sitkatech · Mackulus · Oct 13, 2021 · Oct 13, 2021 · Oct 13, 2021
diff --git a/Source/Nebula.API/Controllers/WatershedController.cs b/Source/Nebula.API/Controllers/WatershedController.cs
@@ -21,23 +21,23 @@ public WatershedController(NebulaDbContext dbContext, ILogger<WatershedControlle
  }
 
  [HttpGet("/watersheds")]
- [AdminFeature]
+ [DataExplorerFeature]
  public ActionResult<List<WatershedDto>> ListAllWatersheds()
  {
  var watershedDtos = Watershed.List(_dbContext).OrderBy(x => x.WatershedName).ToList();
  return watershedDtos;
  }
 
  [HttpGet("/watersheds/{watershedID}")]
- [AdminFeature]
+ [DataExplorerFeature]
  public ActionResult<WatershedDto> GetWatershedByID([FromRoute] int watershedID)
  {
  var watershedDto = Watershed.GetByWatershedID(_dbContext, watershedID);
  return RequireNotNullThrowNotFound(watershedDto, "Watershed", watershedID);
  }
 
  [HttpPost("watersheds/getBoundingBox")]
- [AdminFeature]
+ [DataExplorerFeature]
  public ActionResult<BoundingBoxDto> GetBoundingBoxByWatershedIDs([FromBody] WatershedIDListDto watershedIDListDto)
  {
  if (!ModelState.IsValid)

diff --git a/Source/Nebula.API/Services/Authorization/DataExplorerFeature.cs b/Source/Nebula.API/Services/Authorization/DataExplorerFeature.cs
@@ -0,0 +1,9 @@
+using Nebula.EFModels.Entities;
+
+namespace Nebula.API.Services.Authorization
+{
+ public class DataExplorerFeature : BaseAuthorizationAttribute
+ {
+ public DataExplorerFeature() : base(new[] { RoleEnum.Admin, RoleEnum.DataExplorer }) { }
+ }
+}
diff --git a/Source/Nebula.API/Services/Authorization/UserViewFeature.cs b/Source/Nebula.API/Services/Authorization/UserViewFeature.cs
@@ -4,7 +4,7 @@ namespace Nebula.API.Services.Authorization
 {
  public class UserViewFeature : BaseAuthorizationAttribute
  {
- public UserViewFeature() : base(new []{RoleEnum.Admin, RoleEnum.LandOwner, RoleEnum.Unassigned})
+ public UserViewFeature() : base(new []{RoleEnum.Admin, RoleEnum.DataExplorer, RoleEnum.Unassigned})
  {
  }
  }

diff --git a/Source/Nebula.EFModels/Entities/Role.cs b/Source/Nebula.EFModels/Entities/Role.cs
@@ -29,7 +29,7 @@ public static RoleDto GetByRoleID(NebulaDbContext dbContext, int roleID)
  public enum RoleEnum
  {
  Admin = 1,
- LandOwner = 2,
+ DataExplorer = 2,
  Unassigned = 3,
  Disabled = 4
  }

diff --git a/Source/Nebula.Web/src/app/app-routing.module.ts b/Source/Nebula.Web/src/app/app-routing.module.ts
@@ -21,20 +21,21 @@ import { FieldDefinitionEditComponent } from './pages/field-definition-edit/fiel
 import { TimeSeriesAnalysisComponent } from './pages/time-series-analysis/time-series-analysis.component';
 import { PairedRegressionAnalysisComponent } from './pages/paired-regression-analysis/paired-regression-analysis.component';
 import { DiversionScenarioComponent } from './pages/diversion-scenario/diversion-scenario.component';
+import { DataExplorerGuard } from './shared/guards/unauthenticated-access/data-explorer-guard';
 
 const routes: Routes = [
  { path: "labels-and-definitions/:id", component: FieldDefinitionEditComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "labels-and-definitions", component: FieldDefinitionListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "watersheds", component: WatershedListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "watersheds/:id", component: WatershedDetailComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
+ { path: "watersheds", component: WatershedListComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard] },
+ { path: "watersheds/:id", component: WatershedDetailComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard] },
  { path: "users", component: UserListComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
  { path: "users/:id", component: UserDetailComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "users/:id/edit", component: UserEditComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "invite-user/:userID", component: UserInviteComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
  { path: "invite-user", component: UserInviteComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard] },
- { path: "time-series-analysis", component: TimeSeriesAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
- { path: "paired-regression-analysis", component: PairedRegressionAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
- { path: "diversion-scenario", component: DiversionScenarioComponent, canActivate: [UnauthenticatedAccessGuard, ManagerOnlyGuard, AcknowledgedDisclaimerGuard]},
+ { path: "time-series-analysis", component: TimeSeriesAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard]},
+ { path: "paired-regression-analysis", component: PairedRegressionAnalysisComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard]},
+ { path: "diversion-scenario", component: DiversionScenarioComponent, canActivate: [UnauthenticatedAccessGuard, DataExplorerGuard, AcknowledgedDisclaimerGuard]},
  { path: "disclaimer", component: DisclaimerComponent },
  { path: "disclaimer/:forced", component: DisclaimerComponent },
  { path: "help", component: HelpComponent },

diff --git a/Source/Nebula.Web/src/app/services/authentication.service.ts b/Source/Nebula.Web/src/app/services/authentication.service.ts
@@ -164,4 +164,17 @@ export class AuthenticationService {
  public hasCurrentUserAcknowledgedDisclaimer(): boolean {
  return this.currentUser != null && this.currentUser.DisclaimerAcknowledgedDate != null;
  }
+
+ public isUserInRole(user: UserDetailedDto, roles: RoleEnum[]): boolean {
+ const role = user && user.Role ? user.Role.RoleID : null;
+ if (role == null) {
+ return false;
+ }
+
+ return roles.includes(role);
+ }
+
+ public isCurrentUserInRole(roles: RoleEnum[]): boolean {
+ return this.isUserInRole(this.currentUser, roles);
+ }
 }
diff --git a/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.html b/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.html
@@ -11,7 +11,7 @@
  </button>
  <div class="collapse navbar-collapse" id="navbarNav">
  <ul class="navbar-nav mr-auto mt-2 mt-lg-0">
- <li class="nav-item dropdown" routerLinkActive="active" *ngIf="isAdministrator()">
+ <li class="nav-item dropdown" routerLinkActive="active" *ngIf="canSeeViewMenu()">
  <a href="#" class="nav-link dropdown-toggle" role="button" data-toggle="dropdown" aria-haspopup="true"
  aria-expanded="false">
  View

diff --git a/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.ts b/Source/Nebula.Web/src/app/shared/components/header-nav/header-nav.component.ts
@@ -7,6 +7,7 @@ import { AlertService } from '../../services/alert.service';
 import { Alert } from '../../models/alert';
 import { environment } from 'src/environments/environment';
 import { AlertContext } from '../../models/enums/alert-context.enum';
+import { RoleEnum } from '../../models/enums/role.enum';
 
 @Component({
  selector: 'header-nav',
@@ -57,6 +58,10 @@ export class HeaderNavComponent implements OnInit, OnDestroy {
  return this.authenticationService.isAuthenticated();
  }
 
+ public canSeeViewMenu(): boolean {
+ return this.authenticationService.isUserInRole(this.currentUser, [RoleEnum.Admin, RoleEnum.DataExplorer]);
+ }
+
  public isAdministrator(): boolean {
  return this.authenticationService.isUserAnAdministrator(this.currentUser);
  }

diff --git a/Source/Nebula.Web/src/app/shared/guards/unauthenticated-access/data-explorer-guard.ts b/Source/Nebula.Web/src/app/shared/guards/unauthenticated-access/data-explorer-guard.ts
@@ -0,0 +1,40 @@
+import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, Router } from '@angular/router';
+import { Observable } from "rxjs";
+import { map } from "rxjs/operators";
+import { Injectable } from '@angular/core';
+import { AlertService } from '../../services/alert.service';
+import { AuthenticationService } from 'src/app/services/authentication.service';
+import { RoleEnum } from '../../models/enums/role.enum';
+
+
+@Injectable({
+ providedIn: 'root'
+})
+export class DataExplorerGuard implements CanActivate {
+ constructor(private router: Router, private alertService: AlertService, private authenticationService: AuthenticationService) {
+ }
+ canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {
+ if (!this.authenticationService.isCurrentUserNullOrUndefined()) {
+ if (this.authenticationService.isCurrentUserInRole([RoleEnum.Admin, RoleEnum.DataExplorer])) {
+ return true;
+ } else {
+ this.alertService.pushNotFoundUnauthorizedAlert();
+ this.router.navigate(["/"]);
+ return false;
+ }
+ }
+
+ return this.authenticationService.currentUserSetObservable
+ .pipe(
+ map(x => {
+ if (x.Role.RoleID == RoleEnum.Admin || x.Role.RoleID == RoleEnum.DataExplorer) {
+ return true;
+ } else {
+ this.alertService.pushNotFoundUnauthorizedAlert();
+ this.router.navigate(["/"]);
+ return false;
+ }
+ })
+ );
+ }
+}