Added logic to check server view permissions #339 #1.1.0.rc3

2023-08-16 20:55:42 +02:00 · 2023-08-16 20:55:42 +02:00 · e283a18def
commit e283a18def
parent f5b2bec356
5 changed files with 55 additions and 17 deletions
--- a/kdb-web/package.json
+++ b/kdb-web/package.json
@ -1,6 +1,6 @@
 {
    "name": "kdb-web",
-    "version": "1.1.0.rc2",
+    "version": "1.1.0.rc3",
    "scripts": {
        "ng": "ng",
        "update-version": "ts-node-esm update-version.ts",
--- a/kdb-web/src/app/models/auth/auth-user.dto.ts
+++ b/kdb-web/src/app/models/auth/auth-user.dto.ts
@ -25,3 +25,9 @@ export interface UserDTO {
  isAdmin: boolean;
  isModerator: boolean;
 }
+
+export enum MemberRoles {
+  Moderator = 0,
+  Admin = 1,
+  Technician = 2,
+}
--- a/kdb-web/src/app/modules/shared/guards/auth/auth.guard.ts
+++ b/kdb-web/src/app/modules/shared/guards/auth/auth.guard.ts
@ -1,17 +1,20 @@
-import { Injectable } from '@angular/core';
-import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from '@angular/router';
-import { catchError } from 'rxjs/operators';
-import { AuthService } from 'src/app/services/auth/auth.service';
-import { ThemeService } from 'src/app/services/theme/theme.service';
+import { Injectable } from "@angular/core";
+import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from "@angular/router";
+import { catchError } from "rxjs/operators";
+import { AuthService } from "src/app/services/auth/auth.service";
+import { ThemeService } from "src/app/services/theme/theme.service";
+import { SidebarService } from "../../../../services/sidebar/sidebar.service";
+import { MemberRoles } from "../../../../models/auth/auth-user.dto";

@Injectable({
-  providedIn: 'root'
+  providedIn: "root"
 })
 export class AuthGuard implements CanActivate {
  constructor(
    private router: Router,
    private authService: AuthService,
-    private themeService: ThemeService
+    private themeService: ThemeService,
+    private sidebarService: SidebarService
  ) {
  }

@ -26,19 +29,41 @@ export class AuthGuard implements CanActivate {
      return false;
    }

-    const role = route.data['role'];
-    if (role) {
+    const role = route.data["role"];
+    const memberRole = route.data["memberRole"];
+    if (role !== undefined) {
      this.authService.hasUserPermission(role).then(async hasPermission => {
        let authUser = await this.authService.getLoggedInUser();
        let isTechnician = authUser?.users?.map(u => u.isTechnician).filter(u => u) ?? [];

        if (!hasPermission && !isTechnician) {
-          this.router.navigate(['/dashboard']);
+          this.router.navigate(["/dashboard"]);
          return false;
        }
        return true;
      });
    }
+
+    if (memberRole !== undefined) {
+      let userHasAccess = false;
+      let authUser = await this.authService.getLoggedInUser();
+      authUser?.users?.forEach(u => {
+        if (u.server === +(this.sidebarService.server$.value?.id ?? 0)) {
+          if (
+            memberRole === MemberRoles.Moderator && u.isModerator ||
+            memberRole === MemberRoles.Admin && u.isAdmin ||
+            memberRole === MemberRoles.Technician && u.isTechnician
+          ) {
+            userHasAccess = true;
+          }
+        }
+      });
+      if (!userHasAccess) {
+        this.router.navigate(["/dashboard"]);
+        return false;
+      }
+      return true;
+    }
    return true;
  }
 }
--- a/kdb-web/src/app/modules/view/server/server-routing.module.ts
+++ b/kdb-web/src/app/modules/view/server/server-routing.module.ts
@ -3,15 +3,22 @@ import { RouterModule, Routes } from "@angular/router";
 import { ServerDashboardComponent } from "./server-dashboard/server-dashboard.component";
 import { ProfileComponent } from "./profile/profile.component";
 import { MembersComponent } from "./members/members.component";
+import { AuthGuard } from "../../shared/guards/auth/auth.guard";
+import { MemberRoles } from "../../../models/auth/auth-user.dto";

 const routes: Routes = [
  { path: "", component: ServerDashboardComponent },
-  { path: "members", component: MembersComponent },
+  { path: "members", component: MembersComponent, canActivate: [AuthGuard], data: { memberRole: MemberRoles.Moderator } },
  { path: "members/:memberId", component: ProfileComponent },
-  { path: "auto-roles", loadChildren: () => import("./auto-role/auto-role.module").then(m => m.AutoRoleModule) },
-  { path: "levels", loadChildren: () => import("./levels/levels.module").then(m => m.LevelsModule) },
-  { path: "achievements", loadChildren: () => import("./achievements/achievements.module").then(m => m.AchievementsModule) },
-  { path: "config", loadChildren: () => import("./config/config.module").then(m => m.ConfigModule) }
+  {
+    path: "auto-roles",
+    loadChildren: () => import("./auto-role/auto-role.module").then(m => m.AutoRoleModule),
+    canActivate: [AuthGuard],
+    data: { memberRole: MemberRoles.Moderator }
+  },
+  { path: "levels", loadChildren: () => import("./levels/levels.module").then(m => m.LevelsModule), canActivate: [AuthGuard], data: { memberRole: MemberRoles.Moderator } },
+  { path: "achievements", loadChildren: () => import("./achievements/achievements.module").then(m => m.AchievementsModule), data: { memberRole: MemberRoles.Moderator } },
+  { path: "config", loadChildren: () => import("./config/config.module").then(m => m.ConfigModule), data: { memberRole: MemberRoles.Admin } }
 ];

@NgModule({
--- a/kdb-web/src/assets/version.json
+++ b/kdb-web/src/assets/version.json
@ -2,6 +2,6 @@
    "WebVersion": {
        "Major": "1",
        "Minor": "1",
-        "Micro": "0.rc2"
+        "Micro": "0.rc3"
    }
 }