add permissions filter

src/lib/users/services/default-user.service.ts

@@ -7,4 +7,5 @@ export class DefaultUserService extends IqserUserService {
     protected readonly _defaultModelPath = 'user';
     protected readonly _entityClass = IqserUser;
     protected readonly _rolesFilter = () => true;
+    protected readonly _permissionsFilter = () => true;
 }

src/lib/users/services/iqser-user.service.ts

@@ -27,6 +27,7 @@ export abstract class IqserUserService<
 > extends EntitiesService<Interface, Class> {
     readonly currentUser$: Observable<Class | undefined>;
     protected abstract readonly _defaultModelPath: string;
+    protected abstract readonly _permissionsFilter: (role: string) => boolean;
     protected abstract readonly _rolesFilter: (role: string) => boolean;
     protected abstract readonly _entityClass: new (entityInterface: Interface | KeycloakProfile, ...args: unknown[]) => Class;
     protected readonly _currentUser$ = new BehaviorSubject<Class | undefined>(undefined);
@@ -84,8 +85,10 @@ export abstract class IqserUserService<
             return;
         }
 
-        const roles = this._keycloakService.getUserRoles(true).filter(role => this._rolesFilter(role));
-        this._permissionsService?.load(roles);
+        const all = this._keycloakService.getUserRoles(true);
+        const permissions = all.filter(role => this._permissionsFilter(role));
+        const roles = all.filter(role => this._rolesFilter(role));
+        this._permissionsService?.load(permissions);
         this._rolesService?.load(roles);
         const user = new this._entityClass(profile, roles, profile.id);
         this.replace(user);