"use strict"; /** * Created by igor.samulenko on 5/20/2014. */ (function () { 'use strict'; angular.module('securityModule').factory('permissionModel', ['$rootScope', 'events', 'AUTH_EVENTS', 'roles', function ($rootScope, events, AUTH_EVENTS, roles) { var permissionList = []; var roleList = []; var permissionModel = {}; /** * Inits list of roles * * @param {Array} permissions */ permissionModel.setPermissions = function (permissions) { permissionList = permissions; $rootScope.$broadcast(events.PERMISSIONS_CHANGED); }; /** * Returns true if specified permission is contained in a list of permissions or access is "write" for the specified role * * @param {String} permission * @returns {Boolean} */ permissionModel.hasPermission = function (permission) { if (_.includes(permissionList, permission.trim())) { return true; } else { return (_.find(roleList, { id: permission, permission: 'write' })); } }; /** * Returns role * * @param {String} permission * @returns {Boolean} */ permissionModel.getRolePermission = function (role) { return (_.find(roleList, { id: role })); }; permissionModel.hasAssetCreatePermission = function () { var assetUserRole = permissionModel.getRolePermission('galileo-asset-access'); var assetCreator = permissionModel.getRolePermission('galileo-asset-creator'); if ((assetUserRole && assetUserRole.permission === 'write') || ((assetUserRole && assetUserRole.permission === 'read') && (assetCreator && assetCreator.permission === 'write'))) { return true; } else { return false; } }; /** * Returns true if user has write permission for a ticket type for calendar, else it returns false * * @param {String} type * @returns {Boolean} */ permissionModel.hasPermissionForCalendar = function (type) { var permission; if (type == EntityVO.TYPE_CHANGE) { permission = roles.ITSM_CHANGE_USER_ROLE; } else if (type == EntityVO.TYPE_RELEASE) { permission = roles.ITSM_RELEASE_USER_ROLE; } else { permission = roles.ITSM_AGENT_ROLE; } var index = _.findIndex(roleList, { id: permission }); return (index > -1); }; /** * Returns true if user has write permission for a ticket type, else it returns false * * @param {String} type * @returns {Boolean} */ permissionModel.hasPermissionForTicket = function (type) { var permission; if (type == EntityVO.TYPE_CHANGE) { permission = roles.ITSM_CHANGE_USER_ROLE; } else if (type == EntityVO.TYPE_PROBLEM || type == EntityVO.TYPE_KNOWNERROR) { permission = roles.ITSM_PROBLEM_USER_ROLE; } else if (type == EntityVO.TYPE_RELEASE) { permission = roles.ITSM_RELEASE_USER_ROLE; } else if (type == EntityVO.TYPE_KNOWLEDGE) { permission = roles.ITSM_KNOWLEDGE_USER_ROLE; } else if (type == EntityVO.TYPE_ASSET) { permission = roles.ITSM_ASSET_USER_ROLE; } else { permission = roles.ITSM_AGENT_ROLE; } var index = _.findIndex(roleList, { id: permission, permission: 'write' }); if ((index === -1) && type === EntityVO.TYPE_TASK) { index = _.findIndex(roleList, function (role) { return role.id === roles.ITSM_PROBLEM_USER_ROLE || role.id === roles.ITSM_CHANGE_USER_ROLE; }); } return index === -1 ? false : true; }; /** * Returns true if specified role is contained in a list of roles. * * @param {String} role * @returns {Boolean} */ permissionModel.hasRole = function (role) { return _.find(roleList, function (item) { return item.id === role.trim(); }) !== undefined; }; $rootScope.$on(events.PERSON_PERMISSION_DATA_LOADED, handlePersonDataLoaded); $rootScope.$on(AUTH_EVENTS.LOGOUT_SUCCESS, handleLogout); /** * Returns true if both Live Chat agent and Live Chat admin/supervisor roles are in the list of roles. */ permissionModel.checkLiveChatRoles = function () { return permissionModel.hasRole(roles.ESCHAT_AGENT_ROLE) && permissionModel.hasRole(roles.ESCHAT_ADMIN_ROLE); }; permissionModel.hasAdminOnlyRole = function () { var hasAdminRole = permissionModel.hasRole(roles.ITSM_ADMIN_ROLE), hasOtherRoles = (permissionModel.hasRole(roles.ITSM_AGENT_ROLE) || permissionModel.hasRole(roles.ITSM_CHANGE_USER_ROLE) || permissionModel.hasRole(roles.ITSM_KNOWLEDGE_USER_ROLE)); return hasAdminRole && !hasOtherRoles; }; permissionModel.hasKnowledgeOnlyRole = function () { var noAdminRoles = _.reject(roleList, { id: roles.ITSM_ADMIN_ROLE }); return noAdminRoles.length === 1 && permissionModel.hasRole(roles.ITSM_KNOWLEDGE_USER_ROLE); }; /** * Private functions */ function handlePersonDataLoaded(event, data) { roleList = data; if (_.find(roleList, { id: roles.ITSM_ADMIN_ROLE, permission: 'write' })) { permissionList = ['admin:screenConfiguration']; } if (_.find(roleList, { id: roles.ITSM_ASSET_USER_ROLE, permission: 'write' })) { roleList.push({ id: roles.ITSM_ASSET_ADMIN_ROLE, permission: 'write' }); } $rootScope.$broadcast(events.PERMISSIONS_CHANGED); } function handleLogout() { permissionModel.setPermissions([]); } return permissionModel; }]); })();