This repository was archived by the owner on May 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 174
Expand file tree
/
Copy pathrole.guard.ts
More file actions
51 lines (40 loc) · 2.05 KB
/
role.guard.ts
File metadata and controls
51 lines (40 loc) · 2.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { ActivatedRouteSnapshot, Router, RouterStateSnapshot, UrlTree } from "@angular/router";
import { Inject, Injectable } from "@angular/core";
import { Location } from "@angular/common";
import { Observable, of } from "rxjs";
import { concatMap } from "rxjs/operators";
import { MsalBroadcastService, MsalGuardConfiguration, MsalService, MSAL_GUARD_CONFIG } from "@azure/msal-angular";
import { BaseGuard } from "./base.guard";
@Injectable()
export class RoleGuard extends BaseGuard {
constructor(
@Inject(MSAL_GUARD_CONFIG) protected override msalGuardConfig: MsalGuardConfiguration,
protected override msalBroadcastService: MsalBroadcastService,
protected override authService: MsalService,
protected override location: Location,
protected override router: Router
) {
super(msalGuardConfig, msalBroadcastService, authService, location, router);
}
override activateHelper(state?: RouterStateSnapshot, route?: ActivatedRouteSnapshot): Observable<boolean | UrlTree> {
let result = super.activateHelper(state, route);
const expectedRoles: string[] = route ? route.data['expectedRoles'] : [];
return result.pipe(
concatMap(() => {
let activeAccount = this.authService.instance.getActiveAccount();
if (!activeAccount && this.authService.instance.getAllAccounts().length > 0) {
activeAccount = this.authService.instance.getAllAccounts()[0];
}
if (!activeAccount?.idTokenClaims?.roles) {
window.alert('Token does not have roles claim. Please ensure that your account is assigned to an app role and then sign-out and sign-in again.');
return of(false);
}
const hasRequiredRole = expectedRoles.some((role: string) => activeAccount?.idTokenClaims?.roles?.includes(role));
if (!hasRequiredRole) {
window.alert('You do not have access as the expected role is not found. Please ensure that your account is assigned to an app role and then sign-out and sign-in again.');
}
return of(hasRequiredRole);
})
);
}
}