diff --git a/dmp-frontend/src/app/core/admin-auth-guard.service.ts b/dmp-frontend/src/app/core/admin-auth-guard.service.ts new file mode 100644 index 000000000..d03a00ce8 --- /dev/null +++ b/dmp-frontend/src/app/core/admin-auth-guard.service.ts @@ -0,0 +1,39 @@ +import { Injectable } from '@angular/core'; +import { ActivatedRouteSnapshot, CanActivate, CanLoad, Route, Router, RouterStateSnapshot } from '@angular/router'; +import { AuthService } from './services/auth/auth.service'; +import { AppRole } from './common/enum/app-role'; + +@Injectable() +export class AdminAuthGuard implements CanActivate, CanLoad { + constructor(private auth: AuthService, private router: Router) { + } + + isAdmin(): boolean { + if (!this.auth.current()) { return false; } + const principalRoles = this.auth.current().authorities; + for (let i = 0; i < principalRoles.length; i++) { + if (principalRoles[i] === AppRole.Admin) { + return true; + } + } + return false; + } + + canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean { + const url: string = state.url; + if (!this.isAdmin()) { + this.router.navigate(['/unauthorized'], { queryParams: { returnUrl: url } }); + return false; + } + return true; + } + + canLoad(route: Route): boolean { + const url = `/${route.path}`; + if (!this.isAdmin()) { + this.router.navigate(['/unauthorized'], { queryParams: { returnUrl: url } }); + return false; + } + return true; + } +} diff --git a/dmp-frontend/src/app/core/core-service.module.ts b/dmp-frontend/src/app/core/core-service.module.ts index 2c397567f..13e197ddb 100644 --- a/dmp-frontend/src/app/core/core-service.module.ts +++ b/dmp-frontend/src/app/core/core-service.module.ts @@ -36,6 +36,7 @@ import { EmailConfirmationService } from './services/email-confirmation/email-co import { FunderService } from './services/funder/funder.service'; import { ContactSupportService } from './services/contact-support/contact-support.service'; import { LanguageService } from './services/language/language.service'; +import { AdminAuthGuard } from './admin-auth-guard.service'; // // // This is shared module that provides all the services. Its imported only once on the AppModule. @@ -58,6 +59,7 @@ export class CoreServiceModule { AuthService, CookieService, BaseHttpService, + AdminAuthGuard, AuthGuard, CultureService, TimezoneService, diff --git a/dmp-frontend/src/app/ui/admin/dataset-profile/dataset-profile.routing.ts b/dmp-frontend/src/app/ui/admin/dataset-profile/dataset-profile.routing.ts index 5ec05da21..d36fa424c 100644 --- a/dmp-frontend/src/app/ui/admin/dataset-profile/dataset-profile.routing.ts +++ b/dmp-frontend/src/app/ui/admin/dataset-profile/dataset-profile.routing.ts @@ -2,6 +2,7 @@ import { NgModule } from '@angular/core'; import { RouterModule, Routes } from '@angular/router'; import { DatasetProfileEditorComponent } from './editor/dataset-profile-editor.component'; import { DatasetProfileListingComponent } from './listing/dataset-profile-listing.component'; +import { AdminAuthGuard } from '@app/core/admin-auth-guard.service'; const routes: Routes = [ { @@ -9,36 +10,42 @@ const routes: Routes = [ component: DatasetProfileEditorComponent, data: { title: 'GENERAL.TITLES.DATASET-PROFILES-NEW' - } + }, + canActivate: [AdminAuthGuard] }, { path: ':id', component: DatasetProfileEditorComponent, data: { title: 'GENERAL.TITLES.DATASET-PROFILES-EDIT' - } + }, + canActivate: [AdminAuthGuard] }, { path: 'clone/:cloneid', component: DatasetProfileEditorComponent, data: { title: 'GENERAL.TITLES.DATASET-PROFILES-CLONE' - } + }, + canActivate: [AdminAuthGuard] }, { path: 'newversion/:newversionid', component: DatasetProfileEditorComponent, data: { title: 'GENERAL.TITLES.DATASET-PROFILES-NEW-VERSION' - } + }, + canActivate: [AdminAuthGuard] }, { path: 'versions/:groupId', component: DatasetProfileListingComponent, + canActivate: [AdminAuthGuard] }, { path: '', component: DatasetProfileListingComponent, + canActivate: [AdminAuthGuard] }, ]; diff --git a/dmp-frontend/src/app/ui/admin/dmp-profile/dmp-profile.routing.ts b/dmp-frontend/src/app/ui/admin/dmp-profile/dmp-profile.routing.ts index d9d7ac1b4..21a9ef4b8 100644 --- a/dmp-frontend/src/app/ui/admin/dmp-profile/dmp-profile.routing.ts +++ b/dmp-frontend/src/app/ui/admin/dmp-profile/dmp-profile.routing.ts @@ -3,11 +3,12 @@ import { RouterModule, Routes } from '@angular/router'; import { AuthGuard } from '../../../core/auth-guard.service'; import { DmpProfileEditorComponent } from './editor/dmp-profile-editor.component'; import { DmpProfileListingComponent } from './listing/dmp-profile-listing.component'; +import { AdminAuthGuard } from '@app/core/admin-auth-guard.service'; const routes: Routes = [ - { path: '', component: DmpProfileListingComponent, canActivate: [AuthGuard] }, - { path: 'new', component: DmpProfileEditorComponent, canActivate: [AuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-NEW' } }, - { path: ':id', component: DmpProfileEditorComponent, canActivate: [AuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-EDIT' } }, + { path: '', component: DmpProfileListingComponent, canActivate: [AdminAuthGuard] }, + { path: 'new', component: DmpProfileEditorComponent, canActivate: [AdminAuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-NEW' } }, + { path: ':id', component: DmpProfileEditorComponent, canActivate: [AdminAuthGuard], data: { title: 'GENERAL.TITLES.DMP-PROFILE-EDIT' } }, ]; @NgModule({ diff --git a/dmp-frontend/src/app/ui/admin/user/user.routing.ts b/dmp-frontend/src/app/ui/admin/user/user.routing.ts index 500a5a7e4..90e8fa5f9 100644 --- a/dmp-frontend/src/app/ui/admin/user/user.routing.ts +++ b/dmp-frontend/src/app/ui/admin/user/user.routing.ts @@ -1,9 +1,10 @@ import { NgModule } from '@angular/core'; import { RouterModule, Routes } from '@angular/router'; import { UserListingComponent } from './listing/user-listing.component'; +import { AdminAuthGuard } from '@app/core/admin-auth-guard.service'; const routes: Routes = [ - { path: '', component: UserListingComponent }, + { path: '', component: UserListingComponent, canActivate: [AdminAuthGuard] }, // { path: ':id', component: UserProfileComponent } ]; @@ -11,4 +12,4 @@ const routes: Routes = [ imports: [RouterModule.forChild(routes)], exports: [RouterModule] }) -export class UserRoutingModule { } \ No newline at end of file +export class UserRoutingModule { } diff --git a/dmp-frontend/src/app/ui/dmp/dmp.routing.ts b/dmp-frontend/src/app/ui/dmp/dmp.routing.ts index 3b3fcb74a..0b53447d7 100644 --- a/dmp-frontend/src/app/ui/dmp/dmp.routing.ts +++ b/dmp-frontend/src/app/ui/dmp/dmp.routing.ts @@ -6,6 +6,7 @@ import { DmpListingComponent } from './listing/dmp-listing.component'; import { DmpWizardComponent } from './wizard/dmp-wizard.component'; import { DmpOverviewComponent } from './overview/dmp-overview.component'; import { DmpCloneComponent } from './clone/dmp-clone.component'; +import { AuthGuard } from '@app/core/auth-guard.service'; const routes: Routes = [ { @@ -65,6 +66,7 @@ const routes: Routes = [ { path: 'new', component: DmpEditorComponent, + canActivate: [AuthGuard], data: { breadcrumbs: 'new', title: 'GENERAL.TITLES.PLANS-NEW' diff --git a/dmp-frontend/src/app/ui/language-editor/language-editor.routing.ts b/dmp-frontend/src/app/ui/language-editor/language-editor.routing.ts index 423d8dd32..fde8ad57b 100644 --- a/dmp-frontend/src/app/ui/language-editor/language-editor.routing.ts +++ b/dmp-frontend/src/app/ui/language-editor/language-editor.routing.ts @@ -1,9 +1,11 @@ import { NgModule } from '@angular/core'; import { RouterModule, Routes } from '@angular/router'; import { LanguageEditorComponent } from './language-editor.component'; +import { AuthGuard } from '@app/core/auth-guard.service'; +import { AdminAuthGuard } from '@app/core/admin-auth-guard.service'; const routes: Routes = [ - { path: '', component: LanguageEditorComponent }, + { path: '', component: LanguageEditorComponent, canActivate: [AdminAuthGuard] }, // { path: ':id', component: UserProfileComponent } ];