[NAE-1717] Banned roles not hiding menu entries

renczesstefan · renczesstefan · commit 61691c8a78bd · 2022-09-27T14:59:44.000+02:00
- corrected according to PR.
diff --git a/projects/netgrif-components-core/src/lib/authorization/role/role-guard.service.ts b/projects/netgrif-components-core/src/lib/authorization/role/role-guard.service.ts
@@ -43,12 +43,13 @@ export class RoleGuardService implements CanActivate {
                 const bannedRoles = this.parseRoleConstraints(view.access.bannedRole, url);
                 const allowedRoles = this.parseRoleConstraints(view.access.role, url);
 
-                if (bannedRoles.length == 0 && allowedRoles.length == 0) {
+                if (bannedRoles.some(role => this.decideAccessByRole(role))) {
                     return false;
                 }
 
-                if (bannedRoles.some(role => this.decideAccessByRole(role))) {
-                    return false;
+                if (allowedRoles.length === 0) {
+                    this._log.warn(`View at '${url}' defines role access constraint with an empty array!`
+                        + ` No users will be allowed to enter this view!`);
                 }
                 return allowedRoles.some(role => this.decideAccessByRole(role)); // user was not denied access by a banned role, they need at least one allowed role
             }
@@ -62,6 +63,10 @@ export class RoleGuardService implements CanActivate {
 
             if (view.access.hasOwnProperty('role')) {
                 const allowedRoles = this.parseRoleConstraints(view.access.role, url);
+                if (allowedRoles.length === 0) {
+                    this._log.warn(`View at '${url}' defines role access constraint with an empty array!`
+                        + ` No users will be allowed to enter this view!`);
+                }
                 return allowedRoles.some(constraint => {
                     return this.decideAccessByRole(constraint);
                 });
@@ -77,8 +82,6 @@ export class RoleGuardService implements CanActivate {
         }
         if (Array.isArray(roleConstrains)) {
             if (roleConstrains.length === 0) {
-                this._log.warn(`View at '${viewUrl}' defines role access constraint with an empty array!`
-                    + ` No users will be allowed to enter this view!`);
                 return [];
             }
             if (typeof roleConstrains[0] === 'string') {
