From c278b0f89cb367e6c762f56219ee33b16650cbb5 Mon Sep 17 00:00:00 2001 From: atif118-mfsys Date: Mon, 5 Jan 2026 17:07:38 +0500 Subject: [PATCH] implemented permissions checks to prevent users accessing the content they do not have permission for. --- src/app/app.routes.ts | 28 ++++++------- src/app/authenticate/authenticate.ts | 2 +- src/app/services/authenticate.service.ts | 14 +++---- .../side-nav/side-nav.component.html | 41 ++++++++----------- .../components/side-nav/side-nav.component.ts | 30 ++++++++------ src/app/shared/guards/activity.guard.ts | 2 +- src/app/shared/guards/authentication.guard.ts | 4 +- src/app/utils/enums.ts | 2 +- src/assets/data/sideMenu.json | 14 ++----- 9 files changed, 63 insertions(+), 74 deletions(-) diff --git a/src/app/app.routes.ts b/src/app/app.routes.ts index 3a9c3b2..62937a2 100644 --- a/src/app/app.routes.ts +++ b/src/app/app.routes.ts @@ -3,7 +3,7 @@ import { LoginComponent } from './authenticate/login/login.component'; import { ChangePasswordComponent } from './user-management/change-password/change-password.component'; import { FullLayoutComponent } from './full-layout/full-layout.component'; import { AuthenticationGuard } from './shared/guards/authentication.guard'; -// import { ActivityGuard } from './shared/guards/activity.guard'; +import { ActivityGuard } from './shared/guards/activity.guard'; export const routes: Routes = [ { @@ -38,9 +38,7 @@ export const routes: Routes = [ }, { path: 'permissions', - // will need this guard in future when permissions are implemented. - // commenting them for now. - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./user-permissions/user-permissions.component').then( m => m.UserPermissionsComponent @@ -48,7 +46,7 @@ export const routes: Routes = [ }, { path: 'smsLogger', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./sms-banking/sms-banking.component').then( m => m.SmsBankingComponent @@ -56,7 +54,7 @@ export const routes: Routes = [ }, { path: 'smsGateway', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./sms-gateway/sms-gateway.component').then( m => m.SmsGatewayComponent @@ -64,7 +62,7 @@ export const routes: Routes = [ }, { path: 'loggerManager', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./logging/logging.component').then( m => m.LoggingComponent @@ -72,7 +70,7 @@ export const routes: Routes = [ }, { path: 'analysis', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./data-analysis/data-analysis.component').then( m => m.DataAnalysisComponent @@ -80,7 +78,7 @@ export const routes: Routes = [ }, { path: 'ibUnblockUser', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./ib-support/ib-unblock-user/ib-unblock-user.component').then( m => m.IbUnblockUserComponent @@ -88,7 +86,7 @@ export const routes: Routes = [ }, { path: 'feedbackSetup', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./ib-support/feedback-setup/feedback-setup.component').then( m => m.FeedbackSetupComponent @@ -96,7 +94,7 @@ export const routes: Routes = [ }, { path: 'purposeSetup', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./ib-support/tran-purpose-setup/tran-purpose-setup.component').then( m => m.TranPurposeSetupComponent @@ -104,7 +102,7 @@ export const routes: Routes = [ }, { path: 'thirdPartyRegistration', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./user-management/third-party-registration/third-party-registration.component').then( m => m.ThirdPartyRegistrationComponent @@ -112,7 +110,7 @@ export const routes: Routes = [ }, { path: 'setupUser', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./user-management/setup-user/setup-user.component').then( m => m.SetupUserComponent @@ -120,7 +118,7 @@ export const routes: Routes = [ }, { path: 'resetPassword', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./user-management/reset-password/reset-password.component').then( m => m.ResetPasswordComponent @@ -128,7 +126,7 @@ export const routes: Routes = [ }, { path: 'changePassword', - // canActivate: [ActivityGuard], + canActivate: [ActivityGuard], loadComponent: () => import('./user-management/change-password/change-password.component').then( m => m.ChangePasswordComponent diff --git a/src/app/authenticate/authenticate.ts b/src/app/authenticate/authenticate.ts index d6279dd..c802935 100644 --- a/src/app/authenticate/authenticate.ts +++ b/src/app/authenticate/authenticate.ts @@ -6,9 +6,9 @@ export interface AuthenticationResponse extends AuthenticationToken { authenticated: boolean porOrgacode: string; userId: string; - userType: string; password: string; userHomevac: string; + user: any } export class UserCredentials { diff --git a/src/app/services/authenticate.service.ts b/src/app/services/authenticate.service.ts index d766c40..8acf174 100644 --- a/src/app/services/authenticate.service.ts +++ b/src/app/services/authenticate.service.ts @@ -43,16 +43,16 @@ export class AuthenticationService { this.i18nService.success(SuccessMessages.LOGIN_SUCCESSFULLY, []); this.storageService.setItem('user', JSON.stringify(data)); this.credentialService.setToken(data.token); - this.credentialService.setUserType(data.userType); - if(data.permission){ - this.storageService.setItem('permission', data.permission); - this.credentialService.setPermission(JSON.parse(data.permission)); + this.credentialService.setUserType(data.role); + if(data.user.permissions){ + this.storageService.setItem('permission', data.user.permissions); + this.credentialService.setPermission(JSON.parse(data.user.permissions)); } else{ this.storageService.setItem('permission', '[]'); this.credentialService.setPermission([]); } - this.buttonManagementService.setButtonPermissions(this.credentialService.getPermission(), this.isSuperAdminUser()); + this.buttonManagementService.setButtonPermissions(this.credentialService.getPermission(), this.isAdminUser()); if(data.user.isFirstLogin){ this.router.navigate(["/changepassword"]); } else { @@ -79,10 +79,10 @@ export class AuthenticationService { return false; } - isSuperAdminUser(){ + isAdminUser(){ if (this.storageService && this.storageService.getItem('user') != null) { let cachedUser = JSON.parse(this.storageService.getItem('user') || '{}'); - return cachedUser.userType === HiddenValues.SUPERADMIN_USER; + return cachedUser.user.role === HiddenValues.ADMIN_USER; } return false; } diff --git a/src/app/shared/components/side-nav/side-nav.component.html b/src/app/shared/components/side-nav/side-nav.component.html index a4d7e2b..87ece28 100644 --- a/src/app/shared/components/side-nav/side-nav.component.html +++ b/src/app/shared/components/side-nav/side-nav.component.html @@ -7,101 +7,94 @@ {{ 'dashboard' | translate }} -
  • +
  • {{ 'UserManagement' | translate }}
    • -
  • +
  • {{ 'Logging' | translate }}
    • -
  • +
  • {{ 'SMSBanking' | translate }}
    • -
  • +
  • {{ 'ibSupport' | translate }}
    • -
  • - +
  • + - {{ 'Permissions' | translate }} + {{ 'permissions' | translate }} -
    • diff --git a/src/app/shared/components/side-nav/side-nav.component.ts b/src/app/shared/components/side-nav/side-nav.component.ts index 269b107..d58dc0c 100644 --- a/src/app/shared/components/side-nav/side-nav.component.ts +++ b/src/app/shared/components/side-nav/side-nav.component.ts @@ -2,14 +2,16 @@ import { Component, Inject, PLATFORM_ID } from '@angular/core'; import { FormGroup } from '@angular/forms'; import { SidebarService } from '../../../services/sidebar.service'; import { StorageService } from '../../services/storage.service'; -import { isPlatformBrowser } from '@angular/common'; +import { CommonModule, isPlatformBrowser } from '@angular/common'; import { TranslateModule } from '@ngx-translate/core'; import { RouterModule } from '@angular/router'; import { Router } from '@angular/router'; +import { CredentialService } from '../../../services/credential.service'; +import { AuthenticationService } from '../../../services/authenticate.service'; @Component({ selector: 'app-side-nav', - imports: [TranslateModule, RouterModule], + imports: [TranslateModule, RouterModule, CommonModule], templateUrl: './side-nav.component.html', styleUrl: './side-nav.component.scss', }) @@ -24,19 +26,23 @@ export class SideNavComponent { private sidebarService: SidebarService, @Inject(PLATFORM_ID) private platformId: Object, private storageService: StorageService, - private router: Router + private router: Router, + private credentialService: CredentialService, + public authService: AuthenticationService ) { - // this.credentialService.getPermission().forEach((permission: any) => { - // this.permissions[permission.name] = permission.checked; - // if(permission.children.length>0){ - // permission.children.forEach((child: any)=>{ - // this.permissions[child.name] = child.checked; - // }) - // } - // }); - } + } ngOnInit(): void { + this.credentialService.getPermission().forEach((permission: any) => { + this.permissions[permission.name] = permission.checked; + if(permission.children.length>0){ + permission.children.forEach((child: any)=>{ + this.permissions[child.name] = child.checked; + }) + } + }); + + this.sidebarService.currentSubModule = this.storageService.getItem('currentSubModule') ?? 'dashboard'; this.closeSidebarMenu(); } diff --git a/src/app/shared/guards/activity.guard.ts b/src/app/shared/guards/activity.guard.ts index 1e85545..28b031e 100644 --- a/src/app/shared/guards/activity.guard.ts +++ b/src/app/shared/guards/activity.guard.ts @@ -18,7 +18,7 @@ export class ActivityGuard implements CanActivate { if (typeof window !== 'undefined' && window.localStorage) { let permissions = JSON.parse(window.localStorage.getItem('permission') || '[]'); if (this.authService.isAuthenticated()) { - if (this.authService.isSuperAdminUser()){ + if (this.authService.isAdminUser()){ return true; } let routeLink = (state.url.split('?'))[0]; diff --git a/src/app/shared/guards/authentication.guard.ts b/src/app/shared/guards/authentication.guard.ts index 2e21bbe..fdcb525 100644 --- a/src/app/shared/guards/authentication.guard.ts +++ b/src/app/shared/guards/authentication.guard.ts @@ -24,9 +24,9 @@ export class AuthenticationGuard implements CanActivate { this.credentialService.setUserId(window.localStorage.getItem(FormConstants.USER_ID) || ''); this.credentialService.setPassword(window.localStorage.getItem(FormConstants.PASSWORD) || ''); this.credentialService.setToken(data.token); - this.credentialService.setUserType(data.userType); + this.credentialService.setUserType(data.user.role); this.credentialService.setPermission(permission); - this.buttonManagementService.setButtonPermissions(this.credentialService.getPermission(), this.authService.isSuperAdminUser()); + this.buttonManagementService.setButtonPermissions(this.credentialService.getPermission(), this.authService.isAdminUser()); this.authService.onAuthenticationComplete.next(true); return true; } else { diff --git a/src/app/utils/enums.ts b/src/app/utils/enums.ts index f43ca1b..fe5f7df 100644 --- a/src/app/utils/enums.ts +++ b/src/app/utils/enums.ts @@ -40,7 +40,7 @@ export enum HiddenValues { CHANNEL_CODE = "01", ORGANIZATION_USER = "O", VAC_USER = "V", - SUPERADMIN_USER = "S", + ADMIN_USER = "ADMIN", DEFAULT_PASSWORD = "12345678", REVOLVING_FUND_PRODUCT = "101", INTERNAL_LENDING_PRODUCT = "102", diff --git a/src/assets/data/sideMenu.json b/src/assets/data/sideMenu.json index ecc6ef9..e8fcee5 100644 --- a/src/assets/data/sideMenu.json +++ b/src/assets/data/sideMenu.json @@ -200,18 +200,10 @@ ] }, { - "name": "Permissions", - "route": "", + "name": "PermissionManager", + "route": "/home/permissions", "checked": false, "expanded": false, - "children": [ - { - "name": "PermissionManager", - "route": "/home/permissions", - "checked": false, - "expanded": false, - "children": [] - } - ] + "children": [] } ] \ No newline at end of file