commit aeb19816e67f6d3ffb1b37c95d813a25b8be1d7b
author Damian Celico <damianx.celico@intel.com> Thu Nov 24 02:00:53 2022 +0100
committer Kiran Kumar Ballapalli <kirankumarb@ami.com> Mon Mar 27 16:39:34 2023 +0000
tree 0b760854f8adc45a3e909a3b1ccd88655a139705
parent 568b8a93af49d35891f042f73add850cfa651308

Added route restrictions based on user privilege

This commit allows us to add 'exclusiveToRoles' field to
route config files, with the list of roles that can access
this resource, if needed. In this case, only Administrator
can access Virtual-Media page and SOL console, and it is blocked for other
users.

Signed-off-by: Sivaprabu Ganesan <sivaprabug@ami.com>
Change-Id: Ibcee18bd92d97c34414ecaf2caf6af28070c5538

src/router/index.js

diff --git a/src/router/index.js b/src/router/index.js
index 3cd5226..bcb2c7a 100644
--- a/src/router/index.js
+++ b/src/router/index.js
@@ -8,16 +8,25 @@
 import routes from './routes';
 
 Vue.use(VueRouter);
-
 const router = new VueRouter({
   base: process.env.BASE_URL,
   routes,
   linkExactActiveClass: 'nav-link--current',
 });
 
-router.beforeEach((to, from, next) => {
+function allowRouterToNavigate(to, next, currentUserRole) {
   if (to.matched.some((record) => record.meta.requiresAuth)) {
     if (store.getters['authentication/isLoggedIn']) {
+      if (to.meta.exclusiveToRoles) {
+        // The privilege for the specific router was verified using the
+        // exclusiveToRoles roles in the router.
+        if (to.meta.exclusiveToRoles.includes(currentUserRole)) {
+          next();
+        } else {
+          next('*');
+        }
+        return;
+      }
       next();
       return;
     }
@@ -25,6 +34,25 @@
   } else {
     next();
   }
+}
+
+router.beforeEach((to, from, next) => {
+  let currentUserRole = store.getters['global/userPrivilege'];
+  // condition will get satisfied if user refreshed after login
+  if (!currentUserRole && store.getters['authentication/isLoggedIn']) {
+    // invoke API call to get the role ID
+    let username = localStorage.getItem('storedUsername');
+    store.dispatch('authentication/getUserInfo', username).then((response) => {
+      if (response?.RoleId) {
+        // set role ID
+        store.commit('global/setPrivilege', response.RoleId);
+        // allow the route to continue
+        allowRouterToNavigate(to, next, response.RoleId);
+      }
+    });
+  } else {
+    allowRouterToNavigate(to, next, currentUserRole);
+  }
 });
 
 export default router;

src/router/routes.js

diff --git a/src/router/routes.js b/src/router/routes.js
index 3cbdabc..1404da5 100644
--- a/src/router/routes.js
+++ b/src/router/routes.js
@@ -31,6 +31,13 @@
 import Power from '@/views/ResourceManagement/Power';
 import i18n from '@/i18n';
 
+const roles = {
+  administrator: 'Administrator',
+  operator: 'Operator',
+  readonly: 'ReadOnly',
+  noaccess: 'NoAccess',
+};
+
 const routes = [
   {
     path: '/login',
@@ -253,6 +260,7 @@
         component: SerialOverLan,
         meta: {
           title: i18n.t('appPageTitle.serialOverLan'),
+          exclusiveToRoles: [roles.administrator],
         },
       },
       {
@@ -269,6 +277,7 @@
         component: VirtualMedia,
         meta: {
           title: i18n.t('appPageTitle.virtualMedia'),
+          exclusiveToRoles: [roles.administrator],
         },
       },
       {