From bd33c59ddf1893363613b88202b20e2967a94383 Mon Sep 17 00:00:00 2001 From: Sean Engelhardt Date: Fri, 5 Apr 2019 12:33:34 +0200 Subject: [PATCH] Add permissions to ListViews Adds the AuthGuard to certain routes Adds an error-component Also hides certain other elements where permissions should apply --- .../core/core-services/auth-guard.service.ts | 31 ++-- .../app/site/agenda/agenda-routing.module.ts | 17 +- .../agenda-list/agenda-list.component.html | 1 + .../app/site/common/common-routing.module.ts | 8 +- .../components/error/error.component.html | 9 + .../components/error/error.component.scss | 0 .../components/error/error.component.spec.ts | 26 +++ .../components/error/error.component.ts | 32 ++++ .../components/start/start.component.html | 2 +- .../src/app/site/common/os-common.module.ts | 10 +- .../history-list/history-list.component.html | 1 + .../mediafile-list.component.html | 121 +++++++------ .../mediafile-list.component.ts | 7 + .../mediafiles/mediafiles-routing.module.ts | 2 +- .../motion-detail.component.html | 7 +- .../site/motions/motions-routing.module.ts | 27 ++- .../projector-list.component.html | 4 +- .../projector/projector-routing.module.ts | 3 +- client/src/app/site/site-routing.module.ts | 27 ++- .../user-list/user-list.component.html | 162 +++++++++--------- .../app/site/users/users-routing.module.ts | 30 ++-- openslides/motions/access_permissions.py | 2 +- 22 files changed, 327 insertions(+), 202 deletions(-) create mode 100644 client/src/app/site/common/components/error/error.component.html create mode 100644 client/src/app/site/common/components/error/error.component.scss create mode 100644 client/src/app/site/common/components/error/error.component.spec.ts create mode 100644 client/src/app/site/common/components/error/error.component.ts diff --git a/client/src/app/core/core-services/auth-guard.service.ts b/client/src/app/core/core-services/auth-guard.service.ts index 0127d7d82..6eec99ac2 100644 --- a/client/src/app/core/core-services/auth-guard.service.ts +++ b/client/src/app/core/core-services/auth-guard.service.ts @@ -1,5 +1,5 @@ import { Injectable } from '@angular/core'; -import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, CanActivateChild } from '@angular/router'; +import { CanActivate, ActivatedRouteSnapshot, CanActivateChild, Router } from '@angular/router'; import { OperatorService } from './operator.service'; @@ -11,9 +11,12 @@ import { OperatorService } from './operator.service'; }) export class AuthGuard implements CanActivate, CanActivateChild { /** - * @param operator + * Constructor + * + * @param router To navigate to a target URL + * @param operator Asking for the required permission */ - public constructor(private operator: OperatorService) {} + public constructor(private router: Router, private operator: OperatorService) {} /** * Checks of the operator has the required permission to see the state. @@ -22,10 +25,9 @@ export class AuthGuard implements CanActivate, CanActivateChild { * `data: {basePerm: ['', '']}` to lock the access to users * only with the given permission(s). * - * @param route required by `canActivate()` - * @param state the state (URL) that the user want to access + * @param route the route the user wants to navigate to */ - public canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean { + public canActivate(route: ActivatedRouteSnapshot): boolean { const basePerm: string | string[] = route.data.basePerm; if (!basePerm) { @@ -39,10 +41,19 @@ export class AuthGuard implements CanActivate, CanActivateChild { /** * Calls {@method canActivate}. Should have the same logic. - * @param route - * @param state + * + * @param route the route the user wants to navigate to */ - public canActivateChild(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean { - return this.canActivate(route, state); + public canActivateChild(route: ActivatedRouteSnapshot): boolean { + if (this.canActivate(route)) { + return true; + } else { + this.router.navigate(['/error'], { + queryParams: { + error: 'Authentication Error', + msg: route.data.basePerm + } + }); + } } } diff --git a/client/src/app/site/agenda/agenda-routing.module.ts b/client/src/app/site/agenda/agenda-routing.module.ts index adf4d1b6c..c43c1823d 100644 --- a/client/src/app/site/agenda/agenda-routing.module.ts +++ b/client/src/app/site/agenda/agenda-routing.module.ts @@ -10,12 +10,17 @@ import { WatchSortingTreeGuard } from 'app/shared/utils/watch-sorting-tree.guard const routes: Routes = [ { path: '', component: AgendaListComponent, pathMatch: 'full' }, - { path: 'import', component: AgendaImportListComponent }, - { path: 'topics/new', component: TopicDetailComponent }, - { path: 'sort-agenda', component: AgendaSortComponent, canDeactivate: [WatchSortingTreeGuard] }, - { path: 'speakers', component: ListOfSpeakersComponent }, - { path: 'topics/:id', component: TopicDetailComponent }, - { path: ':id/speakers', component: ListOfSpeakersComponent } + { path: 'import', component: AgendaImportListComponent, data: { basePerm: 'agenda.can_manage' } }, + { path: 'topics/new', component: TopicDetailComponent, data: { basePerm: 'agenda.can_manage' } }, + { + path: 'sort-agenda', + component: AgendaSortComponent, + canDeactivate: [WatchSortingTreeGuard], + data: { basePerm: 'agenda.can_manage' } + }, + { path: 'speakers', component: ListOfSpeakersComponent, data: { basePerm: 'agenda.can_see' } }, + { path: 'topics/:id', component: TopicDetailComponent, data: { basePerm: 'agenda.can_see' } }, + { path: ':id/speakers', component: ListOfSpeakersComponent, data: { basePerm: 'agenda.can_see' } } ]; @NgModule({ diff --git a/client/src/app/site/agenda/components/agenda-list/agenda-list.component.html b/client/src/app/site/agenda/components/agenda-list/agenda-list.component.html index d02c5230f..5d627959a 100644 --- a/client/src/app/site/agenda/components/agenda-list/agenda-list.component.html +++ b/client/src/app/site/agenda/components/agenda-list/agenda-list.component.html @@ -12,6 +12,7 @@ {{ selectedRows.length }} selected + +
+

Error

+
+ + + +

You do not have the required permission to see that page!

+
diff --git a/client/src/app/site/common/components/error/error.component.scss b/client/src/app/site/common/components/error/error.component.scss new file mode 100644 index 000000000..e69de29bb diff --git a/client/src/app/site/common/components/error/error.component.spec.ts b/client/src/app/site/common/components/error/error.component.spec.ts new file mode 100644 index 000000000..6ff74a71c --- /dev/null +++ b/client/src/app/site/common/components/error/error.component.spec.ts @@ -0,0 +1,26 @@ +import { async, ComponentFixture, TestBed } from '@angular/core/testing'; + +import { ErrorComponent } from './error.component'; +import { E2EImportsModule } from 'e2e-imports.module'; + +describe('ErrorComponent', () => { + let component: ErrorComponent; + let fixture: ComponentFixture; + + beforeEach(async(() => { + TestBed.configureTestingModule({ + declarations: [ErrorComponent], + imports: [E2EImportsModule] + }).compileComponents(); + })); + + beforeEach(() => { + fixture = TestBed.createComponent(ErrorComponent); + component = fixture.componentInstance; + fixture.detectChanges(); + }); + + it('should create', () => { + expect(component).toBeTruthy(); + }); +}); diff --git a/client/src/app/site/common/components/error/error.component.ts b/client/src/app/site/common/components/error/error.component.ts new file mode 100644 index 000000000..8afca46c8 --- /dev/null +++ b/client/src/app/site/common/components/error/error.component.ts @@ -0,0 +1,32 @@ +import { Component, OnInit } from '@angular/core'; +import { ActivatedRoute } from '@angular/router'; + +/** + * A component to show error states + */ +@Component({ + selector: 'os-error', + templateUrl: './error.component.html', + styleUrls: ['./error.component.scss'] +}) +export class ErrorComponent implements OnInit { + /** + * Constructor + * + * @param route get paramters + */ + public constructor(private route: ActivatedRoute) {} + + /** + * Show the required debug output in the log + */ + public ngOnInit(): void { + this.route.queryParams.subscribe(params => { + if (params && params.error) { + // print the error and the error message in terminal for debug purposes. + // Will make it easier tell where user errors are + console.error(`${params.error}! Required: "${params.msg}"`); + } + }); + } +} diff --git a/client/src/app/site/common/components/start/start.component.html b/client/src/app/site/common/components/start/start.component.html index 2ddeceaca..70f0f6080 100644 --- a/client/src/app/site/common/components/start/start.component.html +++ b/client/src/app/site/common/components/start/start.component.html @@ -7,6 +7,6 @@

{{ welcomeTitle | translate }}

-
+
diff --git a/client/src/app/site/common/os-common.module.ts b/client/src/app/site/common/os-common.module.ts index 767172dd3..7fa3e5d02 100644 --- a/client/src/app/site/common/os-common.module.ts +++ b/client/src/app/site/common/os-common.module.ts @@ -8,9 +8,17 @@ import { StartComponent } from './components/start/start.component'; import { LegalNoticeComponent } from './components/legal-notice/legal-notice.component'; import { SearchComponent } from './components/search/search.component'; import { CountUsersComponent } from './components/count-users/count-users.component'; +import { ErrorComponent } from './components/error/error.component'; @NgModule({ imports: [CommonModule, CommonRoutingModule, SharedModule], - declarations: [PrivacyPolicyComponent, StartComponent, LegalNoticeComponent, SearchComponent, CountUsersComponent] + declarations: [ + PrivacyPolicyComponent, + StartComponent, + LegalNoticeComponent, + SearchComponent, + CountUsersComponent, + ErrorComponent + ] }) export class OsCommonModule {} diff --git a/client/src/app/site/history/components/history-list/history-list.component.html b/client/src/app/site/history/components/history-list/history-list.component.html index b97792222..3b516b09b 100644 --- a/client/src/app/site/history/components/history-list/history-list.component.html +++ b/client/src/app/site/history/components/history-list/history-list.component.html @@ -17,6 +17,7 @@ search + diff --git a/client/src/app/site/mediafiles/components/mediafile-list/mediafile-list.component.html b/client/src/app/site/mediafiles/components/mediafile-list/mediafile-list.component.html index b7056373d..e02bcf84b 100644 --- a/client/src/app/site/mediafiles/components/mediafile-list/mediafile-list.component.html +++ b/client/src/app/site/mediafiles/components/mediafile-list/mediafile-list.component.html @@ -1,5 +1,5 @@ -