TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 15:37:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: home guard

Browse Source
This commit is contained in:
Max Peintner
2025-07-25 14:12:01 +02:00
parent 58bdc2229e
commit 1c3b38d174
7 changed files with 854 additions and 824 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
console/src/app/app-routing.module.ts
View File

@@ -2,6 +2,7 @@ import { NgModule } from '@angular/core';
import { RouterModule, Routes } from '@angular/router'; import { RouterModule, Routes } from '@angular/router';
import { authGuard } from './guards/auth.guard'; import { authGuard } from './guards/auth.guard';
import { homeGuard } from './guards/home.guard';
import { roleGuard } from './guards/role-guard'; import { roleGuard } from './guards/role-guard';
import { UserGrantContext } from './modules/user-grants/user-grants-datasource'; import { UserGrantContext } from './modules/user-grants/user-grants-datasource';
import { OrgCreateComponent } from './pages/org-create/org-create.component'; import { OrgCreateComponent } from './pages/org-create/org-create.component';
@@ -10,7 +11,7 @@ const routes: Routes = [
{ {
path: '', path: '',
loadChildren: () => import('./pages/home/home.module'), loadChildren: () => import('./pages/home/home.module'),
canActivate: [authGuard, roleGuard], canActivate: [authGuard, homeGuard],
data: { data: {
roles: ['.'], roles: ['.'],
}, },
@@ -31,7 +32,10 @@ const routes: Routes = [
{ {
path: 'orgs', path: 'orgs',
loadChildren: () => import('./pages/org-list/org-list.module'), loadChildren: () => import('./pages/org-list/org-list.module'),
canActivate: [authGuard], canActivate: [authGuard, roleGuard],
data: {
roles: ['org.read'],
},
}, },
{ {
path: 'granted-projects', path: 'granted-projects',

22
console/src/app/guards/home.guard.ts Normal file
View File

@@ -0,0 +1,22 @@
import { inject } from '@angular/core';
import { CanActivateFn, Router } from '@angular/router';
import { map } from 'rxjs/operators';
import { GrpcAuthService } from '../services/grpc-auth.service';
export const homeGuard: CanActivateFn = (route) => {
const authService = inject(GrpcAuthService);
const router = inject(Router);
// Check if user has any roles (using the same logic as roleGuard)
return authService.isAllowed(route.data['roles'], route.data['requiresAll']).pipe(
map((hasRoles) => {
if (!hasRoles) {
// User has no roles, redirect to /users/me
router.navigate(['/users/me']);
return false;
}
return true;
}),
);
};

7
console/src/app/services/grpc-auth.service.ts
View File

@@ -103,14 +103,11 @@ import { GrpcService } from './grpc.service';
import { NewOrganizationService } from './new-organization.service'; import { NewOrganizationService } from './new-organization.service';
import { toObservable } from '@angular/core/rxjs-interop'; import { toObservable } from '@angular/core/rxjs-interop';
const ORG_LIMIT = 10;
@Injectable({ @Injectable({
providedIn: 'root', providedIn: 'root',
}) })
export class GrpcAuthService { export class GrpcAuthService {
public user: Observable<User.AsObject | undefined>; public user: Observable<User.AsObject | undefined>;
private triggerPermissionsRefresh: Subject<void> = new Subject();
public zitadelPermissions: Observable<string[]>; public zitadelPermissions: Observable<string[]>;
public labelpolicy$!: Observable<LabelPolicy.AsObject>; public labelpolicy$!: Observable<LabelPolicy.AsObject>;
@@ -198,10 +195,6 @@ export class GrpcAuthService {
return this.grpcService.auth.listMyMetadata(req, null).then((resp) => resp.toObject()); return this.grpcService.auth.listMyMetadata(req, null).then((resp) => resp.toObject());
} }
private loadPermissions(): void {
this.triggerPermissionsRefresh.next();
}
/** /**
* returns true if user has one of the provided roles * returns true if user has one of the provided roles
* @param roles roles of the user * @param roles roles of the user

1
console/src/app/services/interceptors/org.interceptor.ts
View File

@@ -1,6 +1,5 @@
import { Injectable } from '@angular/core'; import { Injectable } from '@angular/core';
import { Request, RpcError, StatusCode, UnaryInterceptor, UnaryResponse } from 'grpc-web'; import { Request, RpcError, StatusCode, UnaryInterceptor, UnaryResponse } from 'grpc-web';
import { Org } from 'src/app/proto/generated/zitadel/org_pb';
import { StorageKey, StorageLocation, StorageService } from '../storage.service'; import { StorageKey, StorageLocation, StorageService } from '../storage.service';
import { ConnectError, Interceptor } from '@connectrpc/connect'; import { ConnectError, Interceptor } from '@connectrpc/connect';

2
console/src/app/services/new-admin.service.ts
View File

@@ -20,7 +20,7 @@ export class NewAdminService {
) {} ) {}
public setupOrg(req: MessageInitShape<typeof SetUpOrgRequestSchema>): Promise<SetUpOrgResponse> { public setupOrg(req: MessageInitShape<typeof SetUpOrgRequestSchema>): Promise<SetUpOrgResponse> {
return this.grpcService.adminNew.setupOrg(req); return this.grpcService.adminNew.setUpOrg(req);
} }
public getDefaultOrg(): Promise<GetDefaultOrgResponse> { public getDefaultOrg(): Promise<GetDefaultOrgResponse> {

8
console/tsconfig.json
View File

@@ -22,7 +22,13 @@
"target": "ES2022", "target": "ES2022",
"module": "ES2022", "module": "ES2022",
"useDefineForClassFields": false, "useDefineForClassFields": false,
"lib": ["ES2022", "dom"] "lib": ["ES2022", "dom"],
"paths": {
"@tanstack/angular-query-experimental": ["./node_modules/@tanstack/angular-query-experimental/build/index.d.ts"],
"@ng-icons/core": ["./node_modules/@ng-icons/core"],
"@ng-icons/heroicons/outline": ["./node_modules/@ng-icons/heroicons/outline"],
"@ng-icons/heroicons/solid": ["./node_modules/@ng-icons/heroicons/solid"]
}
}, },
"angularCompilerOptions": { "angularCompilerOptions": {
"enableI18nLegacyMessageIdFormat": false, "enableI18nLegacyMessageIdFormat": false,

1630
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff