-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathauth-role.html
287 lines (257 loc) · 8.02 KB
/
auth-role.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
<link rel="import" href="../polymer/polymer.html">
<link rel="import" href="auth-store.html">
<script>
'use strict';
/**
* Stamps the template if the authentication status matches.
*
* auth-role is a custom 'dom-if' implementation that checks authentication status
* and role membership (from the JWT token). Note any of the role membership checks
* imply `authenticated`
*
* Examples:
*
* User must be anonymous (unauthenticated):
*
* <template is="auth-role" anonymous>...</template>
*
* User must be authenticated:
*
* <template is="auth-role" authenticated>...</template>
*
* User must have 'admin' role:
*
* <template is="auth-role" role="admin">...</template>
*
* User must have 'admin' OR operator 'role':
*
* <template is="auth-role" any="['admin', 'operator']">...</template>
*
* User must have 'admin' AND 'operator' roles:
*
* <template is="auth-role" all="['admin', 'operator']">...</template>
*
* When `if` becomes falsey, the stamped content is hidden but not
* removed from dom. When `if` subsequently becomes truthy again, the content
* is simply re-shown. This approach is used due to its favorable performance
* characteristics: the expense of creating template content is paid only
* once and lazily.
*
* Set the `restamp` property to true to force the stamped content to be
* created / destroyed when the `if` condition changes.
*
* @demo demo/index.html
*/
Polymer({
is: 'auth-role',
extends: 'template',
_template: null,
/**
* Fired whenever DOM is added or removed/hidden by this template (by
* default, rendering occurs lazily). To force immediate rendering, call
* `render`.
*
* @event dom-change
*/
properties: {
/**
* When true, this template will stamp if the user is un-authenticated (i.e. anonymous)
*/
anonymous: {
type: Boolean,
value: false
},
/**
* When true, this template will stamp if the use is authenticated (i.e. signed-in)
* but without requiring any specific roles
*/
authenticated: {
type: Boolean,
value: false
},
/**
* A single role that a user needs to have for this template to be stamped.
* Implies authenticated.
*/
role: {
type: String,
value: ''
},
/**
* List of any roles that the user needs to have for this template to be stamped.
* Implies authentication.
*/
any: {
type: Array,
value: function() {
return [];
}
},
/**
* List of all roles that the user needs to have for this template to be stamped.
* Implies authentication.
*/
all: {
type: Array,
value: function() {
return [];
}
},
'if': {
type: Boolean,
computed: '_computeIf(data, anonymous, authenticated, role, any, all)',
observer: '_queueRender'
},
/**
* When true, elements will be removed from DOM and discarded when `if`
* becomes false and re-created and added back to the DOM when `if`
* becomes true. By default, stamped elements will be hidden but left
* in the DOM when `if` becomes false, which is generally results
* in better performance.
*/
restamp: {
type: Boolean,
value: false,
observer: '_queueRender'
}
},
behaviors: [
Polymer.Templatizer,
Polymer.AuthTokenReadBehavior
],
_computeIf: function(data, anonymous, authenticated, role, any, all) {
if (anonymous && !data) return true;
if (!data) return false;
if (authenticated) return true;
if (role.length > 0) {
return (data.roles.indexOf(role) !== -1);
}
if (any.length > 0) {
for (var i = 0; i < any.length; i++) {
for (var j = 0; j < data.roles.length; j++) {
if (any[i] === data.roles[j]) return true;
}
}
return false;
}
if (all.length > 0) {
for (var i = 0; i < all.length; i++) {
var ok = false;
for (var j = 0; j < data.roles.length; j++) {
if (all[i] === data.roles[j]) {
ok = true;
break;
}
}
if (!ok) return false
}
return true;
}
return false;
},
_queueRender: function() {
this._debounceTemplate(this._render);
},
detached: function() {
if (!this.parentNode ||
(this.parentNode.nodeType == Node.DOCUMENT_FRAGMENT_NODE &&
(!Polymer.Settings.hasShadow ||
!(this.parentNode instanceof ShadowRoot)))) {
this._teardownInstance();
}
},
attached: function() {
if (this.if && this.ctor) {
// NOTE: ideally should not be async, but node can be attached
// when shady dom is in the act of distributing/composing so push it out
this.async(this._ensureInstance);
}
},
/**
* Forces the element to render its content. Normally rendering is
* asynchronous to a provoking change. This is done for efficiency so
* that multiple changes trigger only a single render. The render method
* should be called if, for example, template rendering is required to
* validate application state.
*/
render: function() {
this._flushTemplates();
},
_render: function() {
if (this.if) {
if (!this.ctor) {
this.templatize(this);
}
this._ensureInstance();
this._showHideChildren();
} else if (this.restamp) {
this._teardownInstance();
}
if (!this.restamp && this._instance) {
this._showHideChildren();
}
if (this.if != this._lastIf) {
this.fire('dom-change');
this._lastIf = this.if;
}
},
_ensureInstance: function() {
var parentNode = Polymer.dom(this).parentNode;
// Guard against element being detached while render was queued
if (parentNode) {
var parent = Polymer.dom(parentNode);
if (!this._instance) {
this._instance = this.stamp();
var root = this._instance.root;
parent.insertBefore(root, this);
} else {
var c$ = this._instance._children;
if (c$ && c$.length) {
// Detect case where dom-if was re-attached in new position
var lastChild = Polymer.dom(this).previousSibling;
if (lastChild !== c$[c$.length-1]) {
for (var i=0, n; (i<c$.length) && (n=c$[i]); i++) {
parent.insertBefore(n, this);
}
}
}
}
}
},
_teardownInstance: function() {
if (this._instance) {
var c$ = this._instance._children;
if (c$ && c$.length) {
// use first child parent, for case when dom-if may have been detached
var parent = Polymer.dom(Polymer.dom(c$[0]).parentNode);
for (var i=0, n; (i<c$.length) && (n=c$[i]); i++) {
parent.removeChild(n);
}
}
this._instance = null;
}
},
_showHideChildren: function() {
var hidden = this.__hideTemplateChildren__ || !this.if;
if (this._instance) {
this._instance._showHideChildren(hidden);
}
},
// Implements extension point from Templatizer mixin
// Called as side-effect of a host property change, responsible for
// notifying parent.<prop> path change on instance
_forwardParentProp: function(prop, value) {
if (this._instance) {
this._instance.__setProperty(prop, value, true);
}
},
// Implements extension point from Templatizer
// Called as side-effect of a host path change, responsible for
// notifying parent.<path> path change on each row
_forwardParentPath: function(path, value) {
if (this._instance) {
this._instance._notifyPath(path, value, true);
}
}
});
</script>