From be9b9309825219b9b5bc2d6a842d97c0df0445ba Mon Sep 17 00:00:00 2001
From: "arnaud.morvan@camptocamp.com" <arnaud.morvan@camptocamp.com>
Date: Wed, 19 Sep 2018 18:16:23 +0200
Subject: [PATCH] Show login form when restricted layers in permalink

---
 contribs/gmf/apps/desktop/index.html.ejs      |  4 ++-
 .../gmf/src/authentication/component.html     |  5 +++
 contribs/gmf/src/authentication/component.js  | 11 +++++-
 .../src/controllers/AbstractAppController.js  | 35 +++++++++++++++++++
 contribs/gmf/src/permalink/Permalink.js       | 25 ++++++++++++-
 5 files changed, 77 insertions(+), 3 deletions(-)

diff --git a/contribs/gmf/apps/desktop/index.html.ejs b/contribs/gmf/apps/desktop/index.html.ejs
index 20c10b927bb8..3e0d1442a6d8 100644
--- a/contribs/gmf/apps/desktop/index.html.ejs
+++ b/contribs/gmf/apps/desktop/index.html.ejs
@@ -100,7 +100,9 @@
                 {{'Login' | translate}}
                 <a class="btn close" ng-click="mainCtrl.loginActive = false">&times;</a>
               </div>
-              <gmf-authentication></gmf-authentication>
+              <gmf-authentication
+                gmf-authentication-info-message="mainCtrl.loginInfoMessage"
+              ></gmf-authentication>
             </div>
           </div>
           <div ng-show="mainCtrl.printPanelActive" class="row">
diff --git a/contribs/gmf/src/authentication/component.html b/contribs/gmf/src/authentication/component.html
index a213b578630c..bd9314a841a8 100644
--- a/contribs/gmf/src/authentication/component.html
+++ b/contribs/gmf/src/authentication/component.html
@@ -107,6 +107,11 @@ <h4 class="modal-title">
 </div>
 
 <div ng-if="!$ctrl.gmfUser.username">
+
+  <div class="alert alert-warning" ng-show="$ctrl.infoMessage">
+    <span>{{ $ctrl.infoMessage }}</span>
+  </div>
+
   <form
       name="loginForm"
       role="form"
diff --git a/contribs/gmf/src/authentication/component.js b/contribs/gmf/src/authentication/component.js
index 3b74695a7dcc..f6c6865d1dfe 100644
--- a/contribs/gmf/src/authentication/component.js
+++ b/contribs/gmf/src/authentication/component.js
@@ -64,6 +64,7 @@ function gmfAuthenticationTemplateUrl($element, $attrs, gmfAuthenticationTemplat
  * Example:
  *
  *      <gmf-authentication
+ *        gmf-authentication-info-message="mainCtrl.loginInfoMessage"
  *        gmf-authentication-allow-password-change="::true">
  *      </gmf-authentication>
  *
@@ -80,6 +81,7 @@ function gmfAuthenticationTemplateUrl($element, $attrs, gmfAuthenticationTemplat
  *     should also allow the user to change its password. Don't add this option alone, use
  *     it in a dedicated authentication component, in a ngeo-modal, directly in
  *     your index.html (see example 2.)
+ * @htmlAttribute {string} gmf-authentication-info-message Message to show above the authentication form.
  *
  * Example 2:
  *
@@ -107,7 +109,8 @@ exports.component_ = {
     'allowPasswordReset': '<?gmfAuthenticationAllowPasswordReset',
     'allowPasswordChange': '<?gmfAuthenticationAllowPasswordChange',
     'passwordValidator': '<?gmfAuthenticationPasswordValidator',
-    'forcePasswordChange': '<?gmfAuthenticationForcePasswordChange'
+    'forcePasswordChange': '<?gmfAuthenticationForcePasswordChange',
+    'infoMessage': '=?gmfAuthenticationInfoMessage'
   },
   controller: 'GmfAuthenticationController',
   templateUrl: gmfAuthenticationTemplateUrl
@@ -190,6 +193,12 @@ exports.AuthenticationController_ = class {
      */
     this.forcePasswordChange;
 
+    /**
+     * @type {?string}
+     * @export
+     */
+    this.infoMessage = null;
+
     /**
      * @type {boolean}
      * @export
diff --git a/contribs/gmf/src/controllers/AbstractAppController.js b/contribs/gmf/src/controllers/AbstractAppController.js
index decf2265d50c..27234492b998 100644
--- a/contribs/gmf/src/controllers/AbstractAppController.js
+++ b/contribs/gmf/src/controllers/AbstractAppController.js
@@ -117,10 +117,45 @@ const exports = function(config, $scope, $injector) {
     });
   };
 
+  /**
+   * Url to redirect to after login success.
+   * @type {?string}
+   */
+  this.loginRedirectUrl = null;
+
+  /**
+   * Information message for the login form.
+   * @type {?string}
+   */
+  this.loginInfoMessage = null;
+
+  $scope.$on('authenticationrequired', (event, args) => {
+    /** @type {angularGettext.Catalog} */
+    const gettextCatalog = $injector.get('gettextCatalog');
+    this.loginInfoMessage = gettextCatalog.getString(
+      'Some layers in this link are not accessible to unauthenticated users. ' +
+      'Please log in to see whole data.');
+    this.loginRedirectUrl = args.url;
+    this.loginActive = true;
+    $scope.$applyAsync();
+
+    const unbind = $scope.$watch(() => this.loginActive, () => {
+      if (!this.loginActive) {
+        this.loginInfoMessage = null;
+        this.loginRedirectUrl = null;
+        unbind();
+      }
+    });
+  });
+
   /**
    * @param {gmfx.AuthenticationEvent} evt Event.
    */
   const userChange = (evt) => {
+    if (this.loginRedirectUrl) {
+      window.location = this.loginRedirectUrl;
+      return;
+    }
     const user = evt.detail.user;
     const roleId = (user.username !== null) ? user.role_id : undefined;
 
diff --git a/contribs/gmf/src/permalink/Permalink.js b/contribs/gmf/src/permalink/Permalink.js
index f5e6445fe6b3..5678e697e17a 100644
--- a/contribs/gmf/src/permalink/Permalink.js
+++ b/contribs/gmf/src/permalink/Permalink.js
@@ -62,12 +62,13 @@ import olLayerGroup from 'ol/layer/Group.js';
  * @param {ngeo.misc.EventHelper} ngeoEventHelper Ngeo event helper service
  * @param {ngeo.statemanager.Service} ngeoStateManager The ngeo statemanager service.
  * @param {ngeo.statemanager.Location} ngeoLocation ngeo location service.
+ * @param {gmfx.User} gmfUser User.
  * @ngInject
  * @ngdoc service
  * @ngname gmfPermalink
  */
 const exports = function($q, $timeout, $rootScope, $injector, ngeoDebounce, gettextCatalog,  ngeoEventHelper,
-  ngeoStateManager, ngeoLocation) {
+  ngeoStateManager, ngeoLocation, gmfUser) {
 
   /**
    * @type {!angular.$q}
@@ -216,6 +217,12 @@ const exports = function($q, $timeout, $rootScope, $injector, ngeoDebounce, gett
   this.gmfTreeManager_ = $injector.has('gmfTreeManager') ?
     $injector.get('gmfTreeManager') : null;
 
+  /**
+   * @type {gmfx.User}
+   * @private
+   */
+  this.user_ = gmfUser;
+
   // == other properties ==
 
   /**
@@ -467,6 +474,7 @@ const exports = function($q, $timeout, $rootScope, $injector, ngeoDebounce, gett
   this.initLayers_();
 };
 
+
 // === Map X, Y, Z ===
 
 /**
@@ -910,6 +918,9 @@ exports.prototype.defaultThemeNameFromFunctionalities = function() {
  * @private
  */
 exports.prototype.initLayers_ = function() {
+  const initialUri = window.location.href;
+  let authenticationRequired = false;
+
   if (!this.gmfThemes_) {
     return;
   }
@@ -939,6 +950,8 @@ exports.prototype.initLayers_ = function() {
         const group = gmfThemeThemes.findGroupByName(themes, groupName);
         if (group) {
           firstLevelGroups.push(group);
+        } else {
+          authenticationRequired = true;
         }
       });
     }
@@ -984,9 +997,15 @@ exports.prototype.initLayers_ = function() {
             treeCtrl.traverseDepthFirst((treeCtrl) => {
               if (treeCtrl.node.children === undefined) {
                 const enable = olArray.includes(groupLayersArray, treeCtrl.node.name);
+                if (enable) {
+                  groupLayersArray.splice(groupLayersArray.indexOf(treeCtrl.node.name), 1);
+                }
                 treeCtrl.setState(enable ? 'on' : 'off', false);
               }
             });
+            if (groupLayersArray.length > 0) {
+              authenticationRequired = true;
+            }
           }
         }
       });
@@ -999,6 +1018,10 @@ exports.prototype.initLayers_ = function() {
           }
         });
       });
+
+      if (authenticationRequired && this.user_.role_id === null) {
+        this.rootScope_.$broadcast('authenticationrequired', {url: initialUri});
+      }
     });
   });
 };