71429: Abstract FeatureAuthorizationGuard + small fix

2025-10-07 10:04:11 +00:00 · 2020-06-18 17:39:11 +02:00
parent bbbeddc875
commit 89afaaa4a5
6 changed files with 79 additions and 34 deletions
--- a/src/app/+admin/admin-sidebar/admin-sidebar.component.ts
+++ b/src/app/+admin/admin-sidebar/admin-sidebar.component.ts
@@ -73,7 +73,7 @@ export class AdminSidebarComponent extends MenuComponent implements OnInit {
   * Set and calculate all initial values of the instance variables
   */
  ngOnInit(): void {
-    this.authorizationService.isAuthenticated(FeatureType.AdministratorOf).pipe(take(1)).subscribe((authorized) => {
+    this.authorizationService.isAuthenticated(FeatureType.AdministratorOf).subscribe((authorized) => {
      this.createMenu(authorized);
      super.ngOnInit();
      this.sidebarWidth = this.variableService.getVariable('sidebarItemsWidth');
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -10,7 +10,7 @@ import { Collection } from './core/shared/collection.model';
 import { Item } from './core/shared/item.model';
 import { getItemPageRoute } from './+item-page/item-page-routing.module';
 import { getCollectionPageRoute } from './+collection-page/collection-page-routing.module';
-import { SiteAdministratorGuard } from './core/data/feature-authorization/site-administrator.guard';
+import { SiteAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';

 const ITEM_MODULE_PATH = 'items';

--- a/src/app/core/core.module.ts
+++ b/src/app/core/core.module.ts
@@ -149,7 +149,7 @@ import { Feature } from './shared/feature.model';
 import { Authorization } from './shared/authorization.model';
 import { FeatureDataService } from './data/feature-authorization/feature-data.service';
 import { AuthorizationDataService } from './data/feature-authorization/authorization-data.service';
-import { SiteAdministratorGuard } from './data/feature-authorization/site-administrator.guard';
+import { SiteAdministratorGuard } from './data/feature-authorization/feature-authorization-guard/site-administrator.guard';

 /**
 * When not in production, endpoint responses can be mocked for testing purposes
--- a/src/app/core/data/feature-authorization/feature-authorization-guard/feature-authorization.guard.ts
+++ b/src/app/core/data/feature-authorization/feature-authorization-guard/feature-authorization.guard.ts
@@ -0,0 +1,52 @@
+import { ActivatedRouteSnapshot, CanActivate, CanLoad, Route, RouterStateSnapshot, UrlSegment } from '@angular/router';
+import { AuthorizationDataService } from '../authorization-data.service';
+import { FeatureType } from '../feature-type';
+import { Observable } from 'rxjs/internal/Observable';
+
+/**
+ * Abstract Guard for preventing unauthorized activating and loading of routes when a user
+ * doesn't have authorized rights on a specific feature and/or object.
+ * Override the desired getters in the parent class for checking specific authorization on a feature and/or object.
+ */
+export abstract class FeatureAuthorizationGuard implements CanActivate, CanLoad {
+  constructor(protected authorizationService: AuthorizationDataService) {
+  }
+
+  /**
+   * True when user has authorization rights for the feature and object provided
+   */
+  canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> {
+    return this.authorizationService.isAuthenticated(this.getFeatureType(), this.getObjectUrl(), this.getEPersonUuid());
+  }
+
+  /**
+   * True when user has authorization rights for the feature and object provided
+   */
+  canLoad(route: Route, segments: UrlSegment[]): Observable<boolean> {
+    return this.authorizationService.isAuthenticated(this.getFeatureType(), this.getObjectUrl(), this.getEPersonUuid());
+  }
+
+  /**
+   * The type of feature to check authorization for
+   * Override this method to define a feature
+   */
+  getFeatureType(): FeatureType {
+    return undefined;
+  }
+
+  /**
+   * The URL of the object to check if the user has authorized rights for
+   * Override this method to define an object URL. If not provided, the {@link Site}'s URL will be used
+   */
+  getObjectUrl(): string {
+    return undefined;
+  }
+
+  /**
+   * The UUID of the user to check authorization rights for
+   * Override this method to define an {@link EPerson} UUID. If not provided, the authenticated user's UUID will be used.
+   */
+  getEPersonUuid(): string {
+    return undefined;
+  }
+}
--- a/src/app/core/data/feature-authorization/feature-authorization-guard/site-administrator.guard.ts
+++ b/src/app/core/data/feature-authorization/feature-authorization-guard/site-administrator.guard.ts
@@ -0,0 +1,24 @@
+import { Injectable } from '@angular/core';
+import { FeatureAuthorizationGuard } from './feature-authorization.guard';
+import { FeatureType } from '../feature-type';
+import { AuthorizationDataService } from '../authorization-data.service';
+
+/**
+ * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have administrator
+ * rights to the {@link Site}
+ */
+@Injectable({
+  providedIn: 'root'
+})
+export class SiteAdministratorGuard extends FeatureAuthorizationGuard {
+  constructor(protected authorizationService: AuthorizationDataService) {
+    super(authorizationService);
+  }
+
+  /**
+   * Check administrator authorization rights
+   */
+  getFeatureType(): FeatureType {
+    return FeatureType.AdministratorOf;
+  }
+}
--- a/src/app/core/data/feature-authorization/site-administrator.guard.ts
+++ b/src/app/core/data/feature-authorization/site-administrator.guard.ts
@@ -1,31 +0,0 @@
-import { Injectable } from '@angular/core';
-import { ActivatedRouteSnapshot, CanActivate, CanLoad, Route, RouterStateSnapshot, UrlSegment } from '@angular/router';
-import { Observable } from 'rxjs';
-import { AuthorizationDataService } from './authorization-data.service';
-import { FeatureType } from './feature-type';
-
-/**
- * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have administrator
- * rights to the {@link Site}
- */
-@Injectable({
-  providedIn: 'root'
-})
-export class SiteAdministratorGuard implements CanActivate, CanLoad {
-  constructor(private authorizationService: AuthorizationDataService) {
-  }
-
-  /**
-   * True when user has administrator rights to the {@link Site}
-   */
-  canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> {
-    return this.authorizationService.isAuthenticated(FeatureType.AdministratorOf);
-  }
-
-  /**
-   * True when user has administrator rights to the {@link Site}
-   */
-  canLoad(route: Route, segments: UrlSegment[]): Observable<boolean> {
-    return this.authorizationService.isAuthenticated(FeatureType.AdministratorOf);
-  }
-}