Ensure config state is loaded before permission check

Updated PermissionGuard and permissionGuard to wait for ConfigStateService to load granted policies before checking permissions. This prevents permission checks from running before configuration is available.
1 month ago · e66291ba29
1 changed files with 12 additions and 5 deletions
--- a/npm/ng-packs/packages/core/src/lib/guards/permission.guard.ts
+++ b/npm/ng-packs/packages/core/src/lib/guards/permission.guard.ts
@ -8,10 +8,10 @@ import {
 } from '@angular/router';
 import { HttpErrorResponse } from '@angular/common/http';
 import { Observable, of } from 'rxjs';
-import { map, take } from 'rxjs/operators';
+import { filter, map, switchMap, take } from 'rxjs/operators';
 import { AuthService, IAbpGuard } from '../abstracts';
 import { findRoute, getRoutePath } from '../utils/route-utils';
-import { RoutesService, PermissionService, HttpErrorReporterService } from '../services';
+import { RoutesService, PermissionService, HttpErrorReporterService, ConfigStateService } from '../services';
 import { isPlatformServer } from '@angular/common';
 /**
 * @deprecated Use `permissionGuard` *function* instead.
@ -25,6 +25,7 @@ export class PermissionGuard implements IAbpGuard {
  protected readonly authService = inject(AuthService);
  protected readonly permissionService = inject(PermissionService);
  protected readonly httpErrorReporter = inject(HttpErrorReporterService);
+  protected readonly configStateService = inject(ConfigStateService);

  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> {
    let { requiredPolicy } = route.data || {};
@ -38,7 +39,10 @@ export class PermissionGuard implements IAbpGuard {
      return of(true);
    }

-    return this.permissionService.getGrantedPolicy$(requiredPolicy).pipe(
+    return this.configStateService.getAll$().pipe(
+      filter(config => !!config?.auth?.grantedPolicies),
+      take(1),
+      switchMap(() => this.permissionService.getGrantedPolicy$(requiredPolicy)),
      take(1),
      map(access => {
        if (access) return true;
@ -50,7 +54,6 @@ export class PermissionGuard implements IAbpGuard {
        if (this.authService.isAuthenticated) {
          this.httpErrorReporter.reportError({ status: 403 } as HttpErrorResponse);
        }
-
        return false;
      }),
    );
@ -66,6 +69,7 @@ export const permissionGuard: CanActivateFn = (
  const authService = inject(AuthService);
  const permissionService = inject(PermissionService);
  const httpErrorReporter = inject(HttpErrorReporterService);
+  const configStateService = inject(ConfigStateService);
  const platformId = inject(PLATFORM_ID);

  let { requiredPolicy } = route.data || {};
@ -84,7 +88,10 @@ export const permissionGuard: CanActivateFn = (
    return of(true);
  }

-  return permissionService.getGrantedPolicy$(requiredPolicy).pipe(
+  return configStateService.getAll$().pipe(
+    filter(config => !!config?.auth?.grantedPolicies),
+    take(1),
+    switchMap(() => permissionService.getGrantedPolicy$(requiredPolicy)),
    take(1),
    map(access => {
      if (access) return true;