Merge pull request #20 from sitkatech/rework/33

Rework/33

Source/Nebula.Web/src/app/app-routing.module.ts

@@ -32,7 +32,7 @@ const routes: Routes = [
  { path: "custom-pages", component: CustomPageListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "custom-pages/create", component: CustomPageCreateComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "custom-pages/edit-properties/:vanity-url", component: CustomPageEditPropertiesComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "custom-pages/:vanity-url", component: CustomPageDetailComponent, canActivate: [CustomPageAccessGuard] },
+ { path: "custom-pages/:vanity-url", component: CustomPageDetailComponent, canActivate: [UnauthenticatedAccessGuard, CustomPageAccessGuard, AcknowledgedDisclaimerGuard] },
  { path: "watersheds/:id", component: WatershedDetailComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard] },
  { path: "users", component: UserListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
  { path: "users/:id", component: UserDetailComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },

Source/Nebula.Web/src/app/pages/custom-page-detail/custom-page-detail.component.html

@@ -13,10 +13,10 @@
 
 <div class="container mt-sm-4 mb-5" *ngIf="!isLoading">
  <app-alert-display></app-alert-display>
+ <div>
+ <h2 class="d-inline-block">{{customPageDisplayName}}</h2>
+ </div>
  <ng-container *ngIf="!isEditing">
- <div>
- <h2 class="d-inline-block">{{customPageDisplayName}}</h2>
- </div>
  <div *ngIf="showEditButton()" class="customPageContent" style="position: relative; min-height: 60px;">
  <div class="hoverEditButton">
  <div style="margin-top: 10px">
@@ -37,7 +37,7 @@ <h2 class="d-inline-block">{{customPageDisplayName}}</h2>
  <span class="mt-1 fa fa-spinner loading-spinner" style="float:right;"></span>
  </div>
  <ckeditor [editor]="Editor" [(ngModel)]="editedContent" (ready)="ckEditorReady($event)" [config]="ckConfig"></ckeditor>
- <div style="float:right; display:block;" *ngIf="!isUploadingImage()">
+ <div style="float:right;" *ngIf="!isUploadingImage()">
  <button type="button" class="btn btn-nebula mt-1 mr-1" (click)="saveEdit()">Save</button>
  <button type="button" class="btn btn-secondary mt-1" (click)="cancelEdit()">Cancel</button>
  </div>

Source/Nebula.Web/src/app/services/authentication.service.ts

@@ -97,11 +97,6 @@ export class AuthenticationService {
  );
  }
 
- private getUserCallback(user: UserDetailedDto) {
- this.currentUser = user;
- this._currentUserSetSubject.next(this.currentUser);
- }
-
  private onGetUserError(error: any, claims: any) {
  if (error.status !== 404) {
  this.alertService.pushAlert(new Alert("There was an error logging into the application.", AlertContext.Danger));

Source/Nebula.Web/src/app/shared/guards/custom-page-access-guard.ts

@@ -1,37 +1,38 @@
-import { CanActivate, ActivatedRouteSnapshot, Router } from '@angular/router';
-import { Observable } from "rxjs";
-import { map } from "rxjs/operators";
+import { CanActivate, ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
 import { Injectable } from '@angular/core';
 import { AlertService } from '../services/alert.service';
 import { AuthenticationService } from 'src/app/services/authentication.service';
 import { CustomPageService } from 'src/app/services/custom-page.service';
 @Injectable({
  providedIn: 'root'
 })
-
 export class CustomPageAccessGuard implements CanActivate {
  constructor(
- private router: Router,
- private alertService: AlertService,
- private authenticationService: AuthenticationService,
+ private router: Router, 
+ private alertService: AlertService, 
+ private authenticationService: AuthenticationService, 
  private customPageService: CustomPageService) { }
 
- canActivate(route: ActivatedRouteSnapshot): Observable<boolean> | Promise<boolean> | boolean 
- {
- const vanityUrl = route.paramMap.get("vanity-url");
+ async canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
+  let vanityUrl = next.paramMap.get("vanity-url");
+ let viewableRoleIDs = Array<number>();
  if (vanityUrl) {
- return this.customPageService.getCustomPageRolesByVanityUrl(vanityUrl)
- .pipe(
- map(roles => {
- if (this.authenticationService.doesCurrentUserHaveOneOfTheseRoles(roles.map(y => y.RoleID))) {
- return true;
- } else {
- return this.returnUnauthorized();
- }
- })
- )
- }
- else {
+ viewableRoleIDs = await this.getCustomPageRoleIDsByVanityUrl(vanityUrl);
+ if (!this.authenticationService.isCurrentUserNullOrUndefined()) {
+ if (this.authenticationService.doesCurrentUserHaveOneOfTheseRoles(viewableRoleIDs)) {
+ return true;
+ }
+ return this.returnUnauthorized();
+ }
+
+ return this.authenticationService.getCurrentUser().toPromise().then(x => {
+ if (viewableRoleIDs.includes(x.Role.RoleID)) {
+ return true;
+ } else {
+ return this.returnUnauthorized();
+ }
+ })
+ } else {
  return this.returnUnauthorized();
  }
  }
@@ -42,4 +43,24 @@ export class CustomPageAccessGuard implements CanActivate {
  });
  return false;
  }
+
+ async getCustomPageRoleIDsByVanityUrl(vanityUrl: string): Promise<Array<number>> {
+
+ return new Promise((resolve, reject) => {
+
+ this.customPageService.getCustomPageRolesByVanityUrl(vanityUrl).subscribe(roles => {
+ let viewableRoleIDs = roles.map(x => x.RoleID);
+ resolve(viewableRoleIDs)
+ }, 
+ error => {
+ let errorMessage = <any>error;
+ if(errorMessage != null) {
+ reject(errorMessage);
+ }
+ }
+ );
+
+ })
+ }
+
 }