Merge pull request #436 from medizininformatik-initiative/434-userprofileservice-for-centralized-user-authentication-and-authorization-management

Refactor user profile handling across services and components; add Us…

Author: thkoehler11

cypress/docker/docker-compose.yml

@@ -1,3 +1,5 @@
+# Wieso hoch und runterfahren des Containers wenn settings geändert werden
+# DataPortalAdmin hat keine rechte
 services:
   dataportal-backend:
     container_name: dataportal-backend

src/app/CoreInit.service.ts

@@ -1,23 +1,17 @@
+import { ActuatorApiService } from './service/Backend/Api/ActuatorApi.service';
 import { AppConfigService } from './config/app-config.service';
 import { catchError, concatMap, map, tap } from 'rxjs/operators';
 import { DataSelectionMainProfileInitializerService } from './service/DataSelectionMainProfileInitializerService';
 import { DataSelectionProfile } from './model/DataSelection/Profile/DataSelectionProfile';
 import { FeatureProviderService } from './service/FeatureProvider.service';
 import { FeatureService } from './service/Feature.service';
-import { HttpClient } from '@angular/common/http';
 import { IAppConfig } from './config/app-config.model';
 import { Injectable } from '@angular/core';
 import { OAuthInitService } from './core/auth/oauth-init.service';
 import { Observable, of, throwError } from 'rxjs';
 import { ProvidersInitService } from './service/Provider/ProvidersInit.service';
 import { TerminologySystemProvider } from './service/Provider/TerminologySystemProvider.service';
-import { ActuatorApiService } from './service/Backend/Api/ActuatorApi.service';
-
-interface PatientProfileInitResult {
-  config: IAppConfig
-  patientProfileResult: DataSelectionProfile
-}
-
+import { UserProfileService } from './service/User/UserProfile.service';
 @Injectable({ providedIn: 'root' })
 export class CoreInitService {
   constructor(
@@ -28,13 +22,21 @@ export class CoreInitService {
     private featureService: FeatureService,
     private featureProviderService: FeatureProviderService,
     private providersInitService: ProvidersInitService,
-    private http: HttpClient,
-    private actuatorApiService: ActuatorApiService
+    private actuatorApiService: ActuatorApiService,
+    private userProfileService: UserProfileService
   ) {}
 
+  /**
+   * @see Once the pipe has more than nine operators the return type will
+   * be Observable<unknown> therefore it needs to be casted explicitly
+   * to the return desired type
+   * Initializes core services and features.
+   * @returns An observable of the application configuration.
+   */
   public init(): Observable<IAppConfig> {
     return this.loadConfig().pipe(
       concatMap((config) => this.initOAuth(config)),
+      concatMap((config) => this.initUserProfile(config)),
       concatMap((config) => this.initFeatureService(config)),
       concatMap((config) => this.initFeatureProviderService(config)),
       concatMap((config) => this.checkBackendHealth(config)),
@@ -52,7 +54,7 @@ export class CoreInitService {
         console.error('CoreInitService failed:', err);
         return throwError(() => err);
       })
-    );
+    ) as Observable<IAppConfig>;
   }
 
   private loadConfig(): Observable<IAppConfig> {
@@ -78,6 +80,18 @@ export class CoreInitService {
     );
   }
 
+  private initUserProfile(config: IAppConfig): Observable<IAppConfig> {
+    return this.userProfileService.initializeProfile().pipe(
+      tap((result) => console.log('UserProfile initialized:', result)),
+      concatMap((result: boolean) =>
+        result === true
+          ? of(config)
+          : throwError(() => new Error('UserProfile initialization failed'))
+      ),
+      map(() => config)
+    );
+  }
+
   private initFeatureService(config: IAppConfig): Observable<IAppConfig> {
     return this.featureService.initFeatureService(config).pipe(
       tap((result) => console.log('FeatureService initialized:', result === true)),

src/app/core/auth/guards/role.guard.ts

@@ -1,20 +1,22 @@
+import { FeatureService } from '../../../service/Feature.service';
 import { Injectable } from '@angular/core';
+import { UserProfileService } from 'src/app/service/User/UserProfile.service';
 import {
   CanActivate,
   CanLoad,
   Route,
   ActivatedRouteSnapshot,
   RouterStateSnapshot,
 } from '@angular/router';
-import { OAuthService } from 'angular-oauth2-oidc';
-import { IUserProfile } from '../../../shared/models/user/user-profile.interface';
-import { FeatureService } from '../../../service/Feature.service';
 
 @Injectable({
   providedIn: 'root',
 })
 export class RoleGuard implements CanActivate, CanLoad {
-  constructor(private oauthService: OAuthService, public featureService: FeatureService) {}
+  constructor(
+    public featureService: FeatureService,
+    private userProfileService: UserProfileService
+  ) {}
 
   canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Promise<boolean> {
     const redirectUri = window.location.origin + state.url;
@@ -25,10 +27,8 @@ export class RoleGuard implements CanActivate, CanLoad {
     const redirectUri = window.location.origin + '/' + route.path;
     return this.isAllowed(route, redirectUri);
   }
-
   async isAllowed(route: ActivatedRouteSnapshot | Route, redirectUri: string): Promise<boolean> {
     const allowedRoles = route.data?.roles;
-
     if (!(allowedRoles instanceof Array) || allowedRoles.length === 0) {
       return Promise.resolve(true);
     }
@@ -47,18 +47,7 @@ export class RoleGuard implements CanActivate, CanLoad {
       }
     });
 
-    const isLoggedIn =
-      this.oauthService.hasValidIdToken() && this.oauthService.hasValidAccessToken();
-
-    if (!isLoggedIn) {
-      await this.oauthService.loadDiscoveryDocumentAndLogin({ customRedirectUri: redirectUri });
-    }
-
-    let userRoles: string[];
-    await this.oauthService.loadUserProfile().then((userinfo: IUserProfile) => {
-      userRoles = userinfo.info.realm_access.roles;
-    });
-
+    const userRoles: string[] = this.userProfileService.getCurrentProfile().info.realm_access.roles;
     if (userRoles) {
       return Promise.resolve(expandedAllowedRoles.some((role) => userRoles.indexOf(role) >= 0));
     }

src/app/layout/components/header/header.component.ts

@@ -6,6 +6,7 @@ import { FeatureService } from '../../../service/Feature.service';
 import { IUserProfile } from '../../../shared/models/user/user-profile.interface';
 import { MatDialog } from '@angular/material/dialog';
 import { OAuthService } from 'angular-oauth2-oidc';
+import { UserProfileService } from 'src/app/service/User/UserProfile.service';
 
 @Component({
   selector: 'num-dataportal-header',
@@ -23,8 +24,8 @@ export class HeaderComponent implements OnInit, AfterViewInit {
     private oauthService: OAuthService,
     private featureProviderService: FeatureProviderService,
     public featureService: FeatureService,
-    private actuatorInformationService: ActuatorInformationService,
-    private matDialog: MatDialog
+    private matDialog: MatDialog,
+    private userProfileService: UserProfileService
   ) {}
 
   ngOnInit(): void {
@@ -38,7 +39,7 @@ export class HeaderComponent implements OnInit, AfterViewInit {
   async initProfile(): Promise<void> {
     const isLoggedIn = this.oauthService.hasValidAccessToken();
     if (isLoggedIn) {
-      this.profile = (await this.oauthService.loadUserProfile()) as IUserProfile;
+      this.profile = this.userProfileService.getCurrentProfile();
     }
   }
   public logout() {

src/app/modules/dashboard/components/dashboard/dashboard.component.ts

@@ -7,6 +7,10 @@ import { OAuthService } from 'angular-oauth2-oidc';
 import { TranslateService } from '@ngx-translate/core';
 import { ErrorCodes, SnackbarService } from 'src/app/shared/service/Snackbar/Snackbar.service';
 
+/**
+ * @todo Needs to be refactored
+ * User directive possibly not needed
+ */
 @Component({
   selector: 'num-dashboard',
   templateUrl: './dashboard.component.html',
@@ -33,7 +37,7 @@ export class DashboardComponent implements OnInit {
     this.roles = this.featureService.getRoles('main');
     this.init();
     this.displayInfoMessage = this.featureService.showInfoPage();
-    this.proposalPortalLink = this.featureService.getproposalPortalLink();
+    this.proposalPortalLink = this.featureService.getProposalPortalLink();
 
     if (this.featureService.showUpdateInfo()) {
       this.snackbar.displayInfoMessage('UPDATE_NOTE');

src/app/service/User/UserProfile.service.ts

@@ -0,0 +1,114 @@
+import { Injectable } from '@angular/core';
+import { OAuthService } from 'angular-oauth2-oidc';
+import { BehaviorSubject, Observable, from, of } from 'rxjs';
+import { catchError, map, take, tap } from 'rxjs/operators';
+import { IUserProfile } from '../../shared/models/user/user-profile.interface';
+
+/**
+ * Provides centralized access to user profile loaded by OAuth service.
+ */
+@Injectable({
+  providedIn: 'root',
+})
+export class UserProfileService {
+  /**
+   * Current user profile data, null if not loaded or user not authenticated
+   */
+  private readonly profileSubject = new BehaviorSubject<IUserProfile | null>(null);
+
+  /**
+   * Flag to ensure initializeProfile is only executed once
+   */
+  private isInitialized = false;
+
+  constructor(private oauthService: OAuthService) {}
+
+  /**
+   * Initialize profile loading on service creation
+   * This method can only be executed once to prevent duplicate profile loading
+   */
+  public initializeProfile(): Observable<boolean> {
+    if (this.isInitialized) {
+      console.warn('UserProfileService.initializeProfile() already executed, skipping...');
+      return of(false);
+    }
+
+    this.isInitialized = true;
+
+    if (this.isUserAuthenticated()) {
+      return from(this.oauthService.loadUserProfile()).pipe(
+        take(1),
+        tap((profile: IUserProfile) => {
+          this.profileSubject.next(profile);
+        }),
+        map(() => true)
+      );
+    } else {
+      return of(false);
+    }
+  }
+
+  /**
+   * Checks if the user has valid OAuth tokens
+   */
+  private isUserAuthenticated(): boolean {
+    return this.oauthService.hasValidIdToken() && this.oauthService.hasValidAccessToken();
+  }
+
+  /**
+   * Observable stream of user profile data
+   */
+  public getProfile(): Observable<IUserProfile | null> {
+    return this.profileSubject.asObservable();
+  }
+
+  /**
+   * Current profile data (synchronous access)
+   */
+  public getCurrentProfile(): IUserProfile | null {
+    return this.profileSubject.value;
+  }
+
+  /**
+   * Clears the cached profile data
+   */
+  public clearProfile(): void {
+    this.profileSubject.next(null);
+  }
+
+  /**
+   * Checks if the current user has any of the specified roles
+   */
+  public hasRole(roles: string[]): boolean {
+    const profile = this.getCurrentProfile();
+    if (!profile?.info?.realm_access?.roles) {
+      return false;
+    }
+
+    const userRoles = profile.info.realm_access.roles;
+    return roles.some((role) => userRoles.includes(role));
+  }
+
+  /**
+   * Gets all user roles
+   */
+  public getUserRoles(): string[] {
+    const profile = this.getCurrentProfile();
+    return profile?.info?.realm_access?.roles || [];
+  }
+
+  /**
+   * Gets user display name
+   */
+  public getUserName(): string {
+    const profile = this.getCurrentProfile();
+    return profile?.info?.name || '';
+  }
+
+  /**
+   * Checks if user is currently authenticated and has profile loaded
+   */
+  public isAuthenticated(): boolean {
+    return this.getCurrentProfile() !== null;
+  }
+}

src/app/shared/directives/user-has-role.directive.ts

@@ -1,36 +1,37 @@
 import { Directive, Input, TemplateRef, ViewContainerRef } from '@angular/core';
 import { IUserProfile } from '../models/user/user-profile.interface';
 import { OAuthService } from 'angular-oauth2-oidc';
+import { UserProfileService } from 'src/app/service/User/UserProfile.service';
 
+/**
+ * @deprecated Verify
+ */
 @Directive({
   selector: '[numUserHasRole]',
 })
 export class UserHasRoleDirective {
   constructor(
     private templateRef: TemplateRef<any>,
     private viewContainer: ViewContainerRef,
-    private oauthService: OAuthService
+    private oauthService: OAuthService,
+    private userProfileService: UserProfileService
   ) {}
 
   @Input() set numUserHasRole(allowedRoles: string[]) {
-    let userRoles: string[];
+    const userRoles: string[] = this.userProfileService.getCurrentProfile().info.realm_access.roles;
 
-    this.oauthService.loadUserProfile().then((userinfo: IUserProfile) => {
-      userRoles = userinfo.info.realm_access.roles;
-
-      if (allowedRoles && allowedRoles.length) {
-        if (userRoles && userRoles.length) {
-          if (allowedRoles.some((role) => userRoles.indexOf(role) >= 0)) {
-            this.viewContainer.createEmbeddedView(this.templateRef);
-          } else {
-            this.viewContainer.clear();
-          }
+    if (allowedRoles && allowedRoles.length) {
+      if (userRoles && userRoles.length) {
+        if (allowedRoles.some((role) => userRoles.indexOf(role) >= 0)) {
+          this.viewContainer.createEmbeddedView(this.templateRef);
         } else {
           this.viewContainer.clear();
         }
       } else {
-        this.viewContainer.createEmbeddedView(this.templateRef);
+        this.viewContainer.clear();
       }
-    });
+    } else {
+      this.viewContainer.createEmbeddedView(this.templateRef);
+    }
   }
 }