From f24f847adaa59961ebe128de00a30154e24e2f4f Mon Sep 17 00:00:00 2001
From: avannecer <58587733+avannecer@users.noreply.github.com>
Date: Wed, 15 Feb 2023 14:39:26 +0100
Subject: [PATCH] API part 1

API protection using permission by roles
---
 pw/pw-jwt-oauth/client/src/app/home/home.html      |  8 ++++----
 pw/pw-jwt-oauth/client/src/app/home/home.ts        | 11 ++++++++++-
 .../src/app/services/auth/principal.service.ts     | 14 ++++++++++++++
 3 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/pw/pw-jwt-oauth/client/src/app/home/home.html b/pw/pw-jwt-oauth/client/src/app/home/home.html
index 08d6cdbe..25d1a228 100644
--- a/pw/pw-jwt-oauth/client/src/app/home/home.html
+++ b/pw/pw-jwt-oauth/client/src/app/home/home.html
@@ -25,15 +25,15 @@ <h1>{{message}}</h1>
             <td>{{currentNew.author}}</td>
             <td>{{currentNew.category}}</td>
             <td>{{currentNew.content}}</td>
-            <td><button class="btn" (click)="addLike(currentNew)"><img src="assets/styles/ktheme/img/like.png" /> {{currentNew.likes}}</button></td>
-            <td><button class="btn" (click)="deleteNews(currentNew)"><img src="assets/styles/ktheme/img/delete.png"/></button></td>
+            <td><button class="btn" *ngIf="isAdmin() || isUser()" (click)="addLike(currentNew)"><img src="assets/styles/ktheme/img/like.png" /> {{currentNew.likes}}</button></td> <!--uniquement authentifié-->
+            <td><button class="btn" *ngIF="isAdmin()" (click)="deleteNews(currentNew)"><img src="assets/styles/ktheme/img/delete.png"/></button></td> <!--uniquement admin-->
         </tr>
-        <tr class="gradeA">
+        <tr *ngIF="isUser()" class="gradeA">
             <td><input type="text" [(ngModel)]="nextNews.author" placeholder="author"/></td>
             <td><input type="text" [(ngModel)]="nextNews.category" placeholder="category"/></td>
             <td><input type="text" [(ngModel)]="nextNews.content" placeholder="content"/></td>
             <td></td>
-            <td><button class="btn" (click)="addNews()"><img src="assets/styles/ktheme/img/add.png"/></button></td>
+            <td><button class="btn"  (click)="addNews()"><img src="assets/styles/ktheme/img/add.png"/></button></td> <!--uniquement utilisateur-->
         </tr>
         </tbody>
     </table>
diff --git a/pw/pw-jwt-oauth/client/src/app/home/home.ts b/pw/pw-jwt-oauth/client/src/app/home/home.ts
index 48840ea2..f8ed4a8c 100644
--- a/pw/pw-jwt-oauth/client/src/app/home/home.ts
+++ b/pw/pw-jwt-oauth/client/src/app/home/home.ts
@@ -3,6 +3,7 @@ import { Observable } from 'rxjs';
 
 import { NewsService } from '../services/newsService';
 import { News } from '../beans/news';
+import { Principal } from '../services/auth/principal.service';
 
 @Component({
   selector: 'home',
@@ -15,7 +16,15 @@ export class Home implements OnInit {
   newsOfTheDay: News = {};
   nextNews: News = {};
 
-  constructor(private newsService: NewsService) {}
+  constructor(
+        private newsService: NewsService,
+        public principal: Principal
+         ) {}
+
+
+  isAdmin(){ return this.principal.isAdmin();}
+  isUser(){ return this.principal.isUser();}
+  
 
   ngOnInit() {
     this.updateNews();
diff --git a/pw/pw-jwt-oauth/client/src/app/services/auth/principal.service.ts b/pw/pw-jwt-oauth/client/src/app/services/auth/principal.service.ts
index a9b48ff5..b5695655 100644
--- a/pw/pw-jwt-oauth/client/src/app/services/auth/principal.service.ts
+++ b/pw/pw-jwt-oauth/client/src/app/services/auth/principal.service.ts
@@ -16,6 +16,20 @@ export class Principal {
     this.authenticationState.next(this._identity);
   }
 
+  isAdmin(){
+    if (this._identity.include == "Admin"){
+      return(true)
+    }
+    return(false)
+  }
+
+  isUser(){
+    if (this._identity == "User"){
+      return(true)
+    }
+    return(false)
+  }
+
   identity(force?: boolean): Promise<any> {
     if (force === true) {
       this._identity = undefined;