Add redirectUrl support to PermissionGuard

PermissionGuard now supports redirecting to a specified URL when access is denied and a redirectUrl is provided in route data. Updated guard logic to use map instead of filter/tap, and added corresponding unit tests to verify redirect behavior.
2 months ago · 04e5d4da59
2 changed files with 40 additions and 8 deletions
--- a/npm/ng-packs/packages/core/src/lib/guards/permission.guard.ts
+++ b/npm/ng-packs/packages/core/src/lib/guards/permission.guard.ts
@ -4,10 +4,11 @@ import {
  CanActivateFn,
  Router,
  RouterStateSnapshot,
  UrlTree,
 } from '@angular/router';
 import { HttpErrorResponse } from '@angular/common/http';
 import { Observable, of } from 'rxjs';
-import { filter, take, tap } from 'rxjs/operators';
+import { map, take } from 'rxjs/operators';
 import { AuthService, IAbpGuard } from '../abstracts';
 import { findRoute, getRoutePath } from '../utils/route-utils';
 import { RoutesService, PermissionService, HttpErrorReporterService } from '../services';
@ -25,7 +26,7 @@ export class PermissionGuard implements IAbpGuard {
  protected readonly permissionService = inject(PermissionService);
  protected readonly httpErrorReporter = inject(HttpErrorReporterService);
-  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> {
+  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> {
    let { requiredPolicy } = route.data || {};
    if (!requiredPolicy) {
@ -38,12 +39,19 @@ export class PermissionGuard implements IAbpGuard {
    }
    return this.permissionService.getGrantedPolicy$(requiredPolicy).pipe(
      filter(Boolean),
      take(1),
-      tap(access => {
+      map(access => {
-        if (!access && this.authService.isAuthenticated) {
+        if (access) return true;
        if (route.data?.['redirectUrl']) {
          return this.router.parseUrl(route.data['redirectUrl']);
        }
        if (this.authService.isAuthenticated) {
          this.httpErrorReporter.reportError({ status: 403 } as HttpErrorResponse);
        }
        return false;
      }),
    );
  }
@ -77,12 +85,19 @@ export const permissionGuard: CanActivateFn = (
  }
  return permissionService.getGrantedPolicy$(requiredPolicy).pipe(
    filter(Boolean),
    take(1),
-    tap(access => {
+    map(access => {
-      if (!access && authService.isAuthenticated) {
+      if (access) return true;
      if (route.data?.['redirectUrl']) {
        return router.parseUrl(route.data['redirectUrl']);
      }
      if (authService.isAuthenticated) {
        httpErrorReporter.reportError({ status: 403 } as HttpErrorResponse);
      }
      return false;
    }),
  );
 };
--- a/npm/ng-packs/packages/core/src/lib/tests/permission.guard.spec.ts
+++ b/npm/ng-packs/packages/core/src/lib/tests/permission.guard.spec.ts
@ -39,6 +39,15 @@ describe('authGuard', () => {
      component: DummyComponent,
      canActivate: [permissionGuard],
    },
    {
      path: 'redirect-test',
      component: DummyComponent,
      canActivate: [permissionGuard],
      data: {
        requiredPolicy: 'TestPolicy',
        redirectUrl: '/zibzib',
      },
    },
  ];
  beforeEach(() => {
@ -103,4 +112,12 @@ describe('authGuard', () => {
    await RouterTestingHarness.create('/zibzib');
    expect(TestBed.inject(Router).url).toEqual('/zibzib');
  });
  it('should redirect to redirectUrl when the grantedPolicy is false and redirectUrl is provided', async () => {
    permissionService.getGrantedPolicy$.andReturn(of(false));
    await RouterTestingHarness.create('/redirect-test');
    expect(TestBed.inject(Router).url).toEqual('/zibzib');
    expect(httpErrorReporter.reportError).not.toHaveBeenCalled();
  });
 });