Concept and route object

In the new permission structure in SUMMIT 8, we’re using Api actions to determine if the user is available to do something. The concept is as following:

• The user loads a URL
• The authorization service defined as the allowActivate guard service will send a list of possible actions on that page to the backend and gets in return the list of available actions for that user
• The authorization service will then check if the user is allowed to view the routing component
• If the user isn’t allowed to view the component, then the routing will be cancelled, the previous set of available actions will be set and an error will occur.
• If the user is allowed to view the component, the component then checks if the user can view all sub-components (editors, buttons, tabs, etc.), which should be guarded with an *ngIf and a check whether the required action is available.

Route object

There are two new properties added to the route object: ‘canActivate’ and ‘actionList’. The actionList requires a service which will contain all used actions in the routing component and the subcomponents. The name of this service must be the same as the name of the routing component. This service is generated by the Angular_ActionLoader generator. The canActivate requires an array of services. In our case this means a service which is derived from the ‘BaseAuthorizationService’. The name of this service is based on the subject and must end with ‘AuthorizationService’.

An example of a route object in *-routing.module.ts:

{
path: MainRouting.dashboardPath,
component: MainDashboardComponent,
runGuardsAndResolvers: 'always',
canActivate: [MainAuthorizationService],
    data: {
    actionList: MainDashboardActionListService,
    breadcrumb: MainRouting.title,
    scopeType: ScopeType.Application,
    },
},

N.B: The canActivate is not a replacement of the canDeactivate