add function for separeate roles in Session| add isCommunityRI method in community service and RIGuard || change admin guard to be only administrator | add claims curator guard|

git-svn-id: https://svn.driver.research-infrastructures.eu/driver/dnet40/modules/uoa-services-library/trunk/ng-openaire-library/src/app@51526 d315682c-612b-4755-9ff5-7f18f6832af3
This commit is contained in:
argiro.kokogiannaki 2018-03-27 08:22:55 +00:00
parent f4c10e12c0
commit 5139077569
8 changed files with 153 additions and 29 deletions

View File

@ -31,7 +31,9 @@ export class CommunityService {
iscommunityManager(url: string, manager:string){ iscommunityManager(url: string, manager:string){
return this.http.get(url).map(res => <any> res.json()).map(res => this.parseCommunity(res)).map(community => community.managers.indexOf(manager)!=-1); return this.http.get(url).map(res => <any> res.json()).map(res => this.parseCommunity(res)).map(community => community.managers.indexOf(manager)!=-1);
} }
iscommunityRI(url: string){
return this.http.get(url).map(res => <any> res.json()).map(res => this.parseCommunity(res)).map(community => (community && community.type && community.type !="community"));
}
parseCommunity(data:any): CommunityInfo { parseCommunity(data:any): CommunityInfo {
let length = Array.isArray(data) ? data.length :1; let length = Array.isArray(data) ? data.length :1;

View File

@ -13,7 +13,6 @@ export class ConnectAdminLoginGuard implements CanActivate {
constructor(private router: Router, private communityService: CommunityService, private propertiesService:EnvironmentSpecificService ) {} constructor(private router: Router, private communityService: CommunityService, private propertiesService:EnvironmentSpecificService ) {}
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean { canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
console.log("aaa");
console.log(state.url); console.log(state.url);
var user; var user;
var loggedIn = false; var loggedIn = false;
@ -28,14 +27,11 @@ export class ConnectAdminLoginGuard implements CanActivate {
this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } }); this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } });
return false; return false;
}else if(Session.isPortalAdministrator()) { }else if(Session.isPortalAdministrator() || Session.isCommunityCurator()) {
console.log("is Admin"); console.log("is Admin");
isAdmin = true; isAdmin = true;
return true; return true;
}else { }else {
// let first = Observable.timer(10,500).map(r => { return {source:1,value:r}; }).take(4);
// let second = Observable.timer(10,500).map(r => { return {source:2,value:r}; }).take(4);
// first.merge(second).subscribe(res => this.mergeStream.push(res));
let obs = this.propertiesService.subscribeEnvironment().map(res=>res["communityAPI"]).mergeMap(url => { let obs = this.propertiesService.subscribeEnvironment().map(res=>res["communityAPI"]).mergeMap(url => {
return this.communityService.iscommunityManager(url+community,Session.getUserEmail())}); return this.communityService.iscommunityManager(url+community,Session.getUserEmail())});
obs.filter(enabled => !enabled) obs.filter(enabled => !enabled)
@ -49,14 +45,7 @@ export class ConnectAdminLoginGuard implements CanActivate {
return false; return false;
} }
// if(!loggedIn){
// // this.guardHelper.redirect("/user-info",errorCode,state.url);
// this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } });
//
// return false;
// }else{
// return true;
// }
} }
/* /*
constructor(private route: ActivatedRoute,private router: Router, private config: ConfigurationService) {} constructor(private route: ActivatedRoute,private router: Router, private config: ConfigurationService) {}

View File

@ -0,0 +1,72 @@
import { Injectable } from '@angular/core';
import { Router,CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot} from '@angular/router';
import {Observable} from 'rxjs/Observable';
import {Session} from '../../login/utils/helper.class';
import {ErrorCodes} from '../../login/utils/guardHelper.class';
import {CommunityService} from '../community/community.service';
import { EnvironmentSpecificService} from '../../utils/properties/environment-specific.service';
import { mergeMap } from 'rxjs/operators';
@Injectable()
export class ConnectRIGuard implements CanActivate {
constructor(private router: Router, private communityService: CommunityService, private propertiesService:EnvironmentSpecificService ) {}
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
console.log(state.url);
var user;
var loggedIn = false;
var isAdmin = false;
var errorCode = ErrorCodes.NOT_LOGGIN;
let community = (route.queryParams["communityId"]);
if(Session.isLoggedIn()){
loggedIn = true;
if(!Session.isValidAndRemove()){
loggedIn = false;
errorCode = ErrorCodes.NOT_VALID;
this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } });
return false;
}else if(Session.isPortalAdministrator()) {
isAdmin = true;
return true;
}else {
let obs = this.propertiesService.subscribeEnvironment().map(res=>res["communityAPI"]).mergeMap(url => {
return this.communityService.iscommunityRI(url+community)});
obs.filter(enabled => !enabled)
.subscribe(() => this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } }));
return obs;
}
}else{
errorCode =ErrorCodes.NOT_LOGGIN;
this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } });
return false;
}
}
/*
constructor(private route: ActivatedRoute,private router: Router, private config: ConfigurationService) {}
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
let customRedirect = route.data['redirect'];
let api = route.data['api'];
let community = route.data['community']
if(!community){
community = (route.queryParams["communityId"])?route.queryParams["communityId"]:route.queryParams["community"];
}
if(community){
let isEnabled = this.config.isPageEnabled(api, community,"/"+state.url.split("?")[0].substring(1));
let redirect = !!customRedirect ? customRedirect : '/error';
isEnabled.filter(enabled => !enabled)
.subscribe(() => this.router.navigate([redirect], { queryParams: { "page": state.url } }));
return isEnabled;
}
return true;
}
*/
}

View File

@ -20,7 +20,7 @@ export class AdminLoginGuard implements CanActivate {
loggedIn = false; loggedIn = false;
errorCode = ErrorCodes.NOT_VALID; errorCode = ErrorCodes.NOT_VALID;
}else { }else {
isAdmin = Session.isAdminUser(); isAdmin = Session.isPortalAdministrator();
if(!isAdmin){ if(!isAdmin){
errorCode = ErrorCodes.NOT_ADMIN; errorCode = ErrorCodes.NOT_ADMIN;
} }

View File

@ -0,0 +1,49 @@
import { Injectable } from '@angular/core';
import { Router,CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot} from '@angular/router';
import {Observable} from 'rxjs/Observable';
import {Session} from './utils/helper.class';
import {ErrorCodes} from './utils/guardHelper.class';
@Injectable()
export class ClaimsCuratorGuard implements CanActivate {
constructor(private router: Router) {}
canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
var user;
var role = route.data['role']
var loggedIn = false;
var isAuthorized = false;
var errorCode = ErrorCodes.NOT_LOGGIN;
if(Session.isLoggedIn()){
loggedIn = true;
if(!Session.isValidAndRemove()){
loggedIn = false;
errorCode = ErrorCodes.NOT_VALID;
}else {
if(Session.isClaimsCurator() || Session.isPortalAdministrator()){
isAuthorized =true;
}
if(!Session.isClaimsCurator() && !Session.isPortalAdministrator()){
errorCode = ErrorCodes.NOT_ADMIN;
}
}
}else{
errorCode =ErrorCodes.NOT_LOGGIN;
}
if(!loggedIn){
// this.guardHelper.redirect("/user-info",errorCode,state.url);
this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } });
return false;
}else if(!isAuthorized){
// this.guardHelper.redirect("/user-info",errorCode,state.url);
this.router.navigate(['/user-info'], { queryParams: { "errorCode": errorCode, "redirectUrl": state.url } });
return false;
}else{
return true;
}
}
}

View File

@ -109,7 +109,7 @@ export class UserMiniComponent {
if(Session.isUserValid()){ if(Session.isUserValid()){
this.loggedIn = Session.isLoggedIn(); this.loggedIn = Session.isLoggedIn();
this.user = Session.getUser(); this.user = Session.getUser();
if(Session.isAdminUser()){ if(Session.isClaimsCurator() || Session.isPortalAdministrator()){
this.isAuthorized = true; this.isAuthorized = true;
}else { }else {
this.isAuthorized = false; this.isAuthorized = false;

View File

@ -129,37 +129,49 @@ export class Session{
localStorage.setItem("params",(params && params.length > 1)? params:""); localStorage.setItem("params",(params && params.length > 1)? params:"");
} }
} }
public static isAdminUser():boolean { public static isClaimsCurator():boolean {
var isAdmin = false; var isAuthorized = false;
if(Session.isLoggedIn()){ if(Session.isLoggedIn()){
var claimRoles = ["urn:mace:openminted.eu:aai.openminted.eu:group:OpenAIRE+Curator+-+Claim","urn:mace:openminted.eu:aai.openminted.eu:group:OpenAIRE+Portal+Administrator"] var claimRoles = ["urn:mace:openminted.eu:aai.openminted.eu:group:OpenAIRE+Curator+-+Claim"]
for (var i = 0; i < claimRoles.length; i++) { for (var i = 0; i < claimRoles.length; i++) {
if ((Session.getUser().role).indexOf(claimRoles[i]) > -1) { if ((Session.getUser().role).indexOf(claimRoles[i]) > -1) {
isAdmin = true; isAuthorized = true;
break; break;
} }
} }
// console.log("Is admin:"+ isAdmin) return (isAuthorized);
return (isAdmin);
} }
// console.log("Is admin:"+ isAdmin) return (isAuthorized);
return (isAdmin); }
public static isCommunityCurator():boolean {
var isAuthorized = false;
if(Session.isLoggedIn()){
var roles = ["urn:mace:openminted.eu:aai.openminted.eu:group:OpenAIRE+Curator+-+Community"]
for (var i = 0; i < roles.length; i++) {
if ((Session.getUser().role).indexOf(roles[i]) > -1) {
isAuthorized = true;
break;
}
}
return (isAuthorized);
}
return (isAuthorized);
} }
public static isPortalAdministrator():boolean { public static isPortalAdministrator():boolean {
var isAdmin = false; var isAuthorized = false;
if(Session.isLoggedIn()){ if(Session.isLoggedIn()){
var roles = ["urn:mace:openminted.eu:aai.openminted.eu:group:OpenAIRE+Portal+Administrator"] var roles = ["urn:mace:openminted.eu:aai.openminted.eu:group:OpenAIRE+Portal+Administrator"]
for (var i = 0; i < roles.length; i++) { for (var i = 0; i < roles.length; i++) {
if ((Session.getUser().role).indexOf(roles[i]) > -1) { if ((Session.getUser().role).indexOf(roles[i]) > -1) {
isAdmin = true; isAuthorized = true;
break; break;
} }
} }
// console.log("Is admin:"+ isAdmin) // console.log("Is admin:"+ isAdmin)
return (isAdmin); return (isAuthorized);
} }
// console.log("Is admin:"+ isAdmin) // console.log("Is admin:"+ isAdmin)
return (isAdmin); return (isAuthorized);
} }
public static isRegisteredUser():boolean { public static isRegisteredUser():boolean {
var isRegisteredUser = false; var isRegisteredUser = false;

View File

@ -101,7 +101,7 @@ export class NavigationBarComponent {
this.sub.unsubscribe(); this.sub.unsubscribe();
} }
initialize(){ initialize(){
if(Session.isLoggedIn() && Session.isUserValid() && Session.isAdminUser()){ if(Session.isLoggedIn() && Session.isUserValid() && (Session.isClaimsCurator() || Session.isPortalAdministrator())){
this.isAuthorized = true; this.isAuthorized = true;
}else { }else {
this.isAuthorized = false; this.isAuthorized = false;