Prevent non admin users from accessing the admin screen through the U…

…RL (#5474)

Signed-off-by: Giovanni Ferrari <giovanni.ferrari@soft.it>

ui/main/src/app/modules/admin/admin-routing.module.ts

@@ -8,7 +8,7 @@
  */
 
 import {NgModule} from '@angular/core';
-import {RouterModule, Routes} from '@angular/router';
+import {ActivatedRouteSnapshot, CanActivateFn, RouterModule, RouterStateSnapshot, Routes} from '@angular/router';
 import {AdminComponent} from './admin.component';
 import {UsersTableComponent} from './components/table/users-table.component';
 import {GroupsTableComponent} from './components/table/groups-table.component';
@@ -17,28 +17,44 @@ import {PerimetersTableComponent} from './components/table/perimeters-table.comp
 import {ProcessesTableComponent} from './components/table/processes-table.component';
 import {BusinessDataTableComponent} from './components/table/businessData-table.component';
 import {SupervisedEntitiesTableComponent} from './components/table/supervised-entities-table.component';
+import {UserService} from 'app/business/services/users/user.service';
+import {PermissionEnum} from '@ofModel/permission.model';
 
 const defaultPath = 'users';
 
+const canActivateAdmin: CanActivateFn =
+    (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+      return UserService.hasCurrentUserAnyPermission([PermissionEnum.ADMIN]);
+    };
+
+const canActivateAdminBusinessProcess: CanActivateFn =
+    (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+      return UserService.hasCurrentUserAnyPermission([PermissionEnum.ADMIN, PermissionEnum.ADMIN_BUSINESS_PROCESS]);
+    };
+
 const routes: Routes = [
     {
         path: '',
         component: AdminComponent,
         children: [
             {
                 path: 'users',
+                canActivate: [canActivateAdmin],
                 component: UsersTableComponent
             },
             {
                 path: 'entities',
+                canActivate: [canActivateAdmin],
                 component: EntitiesTableComponent
             },
             {
                 path: 'groups',
+                canActivate: [canActivateAdmin],
                 component: GroupsTableComponent
             },
             {
                 path: 'perimeters',
+                canActivate: [canActivateAdmin],
                 component: PerimetersTableComponent
             },
             {
@@ -47,10 +63,12 @@ const routes: Routes = [
             },
             {
                 path: 'businessData',
+                canActivate: [canActivateAdminBusinessProcess],
                 component: BusinessDataTableComponent
             },
             {
                 path: 'supervisedEntities',
+                canActivate: [canActivateAdmin],
                 component: SupervisedEntitiesTableComponent
             },
             {path: '**', redirectTo: defaultPath}

ui/main/src/app/modules/externaldevicesconfiguration/externaldevicesconfiguration-routing.module.ts

@@ -8,18 +8,25 @@
  */
 
 import {NgModule} from '@angular/core';
-import {RouterModule, Routes} from '@angular/router';
+import {ActivatedRouteSnapshot, CanActivateFn, RouterModule, RouterStateSnapshot, Routes} from '@angular/router';
 import {ExternaldevicesconfigurationComponent} from './externaldevicesconfiguration.component';
 import {DevicesTableComponent} from './table/devices.table.component';
 import {UsersTableComponent} from './table/users.table.component';
+import {PermissionEnum} from '@ofModel/permission.model';
+import {UserService} from 'app/business/services/users/user.service';
 
 
 const defaultPath = 'devices';
 
+const canActivateAdmin: CanActivateFn =
+    (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+      return UserService.hasCurrentUserAnyPermission([PermissionEnum.ADMIN]);
+    };
 
 const routes: Routes = [
     {
         path: '',
+        canActivate: [canActivateAdmin],
         component: ExternaldevicesconfigurationComponent,
 
         children: [