commit eaa40dd340995e053d9f2f9ba47ea0575849f292
author Yoshie Muranaka <yoshiemuranaka@gmail.com> Wed Jul 17 15:30:00 2019 -0500
committer Gunnar Mills <gmills@us.ibm.com> Wed Jul 24 14:40:00 2019 +0000
tree afc332d534d505bff2e82f7039854aa40995240f
parent 22d7822d5c2e045613e95b8a29df9bc27812b287

Add 403 $location redirect to http interceptor service

This is a temporary solution to redirect any 403 responses to
a dedicated 403 'Unauthorized' page. This could occur on inital
navigation to a page or while attempting an operation.

Once permission role mapping is defined, the code should be updated
to handle 403 responses in context of user attempted actions.

Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Change-Id: Ia207f2bcdd87fb20888fe6a1588d0ccd310e484c

app/403.html

diff --git a/app/403.html b/app/403.html
new file mode 100644
index 0000000..a0ef50f
--- /dev/null
+++ b/app/403.html
@@ -0,0 +1,8 @@
+<div class="column row">
+  <div class="column small-12">
+    <h1>Unauthorized</h1>
+    <div class="message-container">
+      <p>The attempted action is not accessible from the logged in account. Contact your system administrator to check your privilege role.</p>
+    </div>
+  </div>
+</div>
\ No newline at end of file

app/common/services/apiInterceptor.js

diff --git a/app/common/services/apiInterceptor.js b/app/common/services/apiInterceptor.js
index ce47b67..8033f74 100644
--- a/app/common/services/apiInterceptor.js
+++ b/app/common/services/apiInterceptor.js
@@ -11,8 +11,8 @@
   'use strict';
 
   angular.module('app.common.services').service('apiInterceptor', [
-    '$q', '$rootScope', 'dataService',
-    function($q, $rootScope, dataService) {
+    '$q', '$rootScope', 'dataService', '$location',
+    function($q, $rootScope, dataService, $location) {
       return {
         'request': function(config) {
           dataService.loading = true;
@@ -51,6 +51,13 @@
               if (dataService.path != '/login') {
                 $rootScope.$emit('timedout-user', {});
               }
+            } else if (rejection.status == 403) {
+              // TODO: when permission role mapping ready, remove
+              // this global redirect and handle forbidden
+              // requests in context of user action
+              if (dataService.path != '/login') {
+                $location.url('/unauthorized');
+              }
             } else if (rejection.status == -1) {
               dataService.server_unreachable = true;
             }

app/common/styles/elements/alerts.scss

diff --git a/app/common/styles/elements/alerts.scss b/app/common/styles/elements/alerts.scss
index 70fc247..947320c 100644
--- a/app/common/styles/elements/alerts.scss
+++ b/app/common/styles/elements/alerts.scss
@@ -13,3 +13,12 @@
   color: $primary-dark;
   text-align: left;
 }
+
+.message-container {
+  background-color: $background-02;
+  padding: 1em 1.5em;
+  display: inline-block;
+  >*:last-child {
+    margin-bottom: 0;
+  }
+}

app/index.js

diff --git a/app/index.js b/app/index.js
index 5997457..cbc763b 100644
--- a/app/index.js
+++ b/app/index.js
@@ -116,6 +116,8 @@
         '$routeProvider', '$locationProvider',
         function($routeProvider, $locationProvider) {
           $locationProvider.hashPrefix('');
+          $routeProvider.when(
+              '/unauthorized', {'template': require('./403.html')})
           $routeProvider.otherwise({'redirectTo': '/login'});
         }
       ])