Add ToolAuthorizationGuard

Author: tschaffter

client/app/tool/tool-authorization-guard.service.ts

@@ -0,0 +1,62 @@
+import { Injectable } from '@angular/core';
+import { CanActivate, Router, ActivatedRouteSnapshot } from '@angular/router';
+import { ToolAuthorizationService } from './tool-authorization.service';
+import { Observable, forkJoin, of } from 'rxjs';
+import { map, catchError } from 'rxjs/operators';
+// import { Observable, of, merge, forkJoin } from 'rxjs';
+// import { map, catchError, tap, filter, take } from 'rxjs/operators';
+// import { UserPermissionDataService } from 'components/auth/user-permission-data.service';
+// import { NotificationService } from 'components/notification/notification.service';
+// import { ProjectService } from './project.service';
+
+export enum ToolAuthorizationTypes {
+    CREATE,
+    READ,
+    WRITE,
+    ADMIN,
+}
+
+@Injectable()
+export class ToolAuthorizationGuard implements CanActivate {
+    static parameters = [Router, ToolAuthorizationService];
+    constructor(private router: Router, private toolAuthorizationService: ToolAuthorizationService) {}
+
+    canActivate(route: ActivatedRouteSnapshot): Observable<boolean> {
+        const entityId = route.params.id;
+
+        return this.toolAuthorizationService.authorization().pipe(
+            map(auth => {
+                if (route.data.authorization === ToolAuthorizationTypes.CREATE) {
+                    return auth.canCreate;
+                }
+                return false;
+            }),
+            map(authorized => {
+                this.router.navigate(['/', 'tools']);
+                return authorized;
+            }),
+            catchError(err => {
+                console.error(err);
+                return of(false);
+            })
+        );
+
+        // return forkJoin({
+        //     permissions: this.userPermissionDataService.permissions().pipe(take(1)),
+        //     visibility: this.projectService.getVisibility(entityId),
+        // }).pipe(
+        //     map(data => data.permissions.canReadEntity(entityId, 'project', data.visibility)),
+        //     tap(canAccess => {
+        //         console.log('CAN ACCESS', canAccess);
+        //         if (!canAccess) {
+        //             this.notificationService.info('You do not have access to this project.');
+        //         }
+        //         return of(canAccess);
+        //     }),
+        //     catchError(err => {
+        //         console.error(err);
+        //         return of(false);
+        //     })
+        // );
+    }
+}

client/app/tool/tool.module.ts

@@ -32,6 +32,7 @@ import { ToolHeaderService } from './tool-header/tool-header.service';
 import { EntityThreadComponent } from 'components/entity/entity-thread/entity-thread.component';
 import { ToolThreadNewComponent } from './tool-thread-new/tool-thread-new.component';
 import { ToolAuthorizationService } from './tool-authorization.service';
+import { ToolAuthorizationGuard, ToolAuthorizationTypes } from './tool-authorization-guard.service';
 
 export const ROUTES: Routes = [
     {
@@ -42,7 +43,8 @@ export const ROUTES: Routes = [
     {
         path: 'tools/new',
         component: ToolNewComponent,
-        canActivate: [AuthGuard],
+        canActivate: [AuthGuard, ToolAuthorizationGuard],
+        data: { authorization: ToolAuthorizationTypes.CREATE },
     },
     {
         path: 'tools/:id',
@@ -94,6 +96,7 @@ export const ROUTES: Routes = [
         ToolService,
         ToolDataService,
         ToolAuthorizationService,
+        ToolAuthorizationGuard,
         ToolSidenavService,
         ToolHeaderService,
     ],