve: { collection: CollectionResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
diff --git a/src/app/app.module.ts b/src/app/app.module.ts
index 8a44d1ba..79e81b36 100644
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -106,7 +106,7 @@ export function loadConfig(oidcConfigService: OidcConfigService)
 			deps: [OidcConfigService],
 			multi: true
 		},
-		AuthGuard,
+		AuthGuard.guards,
 		{
 			provide: HTTP_INTERCEPTORS,
 			useClass: AuthorizerInterceptor,
diff --git a/src/app/misc/guards/authenticated-guard.service.ts b/src/app/misc/guards/authenticated-guard.service.ts
index f11744f3..3a5adee4 100644
--- a/src/app/misc/guards/authenticated-guard.service.ts
+++ b/src/app/misc/guards/authenticated-guard.service.ts
@@ -15,7 +15,9 @@ import {AuthService} from "../../services/auth.service";
 @Injectable({providedIn: "root"})
 export class AuthGuard 
 {
-	static forPermissions(permissions: string | string[])
+	public static guards: any[] = [];
+	
+	static forPermissions(...permissions: string[])
 	{
 		@Injectable()
 		class AuthenticatedGuard implements CanActivate, CanLoad
@@ -24,24 +26,40 @@ export class AuthGuard
 	
 			canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree
 			{
-				return this.checkPermissions();
+				if (!this.checkPermissions())
+				{
+					this.router.navigate(["/unauthorized"]);
+					return false;
+				}
+				return true;
 			}
 	
 			canLoad(route: Route, segments: UrlSegment[]): Observable<boolean> | Promise<boolean> | boolean
 			{
-				return this.checkPermissions();
+				if (!this.checkPermissions())
+				{
+					this.router.navigate(["/unauthorized"]);
+					return false;
+				}
+				return true;
 			}
 	
 			checkPermissions(): boolean
 			{
 				if (this.authManager.isAuthenticated)
 				{
-					// if (this.authManager.user.claims)
+					let perms = this.authManager.user.permissions.split(",");
+					for (let perm of permissions) {
+						if (!perms.includes(perm))
+							return false;
+					}
 					return true;
 				}
-				this.router.navigate(["/unauthorized"]);
 				return false;
 			}
 		}
+
+		AuthGuard.guards.push(AuthenticatedGuard);
+		return AuthenticatedGuard;
 	}
 }
\ No newline at end of file