Docs

File

core/common/permissions.service.ts

Index

Properties

Static ROLE_ADVANCED_SOFTWARE_ADMIN
Static ROLE_ADVANCED_SOFTWARE_READ
Static ROLE_ALARM_ADMIN
Static ROLE_ALARM_READ
Static ROLE_ANALYTICSBUILDER_READ
Static ROLE_APPLICATION_MANAGEMENT_ADMIN
Static ROLE_APPLICATION_MANAGEMENT_READ
Static ROLE_AUDIT_ADMIN
Static ROLE_AUDIT_READ
Static ROLE_BINARY_ADMIN
Static ROLE_BINARY_CREATE
Static ROLE_BINARY_READ
Static ROLE_BULK_OPERATION_ADMIN
Static ROLE_BULK_OPERATION_READ
Static ROLE_CEP_MANAGEMENT_ADMIN
Static ROLE_CEP_MANAGEMENT_READ
Static ROLE_DATA_BROKER_ADMIN
Static ROLE_DATA_BROKER_READ
Static ROLE_DEVICE_CONTROL_ADMIN
Static ROLE_DEVICE_CONTROL_READ
Static ROLE_EMAIL_CREATE
Static ROLE_EPLAPPS_READ
Static ROLE_EVENT_ADMIN
Static ROLE_EVENT_READ
Static ROLE_GENERIC_MQTT_ADMIN
Static ROLE_IDENTITY_ADMIN
Static ROLE_IDENTITY_READ
Static ROLE_INVENTORY_ADMIN
Static ROLE_INVENTORY_CREATE
Static ROLE_INVENTORY_READ
Static ROLE_MACHINE_LEARNING_READ
Static ROLE_MANAGED_OBJECT_ADMIN
Static ROLE_MANAGED_OBJECT_CREATE
Static ROLE_MANAGED_OBJECT_READ
Static ROLE_MEASUREMENT_ADMIN
Static ROLE_MEASUREMENT_READ
Static ROLE_MQTT_CONNECT_ADMIN
Static ROLE_MQTT_SERVICE_ADMIN
Static ROLE_NOTIFICATION_2_ADMIN
Static ROLE_OPTION_MANAGEMENT_ADMIN
Static ROLE_OPTION_MANAGEMENT_READ
Static ROLE_PROVISIONING_CREATE
Static ROLE_PROVISIONING_READ
Static ROLE_PROVISIONING_UPDATE
Static ROLE_REMOTE_ACCESS_ADMIN
Static ROLE_RETENTION_RULE_ADMIN
Static ROLE_RETENTION_RULE_READ
Static ROLE_SCHEDULE_REPORT_ADMIN
Static ROLE_SIMULATOR_ADMIN
Static ROLE_SMARTGROUP_ADMIN
Static ROLE_SMARTGROUP_CREATE
Static ROLE_SMARTGROUP_UPDATE
Static ROLE_SMARTRULE_ADMIN
Static ROLE_SMARTRULE_READ
Static ROLE_SMS_ADMIN
Static ROLE_SMS_READ
Static ROLE_TENANT_ADMIN
Static ROLE_TENANT_MANAGEMENT_ADMIN
Static ROLE_TENANT_MANAGEMENT_CREATE
Static ROLE_TENANT_MANAGEMENT_READ
Static ROLE_TENANT_MANAGEMENT_UPDATE
Static ROLE_TENANT_STATISTICS_READ
Static ROLE_USER_MANAGEMENT_ADMIN
Static ROLE_USER_MANAGEMENT_CREATE
Static ROLE_USER_MANAGEMENT_OWN_ADMIN
Static ROLE_USER_MANAGEMENT_OWN_READ
Static ROLE_USER_MANAGEMENT_READ

Methods

canEdit
Protected Async checkIfOwner
Protected Async checkWithRequest
hasAllRoles
hasAnyGlobalRole
hasAnyRole
hasRole

Constructor

constructor(appState: AppStateService, inventory: InventoryService, user: UserService)

Parameters :

Name	Type	Optional
appState	`AppStateService`	No
inventory	`InventoryService`	No
user	`UserService`	No

Methods

canEdit

canEdit(roleIds: string[], mo: IManagedObject | IIdentified, config: CanEditConfig)

Checks if the current user has write permissions for the given mo (either through global role, individual device permissions or via inventory roles).

Example :

async canEditGroup(group: IManagedObject): Promise<boolean> {
  return await this.permissions.canEdit(
    [Permissions.ROLE_INVENTORY_ADMIN, Permissions.ROLE_MANAGED_OBJECT_ADMIN],
    group
  );
}

Parameters :

Name	Type	Optional	Default value	Description
roleIds	`string[]`	No		The array of role ids to check if the current user have at least one of them.
mo	`IManagedObject \| IIdentified`	No		The managed object for which we are checking whether the user has access.
config	`CanEditConfig`	No	`{ skipRolesCheck: false, skipOwnerCheck: false, skipRequestCheck: false }`	A configuration object that can take the following values: `skipRolesCheck`: `boolean` - skips roles check, `skipOwnerCheck`: `boolean` - skips ownership check, `skipRequestCheck`: `boolean` - skips checks with a query to the inventory API. UI will make a query to backend whether the user can edit the managed object. A rejection from BE indicates a lack of permission.

Returns : Promise<boolean>

A Promise resolving to a boolean value. true if editing is permitted based on the given parameters and configuration; otherwise, false.

Protected Async checkIfOwner

checkIfOwner(mo: IManagedObject | IIdentified)

Decorators :

@memoize(undefined)

Checks if the current user is the owner of the managed object. Utilizes memoization to cache the result based on the managed object's id, improving performance for subsequent checks of the same object.

Example :

const managedObject = { id: '123', owner: 'johnDoe' };
this.checkIfOwner(managedObject).then(isOwner => {
  console.log(isOwner);
});

Parameters :

Name	Type	Optional	Description
mo	`IManagedObject \| IIdentified`	No	The managed object to check ownership against.

Returns : Promise<boolean>

A promise that resolves to true if the current user is the owner of the managed object, and false otherwise.

Protected Async checkWithRequest

checkWithRequest(mo: IManagedObject | IIdentified)

Decorators :

@memoize(undefined)

Attempts to perform a partial update on a managed object as a means to check for edit permissions. Utilizes memoization to cache the result based on the managed object's id, thereby avoiding unnecessary repeated requests for the same object.

This method essentially tests if the current user has permission to update the managed object, serving as an indirect permission check.

Example :

const managedObject = { id: '456' };
this.checkWithRequest(managedObject).then(hasPermission => {
  console.log(hasPermission);
}).catch(error => {
  console.error(error);
});

Parameters :

Name	Type	Optional	Description
mo	`IManagedObject \| IIdentified`	No	The managed object to test edit permissions on.

Returns : Promise<boolean>

A promise that resolves to true if the update request succeeds (indicating edit permissions), and false if it fails.

hasAllRoles

hasAllRoles(roleIds: string[])

Checks if the current user possesses all the specified roles.

Example :

hasMOReadAndBinaryReadRoles(): boolean {
  return this.permissions.hasAllRoles([
    Permissions.ROLE_MANAGED_OBJECT_READ,
    Permissions.ROLE_BINARY_READ
  ]);
}

Parameters :

Name	Type	Optional	Description
roleIds	`string[]`	No	An array of strings representing the role IDs to check against the current user's roles.

Returns : boolean

A boolean value indicating whether the current user has all the specified roles.

hasAnyGlobalRole

hasAnyGlobalRole(globalRolesIds: number[])

Checks if the current user possesses any of the specified global roles.

Example :

hasAnyGlobalRoles(dashboard: ContextDashboardManagedObject): boolean {
  const globalRolesIds = dashboard?.c8y_Dashboard?.globalRolesIds;
  return this.permissions.hasAnyGlobalRole(globalRolesIds);
}

Parameters :

Name	Type	Optional	Description
globalRolesIds	`number[]`	No	An array of numbers representing the global role IDs to check against the current user's roles.

Returns : boolean

A boolean value indicating whether the current user has any of the specified global roles.

hasAnyRole

hasAnyRole(roleIds: string[])

Checks if the current user possesses any of the specified roles.

Example :

hasTenantAdminOrTenantManagementAdminRoles(): boolean {
 return this.permissions.hasAnyRole([
   Permissions.ROLE_TENANT_ADMIN,
   Permissions.ROLE_TENANT_MANAGEMENT_ADMIN
 ]);
};

Parameters :

Name	Type	Optional	Description
roleIds	`string[]`	No	An array of strings representing the role IDs to check against the current user's roles.

Returns : boolean

A boolean value indicating whether the current user has any of the specified roles.

hasRole

hasRole(roleId: string)

Checks if the current user has the specified role.

Example :

hasSmsReadRole(): boolean {
 return this.permissions.hasRole(Permissions.ROLE_SMS_READ);
};

Parameters :

Name	Type	Optional	Description
roleId	`string`	No	The ID of the role to check against the current user's roles.

Returns : boolean

A boolean value indicating whether the current user has the specified role.

Properties

Static ROLE_ADVANCED_SOFTWARE_ADMIN

Type : string

Default value : 'ROLE_ADVANCED_SOFTWARE_ADMIN'

Static ROLE_ADVANCED_SOFTWARE_READ

Type : string

Default value : 'ROLE_ADVANCED_SOFTWARE_READ'

Static ROLE_ALARM_ADMIN

Type : string

Default value : 'ROLE_ALARM_ADMIN'

Static ROLE_ALARM_READ

Type : string

Default value : 'ROLE_ALARM_READ'

Static ROLE_ANALYTICSBUILDER_READ

Type : string

Default value : 'ROLE_ANALYTICSBUILDER_READ'

Static ROLE_APPLICATION_MANAGEMENT_ADMIN

Type : string

Default value : 'ROLE_APPLICATION_MANAGEMENT_ADMIN'

Static ROLE_APPLICATION_MANAGEMENT_READ

Type : string

Default value : 'ROLE_APPLICATION_MANAGEMENT_READ'

Static ROLE_AUDIT_ADMIN

Type : string

Default value : 'ROLE_AUDIT_ADMIN'

Static ROLE_AUDIT_READ

Type : string

Default value : 'ROLE_AUDIT_READ'

Static ROLE_BINARY_ADMIN

Type : string

Default value : 'ROLE_BINARY_ADMIN'

Static ROLE_BINARY_CREATE

Type : string

Default value : 'ROLE_BINARY_CREATE'

Static ROLE_BINARY_READ

Type : string

Default value : 'ROLE_BINARY_READ'

Static ROLE_BULK_OPERATION_ADMIN

Type : string

Default value : 'ROLE_BULK_OPERATION_ADMIN'

Static ROLE_BULK_OPERATION_READ

Type : string

Default value : 'ROLE_BULK_OPERATION_READ'

Static ROLE_CEP_MANAGEMENT_ADMIN

Type : string

Default value : 'ROLE_CEP_MANAGEMENT_ADMIN'

Static ROLE_CEP_MANAGEMENT_READ

Type : string

Default value : 'ROLE_CEP_MANAGEMENT_READ'

Static ROLE_DATA_BROKER_ADMIN

Type : string

Default value : 'ROLE_DATA_BROKER_ADMIN'

Static ROLE_DATA_BROKER_READ

Type : string

Default value : 'ROLE_DATA_BROKER_READ'

Static ROLE_DEVICE_CONTROL_ADMIN

Type : string

Default value : 'ROLE_DEVICE_CONTROL_ADMIN'

Static ROLE_DEVICE_CONTROL_READ

Type : string

Default value : 'ROLE_DEVICE_CONTROL_READ'

Static ROLE_EMAIL_CREATE

Type : string

Default value : 'ROLE_EMAIL_CREATE'

Static ROLE_EPLAPPS_READ

Type : string

Default value : 'ROLE_EPLAPPS_READ'

Static ROLE_EVENT_ADMIN

Type : string

Default value : 'ROLE_EVENT_ADMIN'

Static ROLE_EVENT_READ

Type : string

Default value : 'ROLE_EVENT_READ'

Static ROLE_GENERIC_MQTT_ADMIN

Type : string

Default value : 'ROLE_GENERIC_MQTT_ADMIN'

Static ROLE_IDENTITY_ADMIN

Type : string

Default value : 'ROLE_IDENTITY_ADMIN'

Static ROLE_IDENTITY_READ

Type : string

Default value : 'ROLE_IDENTITY_READ'

Static ROLE_INVENTORY_ADMIN

Type : string

Default value : 'ROLE_INVENTORY_ADMIN'

Static ROLE_INVENTORY_CREATE

Type : string

Default value : 'ROLE_INVENTORY_CREATE'

Static ROLE_INVENTORY_READ

Type : string

Default value : 'ROLE_INVENTORY_READ'

Static ROLE_MACHINE_LEARNING_READ

Type : string

Default value : 'ROLE_MACHINE_LEARNING_READ'

Static ROLE_MANAGED_OBJECT_ADMIN

Type : string

Default value : 'ROLE_MANAGED_OBJECT_ADMIN'

Static ROLE_MANAGED_OBJECT_CREATE

Type : string

Default value : 'ROLE_MANAGED_OBJECT_CREATE'

Static ROLE_MANAGED_OBJECT_READ

Type : string

Default value : 'ROLE_MANAGED_OBJECT_READ'

Static ROLE_MEASUREMENT_ADMIN

Type : string

Default value : 'ROLE_MEASUREMENT_ADMIN'

Static ROLE_MEASUREMENT_READ

Type : string

Default value : 'ROLE_MEASUREMENT_READ'

Static ROLE_MQTT_CONNECT_ADMIN

Type : string

Default value : 'ROLE_MQTT_CONNECT_ADMIN'

Static ROLE_MQTT_SERVICE_ADMIN

Type : string

Default value : 'ROLE_MQTT_SERVICE_ADMIN'

Static ROLE_NOTIFICATION_2_ADMIN

Type : string

Default value : 'ROLE_NOTIFICATION_2_ADMIN'

Static ROLE_OPTION_MANAGEMENT_ADMIN

Type : string

Default value : 'ROLE_OPTION_MANAGEMENT_ADMIN'

Static ROLE_OPTION_MANAGEMENT_READ

Type : string

Default value : 'ROLE_OPTION_MANAGEMENT_READ'

Static ROLE_PROVISIONING_CREATE

Type : string

Default value : 'ROLE_PROVISIONING_CREATE'

Static ROLE_PROVISIONING_READ

Type : string

Default value : 'ROLE_PROVISIONING_READ'

Static ROLE_PROVISIONING_UPDATE

Type : string

Default value : 'ROLE_PROVISIONING_UPDATE'

Static ROLE_REMOTE_ACCESS_ADMIN

Type : string

Default value : 'ROLE_REMOTE_ACCESS_ADMIN'

Static ROLE_RETENTION_RULE_ADMIN

Type : string

Default value : 'ROLE_RETENTION_RULE_ADMIN'

Static ROLE_RETENTION_RULE_READ

Type : string

Default value : 'ROLE_RETENTION_RULE_READ'

Static ROLE_SCHEDULE_REPORT_ADMIN

Type : string

Default value : 'ROLE_SCHEDULE_REPORT_ADMIN'

Static ROLE_SIMULATOR_ADMIN

Type : string

Default value : 'ROLE_SIMULATOR_ADMIN'

Static ROLE_SMARTGROUP_ADMIN

Type : string

Default value : 'ROLE_SMARTGROUP_ADMIN'

Static ROLE_SMARTGROUP_CREATE

Type : string

Default value : 'ROLE_SMARTGROUP_CREATE'

Static ROLE_SMARTGROUP_UPDATE

Type : string

Default value : 'ROLE_SMARTGROUP_UPDATE'

Static ROLE_SMARTRULE_ADMIN

Type : string

Default value : 'ROLE_SMARTRULE_ADMIN'

Static ROLE_SMARTRULE_READ

Type : string

Default value : 'ROLE_SMARTRULE_READ'

Static ROLE_SMS_ADMIN

Type : string

Default value : 'ROLE_SMS_ADMIN'

Static ROLE_SMS_READ

Type : string

Default value : 'ROLE_SMS_READ'

Static ROLE_TENANT_ADMIN

Type : string

Default value : 'ROLE_TENANT_ADMIN'

Static ROLE_TENANT_MANAGEMENT_ADMIN

Type : string

Default value : 'ROLE_TENANT_MANAGEMENT_ADMIN'

Static ROLE_TENANT_MANAGEMENT_CREATE

Type : string

Default value : 'ROLE_TENANT_MANAGEMENT_CREATE'

Static ROLE_TENANT_MANAGEMENT_READ

Type : string

Default value : 'ROLE_TENANT_MANAGEMENT_READ'

Static ROLE_TENANT_MANAGEMENT_UPDATE

Type : string

Default value : 'ROLE_TENANT_MANAGEMENT_UPDATE'

Static ROLE_TENANT_STATISTICS_READ

Type : string

Default value : 'ROLE_TENANT_STATISTICS_READ'

Static ROLE_USER_MANAGEMENT_ADMIN

Type : string

Default value : 'ROLE_USER_MANAGEMENT_ADMIN'

Static ROLE_USER_MANAGEMENT_CREATE

Type : string

Default value : 'ROLE_USER_MANAGEMENT_CREATE'

Static ROLE_USER_MANAGEMENT_OWN_ADMIN

Type : string

Default value : 'ROLE_USER_MANAGEMENT_OWN_ADMIN'

Static ROLE_USER_MANAGEMENT_OWN_READ

Type : string

Default value : 'ROLE_USER_MANAGEMENT_OWN_READ'

Static ROLE_USER_MANAGEMENT_READ

Type : string

Default value : 'ROLE_USER_MANAGEMENT_READ'

File

Index

Properties

Methods

Constructor

Methods

Properties

results matching ""

No results matching ""