Add a data explorer guard and allow the data explorer role to see the…

… analysis pages
sitkatech · Mackulus · Oct 13, 2021 · Oct 13, 2021 · Oct 13, 2021 · Oct 13, 2021
commit 67a76c88c030e38683797e67ab5f1afd3bded4ed
diff --git a/Source/Nebula.Web/src/app/app-routing.module.ts b/Source/Nebula.Web/src/app/app-routing.module.ts
@@ -21,20 +21,21 @@ import { FieldDefinitionEditComponent } from './pages/field-definition-edit/fiel
 import { TimeSeriesAnalysisComponent } from './pages/time-series-analysis/time-series-analysis.component';
 import { PairedRegressionAnalysisComponent } from './pages/paired-regression-analysis/paired-regression-analysis.component';
 import { DiversionScenarioComponent } from './pages/diversion-scenario/diversion-scenario.component';
+import { DataExplorerGuard } from './shared/guards/unauthenticated-access/data-explorer-guard';
 
 const routes: Routes = [
  { path: "labels-and-definitions/:id", component: FieldDefinitionEditComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "labels-and-definitions", component: FieldDefinitionListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "watersheds", component: WatershedListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "watersheds/:id", component: WatershedDetailComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
+ { path: "watersheds", component: WatershedListComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard] },
+ { path: "watersheds/:id", component: WatershedDetailComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard] },
  { path: "users", component: UserListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
  { path: "users/:id", component: UserDetailComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "users/:id/edit", component: UserEditComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "invite-user/:userID", component: UserInviteComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "invite-user", component: UserInviteComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "time-series-analysis", component: TimeSeriesAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
- { path: "paired-regression-analysis", component: PairedRegressionAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
- { path: "diversion-scenario", component: DiversionScenarioComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
+ { path: "time-series-analysis", component: TimeSeriesAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard]},
+ { path: "paired-regression-analysis", component: PairedRegressionAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard]},
+ { path: "diversion-scenario", component: DiversionScenarioComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard]},
  { path: "disclaimer", component: DisclaimerComponent },
  { path: "disclaimer/:forced", component: DisclaimerComponent },
  { path: "help", component: HelpComponent },

diff --git a/Source/Nebula.Web/src/app/services/authentication.service.ts b/Source/Nebula.Web/src/app/services/authentication.service.ts
@@ -164,4 +164,17 @@ export class AuthenticationService {
  public hasCurrentUserAcknowledgedDisclaimer(): boolean {
  return this.currentUser != null && this.currentUser.DisclaimerAcknowledgedDate != null;
  }
+
+ public isUserInRole(user: UserDetailedDto, roles: RoleEnum[]): boolean {
+ const role = user && user.Role ? user.Role.RoleID : null;
+ if (role == null) {
+ return false;
+ }
+
+ return roles.includes(role);
+ }
+
+ public isCurrentUserInRole(roles: RoleEnum[]): boolean {
+ return this.isUserInRole(this.currentUser, roles);
+ }
 }
diff --git a/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.html b/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.html
@@ -11,7 +11,7 @@
  </button>
  <div class="collapse navbar-collapse" id="navbarNav">
  <ul class="navbar-nav mr-auto mt-2 mt-lg-0">
- <li class="nav-item dropdown" routerLinkActive="active" *ngIf="isAdministrator()">
+ <li class="nav-item dropdown" routerLinkActive="active" *ngIf="canSeeViewMenu()">
  <a href="#" class="nav-link dropdown-toggle" role="button" data-toggle="dropdown" aria-haspopup="true"
  aria-expanded="false">
  View

diff --git a/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.ts b/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.ts
@@ -7,6 +7,7 @@ import { AlertService } from '../../services/alert.service';
 import { Alert } from '../../models/alert';
 import { environment } from 'src/environments/environment';
 import { AlertContext } from '../../models/enums/alert-context.enum';
+import { RoleEnum } from '../../models/enums/role.enum';
 
 @Component({
  selector: 'header-nav',
@@ -57,6 +58,10 @@ export class HeaderNavComponent implements OnInit, OnDestroy {
  return this.authenticationService.isAuthenticated();
  }
 
+ public canSeeViewMenu(): boolean {
+ return this.authenticationService.isUserInRole(this.currentUser, [RoleEnum.Admin, RoleEnum.DataExplorer]);
+ }
+
  public isAdministrator(): boolean {
  return this.authenticationService.isUserAnAdministrator(this.currentUser);
  }

diff --git a/Source/Nebula.Web/src/app/shared/guards/unauthenticated-access/data-explorer-guard.ts b/Source/Nebula.Web/src/app/shared/guards/unauthenticated-access/data-explorer-guard.ts
@@ -0,0 +1,40 @@
+import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, Router } from '@angular/router';
+import { Observable } from "rxjs";
+import { map } from "rxjs/operators";
+import { Injectable } from '@angular/core';
+import { AlertService } from '../../services/alert.service';
+import { AuthenticationService } from 'src/app/services/authentication.service';
+import { RoleEnum } from '../../models/enums/role.enum';
+
+
+@Injectable({
+ providedIn: 'root'
+})
+export class DataExplorerGuard implements CanActivate {
+ constructor(private router: Router, private alertService: AlertService, private authenticationService: AuthenticationService) {
+ }
+ canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {
+ if (!this.authenticationService.isCurrentUserNullOrUndefined()) {
+ if (this.authenticationService.isCurrentUserInRole([RoleEnum.Admin, RoleEnum.DataExplorer])) {
+ return true;
+ } else {
+ this.alertService.pushNotFoundUnauthorizedAlert();
+ this.router.navigate(["/"]);
+ return false;
+ }
+ }
+
+ return this.authenticationService.currentUserSetObservable
+ .pipe(
+ map(x => {
+ if (x.Role.RoleID == RoleEnum.Admin || x.Role.RoleID == RoleEnum.DataExplorer) {
+ return true;
+ } else {
+ this.alertService.pushNotFoundUnauthorizedAlert();
+ this.router.navigate(["/"]);
+ return false;
+ }
+ })
+ );
+ }
+}