From c744c738451af53ca665b97cc99534bede42a7d4 Mon Sep 17 00:00:00 2001
From: Dan Percic <dan@devplant.ro>
Date: Thu, 24 Nov 2022 17:17:25 +0200
Subject: [PATCH] add permissions filter

---
 src/lib/users/services/default-user.service.ts | 1 +
 src/lib/users/services/iqser-user.service.ts   | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/users/services/default-user.service.ts b/src/lib/users/services/default-user.service.ts
index fcce62f..91ddace 100644
--- a/src/lib/users/services/default-user.service.ts
+++ b/src/lib/users/services/default-user.service.ts
@@ -7,4 +7,5 @@ export class DefaultUserService extends IqserUserService {
     protected readonly _defaultModelPath = 'user';
     protected readonly _entityClass = IqserUser;
     protected readonly _rolesFilter = () => true;
+    protected readonly _permissionsFilter = () => true;
 }
diff --git a/src/lib/users/services/iqser-user.service.ts b/src/lib/users/services/iqser-user.service.ts
index 2eda00d..0e9571d 100644
--- a/src/lib/users/services/iqser-user.service.ts
+++ b/src/lib/users/services/iqser-user.service.ts
@@ -27,6 +27,7 @@ export abstract class IqserUserService<
 > extends EntitiesService<Interface, Class> {
     readonly currentUser$: Observable<Class | undefined>;
     protected abstract readonly _defaultModelPath: string;
+    protected abstract readonly _permissionsFilter: (role: string) => boolean;
     protected abstract readonly _rolesFilter: (role: string) => boolean;
     protected abstract readonly _entityClass: new (entityInterface: Interface | KeycloakProfile, ...args: unknown[]) => Class;
     protected readonly _currentUser$ = new BehaviorSubject<Class | undefined>(undefined);
@@ -84,8 +85,10 @@ export abstract class IqserUserService<
             return;
         }
 
-        const roles = this._keycloakService.getUserRoles(true).filter(role => this._rolesFilter(role));
-        this._permissionsService?.load(roles);
+        const all = this._keycloakService.getUserRoles(true);
+        const permissions = all.filter(role => this._permissionsFilter(role));
+        const roles = all.filter(role => this._rolesFilter(role));
+        this._permissionsService?.load(permissions);
         this._rolesService?.load(roles);
         const user = new this._entityClass(profile, roles, profile.id);
         this.replace(user);