|
function AuthorizationService($injector, $cookieStore, $window, StringUtils, AuthConstants) { |
|
|
|
var token = $cookieStore.get(AuthConstants.cookie); |
|
|
|
function getUser() { |
|
return token.user; |
|
} |
|
|
|
function hasPermission(resourceName, permissionName) { |
|
return _.some(getUser().roles, function(role) { |
|
return resourceName in role.permissions && _.some(role.permissions[resourceName], function(permission) { |
|
return permission === permissionName; |
|
}); |
|
}); |
|
} |
|
|
|
function handleLogout(sessionExpirationType) { |
|
|
|
$cookieStore.remove(AuthConstants.cookie); |
|
if (angular.isUndefined(sessionExpirationType)) { |
|
$window.location.href = './logout'; |
|
} |
|
else { |
|
$window.location.href = StringUtils.format('./logout?s={0}', sessionExpirationType); |
|
} |
|
} |
|
|
|
this.hasRole = function(name) { |
|
return _.some(getUser().roles, function(role) { |
|
return role.name == name; |
|
}); |
|
}; |
|
|
|
this.canRead = function(resource) { |
|
return hasPermission(resource, AuthConstants.Permission.READ) || this.canWrite(resource); |
|
}; |
|
|
|
this.canWrite = function(resource) { |
|
return hasPermission(resource, AuthConstants.Permission.WRITE); |
|
}; |
|
|
|
this.canExecute = function(resource) { |
|
return hasPermission(resource, AuthConstants.Permission.EXECUTE); |
|
}; |
|
|
|
this.logout = function(sessionExpirationType) { |
|
|
|
$injector.get('$http', 'AuthorizationService') |
|
.delete('token') |
|
.success(function() { handleLogout(sessionExpirationType); }) |
|
.error(function() { handleLogout(sessionExpirationType); }); |
|
}; |
|
} |
