Making the guard works with any permissions

2025-07-09 03:04:20 -04:00 · 2020-03-30 21:24:20 +02:00 · 2020-03-30 21:24:20 +02:00 · 56b247fcd4
commit 56b247fcd4
parent 46158490f0
3 changed files with 25 additions and 7 deletions
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@ -19,7 +19,7 @@ import {AutologinComponent} from "./autologin/autologin.component";
 import {AuthGuard} from "./misc/guards/authenticated-guard.service";

 const routes: Routes = [
-	{ path: "browse", component: BrowseComponent, pathMatch: "full", resolve: { shows: LibraryResolverService }, },// canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
+	{ path: "browse", component: BrowseComponent, pathMatch: "full", resolve: { shows: LibraryResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
 	{ path: "browse/:library-slug", component: BrowseComponent, resolve: { shows: LibraryResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
 	{ path: "show/:show-slug", component: ShowDetailsComponent, resolve: { show: ShowResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
 	{ path: "collection/:collection-slug", component: CollectionComponent, resolve: { collection: CollectionResolverService }, canLoad: [AuthGuard.forPermissions("read")], canActivate: [AuthGuard.forPermissions("read")] },
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@ -106,7 +106,7 @@ export function loadConfig(oidcConfigService: OidcConfigService)
 			deps: [OidcConfigService],
 			multi: true
 		},
-		AuthGuard,
+		AuthGuard.guards,
 		{
 			provide: HTTP_INTERCEPTORS,
 			useClass: AuthorizerInterceptor,
--- a/src/app/misc/guards/authenticated-guard.service.ts
+++ b/src/app/misc/guards/authenticated-guard.service.ts
@ -15,7 +15,9 @@ import {AuthService} from "../../services/auth.service";
@Injectable({providedIn: "root"})
 export class AuthGuard 
 {
-	static forPermissions(permissions: string | string[])
+	public static guards: any[] = [];
+	
+	static forPermissions(...permissions: string[])
 	{
 		@Injectable()
 		class AuthenticatedGuard implements CanActivate, CanLoad
@ -24,24 +26,40 @@ export class AuthGuard
 	
 			canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree
 			{
-				return this.checkPermissions();
+				if (!this.checkPermissions())
+				{
+					this.router.navigate(["/unauthorized"]);
+					return false;
+				}
+				return true;
 			}
 	
 			canLoad(route: Route, segments: UrlSegment[]): Observable<boolean> | Promise<boolean> | boolean
 			{
-				return this.checkPermissions();
+				if (!this.checkPermissions())
+				{
+					this.router.navigate(["/unauthorized"]);
+					return false;
+				}
+				return true;
 			}
 	
 			checkPermissions(): boolean
 			{
 				if (this.authManager.isAuthenticated)
 				{
-					// if (this.authManager.user.claims)
+					let perms = this.authManager.user.permissions.split(",");
+					for (let perm of permissions) {
+						if (!perms.includes(perm))
+							return false;
+					}
 					return true;
 				}
-				this.router.navigate(["/unauthorized"]);
 				return false;
 			}
 		}
+
+		AuthGuard.guards.push(AuthenticatedGuard);
+		return AuthenticatedGuard;
 	}
 }