Added Admin Auth Guard Service in order to prevent registered and non registered users to access admin components by just using their url paths

2020-02-03 17:53:25 +02:00 · 2020-02-03 17:53:25 +02:00 · ebb9617aa6
parent 47650abfa0
commit ebb9617aa6
7 changed files with 64 additions and 10 deletions
--- a/dmp-frontend/src/app/core/admin-auth-guard.service.ts
+++ b/dmp-frontend/src/app/core/admin-auth-guard.service.ts
@ -0,0 +1,39 @@
+import { Injectable } from '@angular/core';
+import { ActivatedRouteSnapshot, CanActivate, CanLoad, Route, Router, RouterStateSnapshot } from '@angular/router';
+import { AuthService } from './services/auth/auth.service';
+import { AppRole } from './common/enum/app-role';
+
+@Injectable()
+export class AdminAuthGuard implements CanActivate, CanLoad {
+	constructor(private auth: AuthService, private router: Router) {
+	}
+
+	isAdmin(): boolean {
+		if (!this.auth.current()) { return false; }
+		const principalRoles = this.auth.current().authorities;
+		for (let i = 0; i < principalRoles.length; i++) {
+			if (principalRoles[i] === AppRole.Admin) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
+		const url: string = state.url;
+		if (!this.isAdmin()) {
+			this.router.navigate(['/unauthorized'], { queryParams: { returnUrl: url } });
+			return false;
+		}
+		return true;
+	}
+
+	canLoad(route: Route): boolean {
+		const url = `/${route.path}`;
+		if (!this.isAdmin()) {
+			this.router.navigate(['/unauthorized'], { queryParams: { returnUrl: url } });
+			return false;
+		}
+		return true;
+	}
+}
--- a/dmp-frontend/src/app/core/core-service.module.ts
+++ b/dmp-frontend/src/app/core/core-service.module.ts
@ -36,6 +36,7 @@ import { EmailConfirmationService } from './services/email-confirmation/email-co
 import { FunderService } from './services/funder/funder.service';
 import { ContactSupportService } from './services/contact-support/contact-support.service';
 import { LanguageService } from './services/language/language.service';
+import { AdminAuthGuard } from './admin-auth-guard.service';
 //
 //
 // This is shared module that provides all the services. Its imported only once on the AppModule.
@ -58,6 +59,7 @@ export class CoreServiceModule {
 				AuthService,
 				CookieService,
 				BaseHttpService,
+				AdminAuthGuard,
 				AuthGuard,
 				CultureService,
 				TimezoneService,
--- a/dmp-frontend/src/app/ui/admin/dataset-profile/dataset-profile.routing.ts
+++ b/dmp-frontend/src/app/ui/admin/dataset-profile/dataset-profile.routing.ts
@ -2,6 +2,7 @@ import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
 import { DatasetProfileEditorComponent } from './editor/dataset-profile-editor.component';
 import { DatasetProfileListingComponent } from './listing/dataset-profile-listing.component';
+import { AdminAuthGuard } from '@app/core/admin-auth-guard.service';

 const routes: Routes = [
 	{
@ -9,36 +10,42 @@ const routes: Routes = [
 		component: DatasetProfileEditorComponent,
 		data: {
 			title: 'GENERAL.TITLES.DATASET-PROFILES-NEW'
-		}
+		},
+		canActivate: [AdminAuthGuard]
 	},
 	{
 		path: ':id',
 		component: DatasetProfileEditorComponent,
 		data: {
 			title: 'GENERAL.TITLES.DATASET-PROFILES-EDIT'
-		}
+		},
+		canActivate: [AdminAuthGuard]
 	},
 	{
 		path: 'clone/:cloneid',
 		component: DatasetProfileEditorComponent,
 		data: {
 			title: 'GENERAL.TITLES.DATASET-PROFILES-CLONE'
-		}
+		},
+		canActivate: [AdminAuthGuard]
 	},
 	{
 		path: 'newversion/:newversionid',
 		component: DatasetProfileEditorComponent,
 		data: {
 			title: 'GENERAL.TITLES.DATASET-PROFILES-NEW-VERSION'
-		}
+		},
+		canActivate: [AdminAuthGuard]
 	},
 	{
 		path: 'versions/:groupId',
 		component: DatasetProfileListingComponent,
+		canActivate: [AdminAuthGuard]
 	},
 	{
 		path: '',
 		component: DatasetProfileListingComponent,
+		canActivate: [AdminAuthGuard]
 	},
 ];

--- a/dmp-frontend/src/app/ui/admin/dmp-profile/dmp-profile.routing.ts
+++ b/dmp-frontend/src/app/ui/admin/dmp-profile/dmp-profile.routing.ts
@ -3,11 +3,12 @@ import { RouterModule, Routes } from '@angular/router';
 import { AuthGuard } from '../../../core/auth-guard.service';
 import { DmpProfileEditorComponent } from './editor/dmp-profile-editor.component';
 import { DmpProfileListingComponent } from './listing/dmp-profile-listing.component';
+import { AdminAuthGuard } from '@app/core/admin-auth-guard.service';

 const routes: Routes = [
-	{ path: '', component: DmpProfileListingComponent, canActivate: [AuthGuard] },
-	{ path: 'new', component: DmpProfileEditorComponent, canActivate: [AuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-NEW' } },
-	{ path: ':id', component: DmpProfileEditorComponent, canActivate: [AuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-EDIT' } },
+	{ path: '', component: DmpProfileListingComponent, canActivate: [AdminAuthGuard] },
+	{ path: 'new', component: DmpProfileEditorComponent, canActivate: [AdminAuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-NEW' } },
+	{ path: ':id', component: DmpProfileEditorComponent, canActivate: [AdminAuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-EDIT' } },
 ];

@NgModule({
--- a/dmp-frontend/src/app/ui/admin/user/user.routing.ts
+++ b/dmp-frontend/src/app/ui/admin/user/user.routing.ts
@ -1,9 +1,10 @@
 import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
 import { UserListingComponent } from './listing/user-listing.component';
+import { AdminAuthGuard } from '@app/core/admin-auth-guard.service';

 const routes: Routes = [
-	{ path: '', component: UserListingComponent },
+	{ path: '', component: UserListingComponent, canActivate: [AdminAuthGuard] },
 	// { path: ':id', component: UserProfileComponent }
 ];

@ -11,4 +12,4 @@ const routes: Routes = [
 	imports: [RouterModule.forChild(routes)],
 	exports: [RouterModule]
 })
-export class UserRoutingModule { }
+export class UserRoutingModule { }
--- a/dmp-frontend/src/app/ui/dmp/dmp.routing.ts
+++ b/dmp-frontend/src/app/ui/dmp/dmp.routing.ts
@ -6,6 +6,7 @@ import { DmpListingComponent } from './listing/dmp-listing.component';
 import { DmpWizardComponent } from './wizard/dmp-wizard.component';
 import { DmpOverviewComponent } from './overview/dmp-overview.component';
 import { DmpCloneComponent } from './clone/dmp-clone.component';
+import { AuthGuard } from '@app/core/auth-guard.service';

 const routes: Routes = [
 	{
@ -65,6 +66,7 @@ const routes: Routes = [
 	{
 		path: 'new',
 		component: DmpEditorComponent,
+		canActivate: [AuthGuard],
 		data: {
 			breadcrumbs: 'new',
 			title: 'GENERAL.TITLES.PLANS-NEW'
--- a/dmp-frontend/src/app/ui/language-editor/language-editor.routing.ts
+++ b/dmp-frontend/src/app/ui/language-editor/language-editor.routing.ts
@ -1,9 +1,11 @@
 import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
 import { LanguageEditorComponent } from './language-editor.component';
+import { AuthGuard } from '@app/core/auth-guard.service';
+import { AdminAuthGuard } from '@app/core/admin-auth-guard.service';

 const routes: Routes = [
-	{ path: '', component: LanguageEditorComponent },
+	{ path: '', component: LanguageEditorComponent, canActivate: [AdminAuthGuard] },
 	// { path: ':id', component: UserProfileComponent }
 ];