This repository has been archived by the owner on May 7, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(permissions): add permission service for reading scopes and perm…
…issions from RPT token (#131) * feat(permissions): add permission service for reading scopes and permissions from RPT token * chore(comments): add comments for methods * fix(permissions): strict null check, make private methods and other fixes * fix(permissions): checkScope() -> hasScope()
- Loading branch information
1 parent
1cfcb1c
commit 72fda77
Showing
7 changed files
with
102 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
import { TestBed } from '@angular/core/testing'; | ||
import { PermissionService, Permission } from './permission.service'; | ||
|
||
describe('Service: Permission Service', () => { | ||
// tslint:disable-next-line:max-line-length | ||
const fakeToken = 'eyJhbGciOiJSUzI1NiIsImtpZCI6ImFVR3Y4bVFBODVqZzRWMURVOFVrMVcwdUtzeG4xODdLUU9OQUdsNkFNdGMiLCJ0eXAiOiJKV1QifQ.eyJhY3IiOiIwIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9hdXRoLm9wZW5zaGlmdC5pbyIsImh0dHA6Ly9vcGVuc2hpZnQuaW8iXSwiYXBwcm92ZWQiOnRydWUsImF1ZCI6Imh0dHA6Ly9vcGVuc2hpZnQuaW8iLCJhdXRoX3RpbWUiOjE1MzU0MTQxNjAsImF6cCI6Imh0dHA6Ly9vcGVuc2hpZnQuaW8iLCJlbWFpbCI6IlRlc3RVc2VyLTUwZWRmZjE4LTZjODYtNDkxMC1iMDY5LTM3ZDY4ZjFjMDJjMUB0ZXN0LmNvbSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiZXhwIjoxNTM4MDA2MTYwLCJmYW1pbHlfbmFtZSI6IiIsImdpdmVuX25hbWUiOiJUZXN0VXNlci01MGVkZmYxOC02Yzg2LTQ5MTAtYjA2OS0zN2Q2OGYxYzAyYzEiLCJpYXQiOjE1MzU0MTQxNjAsImlzcyI6Imh0dHA6Ly9hdXRoLm9wZW5zaGlmdC5pbyIsImp0aSI6IjEwOWQwOWVkLTkxY2MtNDM5My04ZmExLWJjMzE4N2FhNDBiYSIsIm5hbWUiOiJUZXN0VXNlci01MGVkZmYxOC02Yzg2LTQ5MTAtYjA2OS0zN2Q2OGYxYzAyYzEiLCJuYmYiOjAsInBlcm1pc3Npb25zIjpbeyJyZXNvdXJjZV9zZXRfbmFtZSI6bnVsbCwicmVzb3VyY2Vfc2V0X2lkIjoiYzBlZTJiOTQtYWVlMy00YzQxLTllMTUtNmZhMzMwY2U4ZTBiIiwic2NvcGVzIjpbImxpbWEiXSwiZXhwIjoxNTM1NTAwNTcyfV0sInByZWZlcnJlZF91c2VybmFtZSI6IlRlc3RVc2VySWRlbnRpdHktNTBlZGZmMTgtNmM4Ni00OTEwLWIwNjktMzdkNjhmMWMwMmMxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19LCJicm9rZXIiOnsicm9sZXMiOlsicmVhZC10b2tlbiJdfX0sInNlc3Npb25fc3RhdGUiOiIiLCJzdWIiOiI3YWNhNThkZi1iNmUxLTRhNTgtOGQzYS02MDBkZjM4MmRkNDAiLCJ0eXAiOiJCZWFyZXIifQ.xbY2neM56yeHRwhXnaKLp67o6ine38MkJb4Yhe-guQ2nN0-aLrXkqxYF7Jgqb-8w1TfDfdUuKQGWUK1Ye-Xh10biZq-Cl7amPIRQwZ8bLsoII9KFXTjkUQbCxOjNxMl89PuliIP_rO3OXydATnL2KAoU36qKbkBiUTKpQNUOXkcb8wtID_SXE1lssHHNeHNVU358kJjMJUqYE0K59C8csddupR1vpEYJknoLW7nKxxWtAJYGYTOjCey8BkVom6bOgOXz0AiEq2aYdjcaRdwz4IeiLGeFIyvT_sIDyPgYFSR2YCN4_N3CSQPfQYdrQhDGKM7fKLBKnYqAwfUe2OeibQ'; | ||
const fakeResourceId = 'c0ee2b94-aee3-4c41-9e15-6fa330ce8e0b'; | ||
let service: PermissionService; | ||
|
||
beforeEach(() => { | ||
TestBed.configureTestingModule({ | ||
providers: [ | ||
PermissionService | ||
] | ||
}); | ||
service = TestBed.get(PermissionService); | ||
|
||
localStorage.setItem('auth_token', fakeToken); | ||
}); | ||
|
||
it('should return permission for a resource', () => { | ||
const permission: Permission = service.getPermission(fakeResourceId); | ||
expect(permission.resource_set_id).toBe(fakeResourceId); | ||
}); | ||
|
||
it('should check for scope for a resource', () => { | ||
expect(service.hasScope(fakeResourceId, 'lima')).toBe(true); | ||
expect(service.hasScope(fakeResourceId, 'bean')).toBe(false); | ||
}); | ||
|
||
it('should return all scopes for a resource', () => { | ||
const scopes = service.getAllScopes(fakeResourceId); | ||
expect(scopes.length).toBe(1); | ||
expect(scopes.includes('lima')).toBe(true); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
import { Injectable } from '@angular/core'; | ||
import { JwtHelperService } from '@auth0/angular-jwt'; | ||
|
||
export type Permission = { | ||
exp: number, | ||
resource_set_id: string, | ||
resource_set_name: string, | ||
scopes: Array<string> | ||
}; | ||
|
||
@Injectable() | ||
export class PermissionService { | ||
private jwtHelper: JwtHelperService = new JwtHelperService(); | ||
|
||
/** | ||
* Returns all the scopes a user has for a specific resource. | ||
* @param resourceId ID of a specific resource such as a Space | ||
*/ | ||
getAllScopes(resourceId: string): Array<string> { | ||
const permissions = this.getPermission(resourceId); | ||
return permissions ? permissions.scopes : []; | ||
} | ||
|
||
/** | ||
* Checks if a user has a specific scope for a resource. | ||
* @param resourceId ID of a specific resource such as a Space | ||
* @param scope the scope you want to check for. Ex - `can edit` | ||
*/ | ||
hasScope(resourceId: string, scope: string): boolean { | ||
const permissions = this.getPermission(resourceId); | ||
return permissions ? permissions.scopes.includes(scope) : false; | ||
} | ||
|
||
/** | ||
* Returns the permission for a specific resource. | ||
* @param resourceId ID of a specific resource such as a Space | ||
*/ | ||
getPermission(resourceId: string): Permission | null { | ||
const decodedToken = this.getDecodedToken(); | ||
if (this.isValidRPT(decodedToken)) { | ||
return decodedToken.permissions.find((permission: Permission) => permission.resource_set_id === resourceId); | ||
} | ||
return null; | ||
} | ||
|
||
/** | ||
* Decodes the JWT token using JwtHelperService from `angular-jwt`. | ||
*/ | ||
private getDecodedToken(): any { | ||
const token = localStorage.getItem('auth_token'); | ||
return token ? this.jwtHelper.decodeToken(token) : ''; | ||
} | ||
|
||
/** | ||
* Checks if the decoded token is valid RPT by checking the permissions claim. | ||
* @param token Decoded JWT token. | ||
*/ | ||
private isValidRPT(token: any) { | ||
return token && token.permissions; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters