Aam-Digital/ndb-core

View on GitHub
src/app/core/permissions/permission-guard/entity-permission.guard.ts

Summary

Maintainability
A
0 mins
Test Coverage
A
90%
import { Injectable } from "@angular/core";
import { CanActivate, Router } from "@angular/router";
import { EntityAbility } from "../ability/entity-ability";
import { AbstractPermissionGuard } from "./abstract-permission.guard";
import { DynamicComponentConfig } from "../../config/dynamic-components/dynamic-component-config.interface";

/**
 * A guard that checks the current users permission to interact with the entity of the route.
 * Define `requiredPermissionOperation` in the route data / config, to enable a check that will find the relevant entity from config.
 */
@Injectable()
export class EntityPermissionGuard
  extends AbstractPermissionGuard
  implements CanActivate
{
  constructor(
    router: Router,
    private ability: EntityAbility,
  ) {
    super(router);
  }

  protected async canAccessRoute(
    routeData: DynamicComponentConfig,
  ): Promise<boolean> {
    const operation = routeData?.["requiredPermissionOperation"] ?? "read";
    const primaryEntity =
      routeData?.["entityType"] ??
      routeData?.["entity"] ??
      routeData?.["config"]?.["entityType"] ??
      routeData?.["config"]?.["entity"];

    if (!primaryEntity) {
      // No relevant config set => all users are allowed
      return true;
    }

    if (this.ability.rules.length === 0) {
      // wait till rules are initialised
      await new Promise((res) => this.ability.on("updated", res));
    }

    return this.ability.can(operation, primaryEntity);
  }
}