npm - @bravobit/bb-foundation - Versions diffs - 0.21.4 → 0.22.0 - Mend

@bravobit/bb-foundation 0.21.4 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

package/fesm2020/bravobit-bb-foundation-auth.mjs CHANGED Viewed

@@ -1,15 +1,16 @@
-import * as i4 from '@angular/common/http';
+import * as i3 from '@angular/common/http';
 import { HttpContextToken, HttpContext, HttpErrorResponse, HTTP_INTERCEPTORS, HttpClientModule } from '@angular/common/http';
 import * as i0 from '@angular/core';
 import { Injectable, Optional, Directive, Input, APP_INITIALIZER, NgModule } from '@angular/core';
-import { shareReplay, map, tap, distinctUntilChanged, switchMap, catchError, filter, take, finalize } from 'rxjs/operators';
-import * as i6 from '@angular/platform-browser';
+import { shareReplay, tap, map, distinctUntilChanged, switchMap, catchError, filter, take, finalize } from 'rxjs/operators';
+import { firstValueFrom, BehaviorSubject, of, Subscription, combineLatest, first, throwError } from 'rxjs';
+import * as i5 from '@angular/platform-browser';
 import { makeStateKey } from '@angular/platform-browser';
-import { firstValueFrom, BehaviorSubject, of, throwError } from 'rxjs';
+import * as i2$1 from '@angular/router';
 import { Router } from '@angular/router';
 import * as i1 from '@bravobit/bb-foundation/storage';
-import * as i3 from '@bravobit/bb-foundation';
-import * as i7 from '@bravobit/bb-foundation/http';
+import * as i2 from '@angular/cdk/platform';
+import * as i6 from '@bravobit/bb-foundation/http';
 import { HttpError } from '@bravobit/bb-foundation/http';
 class AuthConfig {
@@ -30,12 +31,12 @@ class JwtHelper {
         };
         this.parse = (data) => {
             return {
-                id: data['iss'] || null,
-                type: data['typ'] || null,
-                audience: data['aud'] || null,
-                issuer: data['iss'] || null,
-                subject: data['sub'] || null,
-                role: data['role'] || null,
+                id: data['iss'] ?? null,
+                type: data['typ'] ?? null,
+                audience: data['aud'] ?? null,
+                issuer: data['iss'] ?? null,
+                subject: data['sub'] ?? null,
+                role: data['role'] ?? null,
                 notValidBefore: this.parseDate(data['nbf']),
                 expiresAt: this.parseDate(data['exp']),
                 issuedAt: this.parseDate(data['iat'])
@@ -86,38 +87,45 @@ class JwtHelper {
     }
 }
-class AuthMapper {
-    constructor() {
-        // Routes.
-        this.me = 'auth/me';
-        this.register = 'auth/register';
-        this.resendCode = 'auth/resend';
-        this.logout = 'auth/logout';
-        this.refresh = 'auth/refresh';
-        this.requestPassword = 'auth/reset';
-        this.resetPassword = 'auth/reset-password';
-    }
-    role(data) {
-        return (data && data.role) || null;
-    }
-    toRegister(data) {
-        // Retrieve the params.
-        const { token, refresh_token, user } = data;
-        // Map the data to the correct format.
-        return { accessToken: token, refreshToken: refresh_token, user: user };
-    }
-    toRefresh(data) {
-        // Retrieve the params.
-        const { token, refresh_token } = data;
-        // Map the data to the correct format.
-        return { accessToken: token, refreshToken: refresh_token };
+class AbstractAuthDirective {
+    constructor(templateRef, viewContainerRef) {
+        this.templateRef = templateRef;
+        this.viewContainerRef = viewContainerRef;
+        // Data.
+        this.valid = false;
+        // Templates.
+        this.elseTemplateRef = null;
+        // View refs.
+        this.thenViewRef = null;
+        this.elseViewRef = null;
+    }
+    updateView() {
+        if (this.valid) {
+            if (!this.thenViewRef) {
+                this.viewContainerRef.clear();
+                this.elseViewRef = null;
+                if (this.templateRef) {
+                    this.thenViewRef = this.viewContainerRef.createEmbeddedView(this.templateRef);
+                }
+            }
+        }
+        else {
+            if (!this.elseViewRef) {
+                this.viewContainerRef.clear();
+                this.thenViewRef = null;
+                if (this.elseTemplateRef) {
+                    this.elseViewRef = this.viewContainerRef.createEmbeddedView(this.elseTemplateRef);
+                }
+            }
+        }
+    }
+    assertTemplate(property, templateRef) {
+        const isTemplateRefOrNull = !!(!templateRef || templateRef.createEmbeddedView);
+        if (!isTemplateRefOrNull) {
+            throw new Error(`${property} must be a TemplateRef.`);
+        }
     }
 }
-AuthMapper.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthMapper, deps: [], target: i0.ɵɵFactoryTarget.Injectable });
-AuthMapper.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthMapper });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthMapper, decorators: [{
-            type: Injectable
-        }] });
 class AuthVerifyProvider {
     constructor(_code, _verifyToken, _endpoint) {
@@ -127,13 +135,16 @@ class AuthVerifyProvider {
     }
     async authenticate(httpClient) {
         // Execute API call.
-        const data$ = await httpClient.post(this._endpoint, {
+        const data$ = httpClient.post(this._endpoint, {
             token: this._code,
             verify_token: this._verifyToken
         });
-        const { token, refresh_token, user } = await firstValueFrom(data$);
-        // Map the data to the correct format.
-        return { accessToken: token, refreshToken: refresh_token, user: user };
+        const data = await firstValueFrom(data$);
+        return {
+            accessToken: data?.token,
+            refreshToken: data?.refresh_token,
+            user: data?.user
+        };
     }
 }
@@ -145,18 +156,17 @@ class AuthEmailProvider {
     }
     async authenticate(httpClient) {
         // Execute API call.
-        const data$ = await httpClient.post(this._endpoint, {
+        const data$ = httpClient.post(this._endpoint, {
             email: this._email,
             password: this._password
         });
-        const { token, refresh_token, user, provider, verify_token } = await firstValueFrom(data$);
-        // Map the data to the correct format.
+        const data = await firstValueFrom(data$);
         return {
-            accessToken: token,
-            refreshToken: refresh_token,
-            user: user,
-            provider: provider,
-            verifyToken: verify_token
+            accessToken: data?.token,
+            refreshToken: data?.refresh_token,
+            user: data?.user,
+            provider: data?.provider,
+            verifyToken: data?.verify_token
         };
     }
 }
@@ -290,9 +300,8 @@ class AuthSession {
 }
 class Auth {
-    constructor(_storage, _mapper, _injector, _platform, _httpClient, _config, _state, _httpConfig) {
+    constructor(_storage, _injector, _platform, _httpClient, _config, _state, _httpConfig) {
         this._storage = _storage;
-        this._mapper = _mapper;
         this._injector = _injector;
         this._platform = _platform;
         this._httpClient = _httpClient;
@@ -350,14 +359,15 @@ class Auth {
     async signIn(provider, as) {
         const { accessToken, refreshToken, user, ...result } = await provider.authenticate(this._httpClient);
         // Check if the role matches.
-        if (as && !as.includes(this._mapper.role(user))) {
+        const role = this._config?.permissions?.getRole?.(user) ?? user?.role ?? null;
+        if (as && !as.includes(role)) {
             throw new Error('Invalid role.');
         }
         // Validate if the provider is one of the available
         // providers then return the user object and the provider.
         const apiProvider = result?.provider ?? null;
         const apiVerifyToken = result?.verifyToken ?? null;
-        const availableProviders = ['email', 'sms', 'totp'];
+        const availableProviders = this._config?.providers ?? ['email', 'sms', 'totp'];
         if (availableProviders.includes(apiProvider)) {
             return { user, provider: apiProvider, verifyToken: apiVerifyToken };
         }
@@ -388,11 +398,10 @@ class Auth {
         const url = this.getUrl('auth/register');
         const result$ = this._httpClient.post(url, data, options);
         const result = await firstValueFrom(result$);
-        // Map to the correct response.
-        const { accessToken, refreshToken, user } = this._mapper.toRegister(result);
         // Set the tokens in storage.
-        this.setTokens(accessToken, refreshToken);
+        this.setTokens(result?.token, result?.refresh_token);
         // Set the user in storage.
+        const user = result?.user;
         this.session.setUser(user);
         // Return the user.
         return user;
@@ -409,10 +418,11 @@ class Auth {
         // invalidate it in the backend.
         try {
             const url = this.getUrl('auth/logout');
+            const headerName = this._config?.http?.header ?? 'Authorization';
             const observable$ = this._httpClient.get(url, {
-                headers: { Authorization: refreshToken }
+                headers: { [headerName]: refreshToken }
             });
-            firstValueFrom(observable$).then(_ => _);
+            firstValueFrom(observable$).then(_ => _).catch(_ => _);
         }
         catch {
             // Do nothing because the tokens will be deleted anyways from the session.
@@ -428,14 +438,14 @@ class Auth {
             return of(null);
         }
         // Perform the refresh call.
-        const scheme = this._config?.scheme ?? 'Bearer';
+        const headerName = this._config?.http?.header ?? 'Authorization';
+        const scheme = this._config?.http?.scheme ?? 'Bearer';
         const url = this.getUrl('auth/refresh');
-        const context = new HttpContext()
-            .set(USE_AUTHORIZATION, false);
+        const context = new HttpContext().set(USE_AUTHORIZATION, false);
         return this._httpClient.get(url, {
-            headers: { Authorization: `${scheme} ${refreshToken}` },
+            headers: { [headerName]: `${scheme} ${refreshToken}` },
             context: context
-        }).pipe(map(data => this._mapper.toRefresh(data)), tap(({ accessToken, refreshToken }) => this.setTokens(accessToken, refreshToken)), map(({ accessToken }) => accessToken));
+        }).pipe(tap(({ token, refresh_token }) => this.setTokens(token, refresh_token)), map(({ token }) => token));
     }
     async requestPassword(email, extraParams = {}) {
         const url = this.getUrl('auth/reset');
@@ -447,40 +457,15 @@ class Auth {
         const observable$ = this._httpClient.post(url, { ...extraParams, token, password: newPassword });
         return firstValueFrom(observable$);
     }
-    guard(type, redirectUrl) {
-        let newUrl = null;
-        // Get the correct new url.
-        switch (type) {
-            case 'authenticated':
-                newUrl = this._config?.loggedInUrl ?? null;
-                break;
-            case 'unauthenticated':
-                newUrl = this._config?.redirectUrl ?? null;
-                break;
-        }
-        // Append a redirect url if the user is deemed
-        // unauthenticated.
-        if (type === 'unauthenticated') {
-            const setRedirectOnFailedAuth = this._config?.setRedirectOnFailedAuth ?? true;
-            if (setRedirectOnFailedAuth && redirectUrl && newUrl) {
-                newUrl += `?redirectUrl=${redirectUrl}`;
-            }
-        }
-        // Parse the url if it exists.
-        if (this.router && newUrl) {
-            return this.router.parseUrl(newUrl);
-        }
-        // Return false if the user is not allowed.
-        return false;
-    }
     clearAndRedirect() {
         // 1. Delete the tokens from the session.
         this.session.clear();
         // 2. Compose the route url.
-        const redirectUrl = this._config?.redirectUrl ?? null;
+        const redirectUrl = this._config?.redirects.unauthenticated ?? null;
         // 3. Route back if the user provided a redirect url.
         if (this.router && redirectUrl) {
-            this.router.navigate([redirectUrl]).then(_ => _);
+            const commands = Array.isArray(redirectUrl) ? redirectUrl : [redirectUrl];
+            this.router.navigate(commands).then(_ => _);
         }
     }
     setTokens(accessToken, refreshToken) {
@@ -540,75 +525,51 @@ class Auth {
             .join('/');
     }
 }
-Auth.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Auth, deps: [{ token: i1.Storage }, { token: AuthMapper }, { token: i0.Injector }, { token: i3.Platform }, { token: i4.HttpClient }, { token: AuthConfig, optional: true }, { token: i6.TransferState, optional: true }, { token: i7.HttpConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
-Auth.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Auth });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Auth, decorators: [{
+Auth.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: Auth, deps: [{ token: i1.Storage }, { token: i0.Injector }, { token: i2.Platform }, { token: i3.HttpClient }, { token: AuthConfig, optional: true }, { token: i5.TransferState, optional: true }, { token: i6.HttpConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+Auth.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: Auth });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: Auth, decorators: [{
             type: Injectable
-        }], ctorParameters: function () { return [{ type: i1.Storage }, { type: AuthMapper }, { type: i0.Injector }, { type: i3.Platform }, { type: i4.HttpClient }, { type: AuthConfig, decorators: [{
+        }], ctorParameters: function () { return [{ type: i1.Storage }, { type: i0.Injector }, { type: i2.Platform }, { type: i3.HttpClient }, { type: AuthConfig, decorators: [{
                     type: Optional
-                }] }, { type: i6.TransferState, decorators: [{
+                }] }, { type: i5.TransferState, decorators: [{
                     type: Optional
-                }] }, { type: i7.HttpConfig, decorators: [{
+                }] }, { type: i6.HttpConfig, decorators: [{
                     type: Optional
                 }] }]; } });
-class BbAuthenticated {
-    constructor(_auth, _template, _viewContainerRef) {
+class BbAuthenticated extends AbstractAuthDirective {
+    constructor(_auth, _templateRef, _viewContainerRef) {
+        super(_templateRef, _viewContainerRef);
         this._auth = _auth;
-        this._template = _template;
+        this._templateRef = _templateRef;
         this._viewContainerRef = _viewContainerRef;
+        // Subscriptions.
+        this._subscription = new Subscription();
     }
-    ngOnInit() {
-        this._subscription = this._auth.user.pipe(map(user => !!user), distinctUntilChanged()).subscribe(isAuthenticated => {
-            if (!isAuthenticated) {
-                return this._viewContainerRef.clear();
-            }
-            this._viewContainerRef.createEmbeddedView(this._template);
-        });
-    }
-    ngOnDestroy() {
-        this._subscription?.unsubscribe();
-    }
-}
-BbAuthenticated.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticated, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
-BbAuthenticated.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.4", type: BbAuthenticated, selector: "[bbAuthenticated]", ngImport: i0 });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticated, decorators: [{
-            type: Directive,
-            args: [{
-                    selector: '[bbAuthenticated]'
-                }]
-        }], ctorParameters: function () { return [{ type: Auth }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; } });
-class BbRole {
-    constructor(_auth, _template, _viewContainerRef) {
-        this._auth = _auth;
-        this._template = _template;
-        this._viewContainerRef = _viewContainerRef;
-        this.getAllowedRoles = (value) => {
-            return Array.isArray(value) ? value : [value];
-        };
+    set bbAuthenticatedElse(templateRef) {
+        this.assertTemplate('bbAuthenticatedElse', templateRef);
+        this.elseTemplateRef = templateRef;
+        this.updateView();
     }
     ngOnInit() {
-        this._subscription = this._auth.user.pipe(map(user => user?.role ?? null), distinctUntilChanged()).subscribe(role => {
-            const allowedRoles = this.getAllowedRoles(this.bbRole);
-            if (!allowedRoles.includes(role)) {
-                return this._viewContainerRef.clear();
-            }
-            this._viewContainerRef.createEmbeddedView(this._template);
+        const subscription = this._auth.user.pipe(map(user => !!user), distinctUntilChanged()).subscribe(valid => {
+            this.valid = valid;
+            this.updateView();
         });
+        this._subscription.add(subscription);
     }
     ngOnDestroy() {
         this._subscription?.unsubscribe();
     }
 }
-BbRole.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbRole, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
-BbRole.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.4", type: BbRole, selector: "[bbRole]", inputs: { bbRole: "bbRole" }, ngImport: i0 });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbRole, decorators: [{
+BbAuthenticated.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAuthenticated, deps: [{ token: Auth }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
+BbAuthenticated.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.1.1", type: BbAuthenticated, selector: "[bbAuthenticated]", inputs: { bbAuthenticatedElse: "bbAuthenticatedElse" }, usesInheritance: true, ngImport: i0 });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAuthenticated, decorators: [{
             type: Directive,
             args: [{
-                    selector: '[bbRole]'
+                    selector: '[bbAuthenticated]'
                 }]
-        }], ctorParameters: function () { return [{ type: Auth }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; }, propDecorators: { bbRole: [{
+        }], ctorParameters: function () { return [{ type: Auth }, { type: i0.TemplateRef }, { type: i0.ViewContainerRef }]; }, propDecorators: { bbAuthenticatedElse: [{
                 type: Input
             }] } });
@@ -617,117 +578,99 @@ class Permissions {
         this._auth = _auth;
         this._config = _config;
         // Data.
-        this._permissions = this._config?.permissions ?? {};
-        this._role$ = this._auth.user.pipe(map(user => user?.role ?? null), distinctUntilChanged());
+        this._permissionHandler = this._config?.permissions ?? null;
     }
-    has(value) {
-        const requiredPermissions = Array.isArray(value)
-            ? value
-            : [value];
-        return this._role$.pipe(map(role => {
-            if (role === null || role === undefined) {
+    has(value, options) {
+        const requiredPermissions = this.getRequiredPermissions(value);
+        if (requiredPermissions?.length <= 0) {
+            return of(false);
+        }
+        return this._auth.user.pipe(map(user => {
+            if (user === null || user === undefined || !this._permissionHandler) {
                 return false;
             }
-            for (const requiredPermission of requiredPermissions) {
-                const result = this.validatePermission(requiredPermission, role);
-                if (!result) {
-                    return false;
-                }
+            const mode = options?.mode ?? 'and';
+            switch (mode) {
+                case 'or':
+                    return this.verifyModeOr(requiredPermissions, user);
+                case 'and':
+                default:
+                    return this.verifyModeAnd(requiredPermissions, user);
             }
-            return true;
-        }));
+        }), distinctUntilChanged());
     }
-    validatePermission(type, role) {
-        const permission = this._permissions?.[type] ?? null;
-        if (!permission) {
-            console?.warn?.(`Permissions: Invalid permission requested "${type}".`);
-            return false;
-        }
-        if (permission?.length <= 0) {
-            console?.warn?.(`Permissions: No roles were set, please add some roles to this permission.`);
-            return false;
+    verifyModeAnd(permissions, user) {
+        for (const permission of permissions) {
+            const verified = this._permissionHandler.verifyForUser(permission, user);
+            if (!verified) {
+                return false;
+            }
         }
-        // If the permission includes a "*" we allow everyone.
-        if (permission.includes('*')) {
-            return true;
+        return true;
+    }
+    verifyModeOr(permissions, user) {
+        for (const permission of permissions) {
+            const verified = this._permissionHandler.verifyForUser(permission, user);
+            if (verified) {
+                return true;
+            }
         }
-        // Validate the role against the permissions.
-        return permission?.includes(role) ?? false;
+        return false;
+    }
+    getRequiredPermissions(value) {
+        return Array.isArray(value)
+            ? value
+            : [value];
     }
 }
-Permissions.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Permissions, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
-Permissions.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Permissions });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: Permissions, decorators: [{
+Permissions.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: Permissions, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+Permissions.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: Permissions });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: Permissions, decorators: [{
             type: Injectable
         }], ctorParameters: function () { return [{ type: Auth }, { type: AuthConfig, decorators: [{
                     type: Optional
                 }] }]; } });
-class BbPermission {
+class BbPermission extends AbstractAuthDirective {
     constructor(_permissions, _templateRef, _viewContainerRef) {
+        super(_templateRef, _viewContainerRef);
         this._permissions = _permissions;
         this._templateRef = _templateRef;
         this._viewContainerRef = _viewContainerRef;
         // Data.
         this._permission$ = new BehaviorSubject([]);
-        this._valid = false;
-        this._elseTemplateRef = null;
-        this._thenViewRef = null;
-        this._elseViewRef = null;
-        this.getAllowedPermissions = (value) => {
-            return Array.isArray(value) ? value : [value];
-        };
-        this.assertTemplate = (property, templateRef) => {
-            const isTemplateRefOrNull = !!(!templateRef || templateRef.createEmbeddedView);
-            if (!isTemplateRefOrNull) {
-                throw new Error(`${property} must be a TemplateRef.`);
-            }
-        };
+        this._mode$ = new BehaviorSubject('and');
+        // Subscriptions.
+        this._subscription = new Subscription();
     }
     set bbPermission(value) {
-        const permissions = this.getAllowedPermissions(value);
+        const permissions = Array.isArray(value) ? value : [value];
         this._permission$.next(permissions);
         this.updateView();
     }
     set bbPermissionElse(templateRef) {
         this.assertTemplate('bbPermissionElse', templateRef);
-        this._elseTemplateRef = templateRef;
+        this.elseTemplateRef = templateRef;
         this.updateView();
     }
+    set bbPermissionMode(mode) {
+        this._mode$.next(mode);
+    }
     ngOnInit() {
-        const check$ = this._permission$.pipe(switchMap(permissions => this._permissions.has(permissions)));
-        this._subscription = check$.subscribe(valid => {
-            this._valid = valid;
+        const check$ = combineLatest([this._permission$, this._mode$]).pipe(switchMap(([permissions, mode]) => this._permissions.has(permissions, { mode })), distinctUntilChanged());
+        const subscription = check$.subscribe(valid => {
+            this.valid = valid;
             this.updateView();
         });
+        this._subscription.add(subscription);
     }
     ngOnDestroy() {
         this._subscription?.unsubscribe();
     }
-    updateView() {
-        if (this._valid) {
-            if (!this._thenViewRef) {
-                this._viewContainerRef.clear();
-                this._elseViewRef = null;
-                if (this._templateRef) {
-                    this._thenViewRef = this._viewContainerRef.createEmbeddedView(this._templateRef);
-                }
-            }
-        }
-        else {
-            if (!this._elseViewRef) {
-                this._viewContainerRef.clear();
-                this._thenViewRef = null;
-                if (this._elseTemplateRef) {
-                    this._elseViewRef = this._viewContainerRef.createEmbeddedView(this._elseTemplateRef);
-                }
-            }
-        }
-    }
 }
-BbPermission.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbPermission, deps: [{ token: Permissions }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
-BbPermission.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.0.4", type: BbPermission, selector: "[bbPermission]", inputs: { bbPermission: "bbPermission", bbPermissionElse: "bbPermissionElse" }, ngImport: i0 });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbPermission, decorators: [{
+BbPermission.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbPermission, deps: [{ token: Permissions }, { token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive });
+BbPermission.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "14.1.1", type: BbPermission, selector: "[bbPermission]", inputs: { bbPermission: "bbPermission", bbPermissionElse: "bbPermissionElse", bbPermissionMode: "bbPermissionMode" }, usesInheritance: true, ngImport: i0 });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbPermission, decorators: [{
             type: Directive,
             args: [{
                     selector: '[bbPermission]'
@@ -736,80 +679,178 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImpor
                 type: Input
             }], bbPermissionElse: [{
                 type: Input
+            }], bbPermissionMode: [{
+                type: Input
             }] } });
+class AppPermissions {
+    constructor(_data) {
+        this._data = _data;
+    }
+    verify(permission, role) {
+        if ((typeof ngDevMode === 'undefined' || ngDevMode) && !this._data?.[role]) {
+            console?.warn?.(`Current permissions do not include role: "${role}".`);
+        }
+        const availablePermissions = this._data?.[role] ?? [];
+        return availablePermissions.includes(permission);
+    }
+    verifyForUser(permission, data) {
+        const role = this.getRole(data);
+        return this.verify(permission, role);
+    }
+    getRole(data) {
+        return data?.['role'] ?? null;
+    }
+    static forRoles(data) {
+        const permissions = Object.keys(data) ?? [];
+        const roles = permissions.reduce((previous, current) => ([
+            ...previous,
+            ...(data?.[current] ?? [])
+        ]), []);
+        const uniqueRoles = [...new Set(roles)];
+        const formattedData = uniqueRoles.reduce((previous, current) => {
+            const rolePermissions = permissions.filter(permission => data?.[permission]?.includes(current));
+            return { ...previous, [current]: rolePermissions };
+        }, {});
+        return new AppPermissions(formattedData);
+    }
+}
 class BbAnonymousGuard {
-    constructor(_auth) {
+    constructor(_auth, _router, _config) {
         this._auth = _auth;
+        this._router = _router;
+        this._config = _config;
     }
-    async canActivate(_, state) {
-        // Check if the user is authenticated.
-        const isAuthenticated$ = await this._auth.user.pipe(map(user => !!user));
-        // If the user is not authenticated it can
-        // access the anonymous page.
-        const isAuthenticated = await firstValueFrom(isAuthenticated$, { defaultValue: null });
-        if (!isAuthenticated) {
-            return true;
-        }
-        // Return the user back to the authenticated page.
-        return this._auth.guard('authenticated', state.url);
+    canActivate(_, __) {
+        return this._auth.user.pipe(map(user => !!user), map(isAuthenticated => {
+            if (!isAuthenticated) {
+                return true;
+            }
+            // If we don't have a URL to go to we can just say
+            // the user is not allowed in this route by returning false.
+            const nextUrl = this._config?.redirects?.authenticated ?? null;
+            if (!nextUrl) {
+                return false;
+            }
+            const commands = Array.isArray(nextUrl) ? nextUrl : [nextUrl];
+            return this._router.createUrlTree(commands);
+        }), first());
     }
     canActivateChild(childRoute, state) {
         return this.canActivate(childRoute, state);
     }
 }
-BbAnonymousGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAnonymousGuard, deps: [{ token: Auth }], target: i0.ɵɵFactoryTarget.Injectable });
-BbAnonymousGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAnonymousGuard, providedIn: 'root' });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAnonymousGuard, decorators: [{
+BbAnonymousGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAnonymousGuard, deps: [{ token: Auth }, { token: i2$1.Router }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+BbAnonymousGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAnonymousGuard, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAnonymousGuard, decorators: [{
             type: Injectable,
             args: [{
                     providedIn: 'root'
                 }]
-        }], ctorParameters: function () { return [{ type: Auth }]; } });
+        }], ctorParameters: function () { return [{ type: Auth }, { type: i2$1.Router }, { type: AuthConfig, decorators: [{
+                    type: Optional
+                }] }]; } });
 class BbAuthenticatedGuard {
-    constructor(_auth) {
+    constructor(_auth, _router, _config) {
         this._auth = _auth;
+        this._router = _router;
+        this._config = _config;
     }
-    async canActivate(_, state) {
-        // Check if the user is authenticated.
-        const isAuthenticated$ = await this._auth.user.pipe(map(user => !!user));
-        // If the user is authenticated it can
-        // access the authenticated page.
-        const isAuthenticated = await firstValueFrom(isAuthenticated$, { defaultValue: null });
-        if (isAuthenticated) {
-            return true;
-        }
-        // The user is not authorized to see that
-        // page so un-authorize him.
-        return this._auth.guard('unauthenticated', state.url);
+    canActivate(_, state) {
+        return this._auth.user.pipe(map(user => !!user), map(isAuthenticated => {
+            if (isAuthenticated) {
+                return true;
+            }
+            // If we don't have a URL to go to we can just say
+            // the user is not allowed in this route by returning false.
+            const nextUrl = this._config?.redirects?.unauthenticated ?? null;
+            if (!nextUrl) {
+                return false;
+            }
+            const setRedirectOnFailedAuth = this._config?.setRedirectOnFailedAuth ?? true;
+            const redirectUrl = state?.url ?? null;
+            const queryParams = setRedirectOnFailedAuth && redirectUrl ? { redirectUrl } : {};
+            const commands = Array.isArray(nextUrl) ? nextUrl : [nextUrl];
+            return this._router.createUrlTree(commands, { queryParams });
+        }), first());
     }
     canActivateChild(childRoute, state) {
         return this.canActivate(childRoute, state);
     }
 }
-BbAuthenticatedGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticatedGuard, deps: [{ token: Auth }], target: i0.ɵɵFactoryTarget.Injectable });
-BbAuthenticatedGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticatedGuard, providedIn: 'root' });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: BbAuthenticatedGuard, decorators: [{
+BbAuthenticatedGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAuthenticatedGuard, deps: [{ token: Auth }, { token: i2$1.Router }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+BbAuthenticatedGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAuthenticatedGuard, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbAuthenticatedGuard, decorators: [{
             type: Injectable,
             args: [{
                     providedIn: 'root'
                 }]
-        }], ctorParameters: function () { return [{ type: Auth }]; } });
+        }], ctorParameters: function () { return [{ type: Auth }, { type: i2$1.Router }, { type: AuthConfig, decorators: [{
+                    type: Optional
+                }] }]; } });
+class BbPermissionGuard {
+    constructor(_router, _permissions, _config) {
+        this._router = _router;
+        this._permissions = _permissions;
+        this._config = _config;
+    }
+    canActivate(snapshot, _) {
+        const permission = snapshot?.data?.['permission'] ?? null;
+        const permission$ = this.parsePermission(permission);
+        return permission$.pipe(map(valid => {
+            if (valid) {
+                return true;
+            }
+            const nextUrl = this._config?.redirects?.permissionDenied ?? null;
+            if (!nextUrl) {
+                return false;
+            }
+            const commands = Array.isArray(nextUrl) ? nextUrl : [nextUrl];
+            return valid ? true : this._router.createUrlTree(commands);
+        }));
+    }
+    canActivateChild(childRoute, state) {
+        return this.canActivate(childRoute, state);
+    }
+    parsePermission(data) {
+        if ((typeof ngDevMode === 'undefined' || ngDevMode) && (data === undefined || data === null)) {
+            console?.warn?.(`No "data.permission" property was passed.`);
+            return of(false);
+        }
+        if (Array.isArray(data) || typeof data === 'string') {
+            return this._permissions.has(data);
+        }
+        return this._permissions.has(data?.value, data?.options);
+    }
+}
+BbPermissionGuard.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbPermissionGuard, deps: [{ token: i2$1.Router }, { token: Permissions }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+BbPermissionGuard.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbPermissionGuard, providedIn: 'root' });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: BbPermissionGuard, decorators: [{
+            type: Injectable,
+            args: [{
+                    providedIn: 'root'
+                }]
+        }], ctorParameters: function () { return [{ type: i2$1.Router }, { type: Permissions }, { type: AuthConfig, decorators: [{
+                    type: Optional
+                }] }]; } });
 class AuthInterceptor {
     constructor(_auth, _config) {
         this._auth = _auth;
         this._config = _config;
         // Readonly data.
-        this._authHeaderString = 'Authorization';
+        this._authHeaderString = this._config?.http?.header ?? 'Authorization';
+        this._authScheme = this._config?.http?.scheme ?? 'Bearer';
         // Data.
         this.isRefreshing = false;
         this.refreshingAccessToken$ = new BehaviorSubject(null);
         this.getAccessToken = (request) => {
             // Get the token based on header.
-            if (request.headers.has('Authorization')) {
-                return request.headers.get('Authorization');
+            if (request.headers.has(this._authHeaderString)) {
+                return request.headers.get(this._authHeaderString);
             }
             // Return the default access token.
             return this._auth.session.accessToken;
@@ -824,13 +865,9 @@ class AuthInterceptor {
             }
             // Add the auth header to the request.
             return request.clone({
-                setHeaders: { [this._authHeaderString]: this.getFullAuthorizationHeader(accessToken) }
+                setHeaders: { [this._authHeaderString]: `${this._authScheme} ${accessToken}` }
             });
         };
-        this.getFullAuthorizationHeader = (token) => {
-            const authScheme = this._config?.scheme ?? 'Bearer';
-            return [authScheme, token].join(' ');
-        };
     }
     intercept(request, next) {
         // 1. Check if the user wants to use the authorization for this request.
@@ -873,9 +910,9 @@ class AuthInterceptor {
         return of(null);
     }
 }
-AuthInterceptor.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthInterceptor, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
-AuthInterceptor.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthInterceptor });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthInterceptor, decorators: [{
+AuthInterceptor.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: AuthInterceptor, deps: [{ token: Auth }, { token: AuthConfig, optional: true }], target: i0.ɵɵFactoryTarget.Injectable });
+AuthInterceptor.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: AuthInterceptor });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: AuthInterceptor, decorators: [{
             type: Injectable
         }], ctorParameters: function () { return [{ type: Auth }, { type: AuthConfig, decorators: [{
                     type: Optional
@@ -883,7 +920,6 @@ i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImpor
 const DECLARATIONS_EXPORTS = [
     BbAuthenticated,
-    BbRole,
     BbPermission
 ];
 class AuthModule {
@@ -900,24 +936,17 @@ class AuthModule {
         };
     }
 }
-AuthModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
-AuthModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, declarations: [BbAuthenticated,
-        BbRole,
+AuthModule.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: AuthModule, deps: [], target: i0.ɵɵFactoryTarget.NgModule });
+AuthModule.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "14.1.1", ngImport: i0, type: AuthModule, declarations: [BbAuthenticated,
         BbPermission], imports: [HttpClientModule], exports: [BbAuthenticated,
-        BbRole,
         BbPermission] });
-AuthModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, providers: [
-        { provide: AuthMapper, useClass: AuthMapper }
-    ], imports: [HttpClientModule] });
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.0.4", ngImport: i0, type: AuthModule, decorators: [{
+AuthModule.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: AuthModule, imports: [HttpClientModule] });
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "14.1.1", ngImport: i0, type: AuthModule, decorators: [{
             type: NgModule,
             args: [{
                     imports: [HttpClientModule],
                     declarations: [...DECLARATIONS_EXPORTS],
-                    exports: [...DECLARATIONS_EXPORTS],
-                    providers: [
-                        { provide: AuthMapper, useClass: AuthMapper }
-                    ]
+                    exports: [...DECLARATIONS_EXPORTS]
                 }]
         }] });
 function initializeAuth(auth) {
@@ -928,5 +957,5 @@ function initializeAuth(auth) {
  * Generated bundle index. Do not edit.
  */
-export { Auth, AuthConfig, AuthEmailProvider, AuthMapper, AuthModule, AuthSession, AuthVerifyProvider, BbAnonymousGuard, BbAuthenticated, BbAuthenticatedGuard, BbPermission, BbRole, JwtHelper, Permissions, USE_AUTHORIZATION, initializeAuth };
+export { AppPermissions, Auth, AuthConfig, AuthEmailProvider, AuthModule, AuthSession, AuthVerifyProvider, BbAnonymousGuard, BbAuthenticated, BbAuthenticatedGuard, BbPermission, BbPermissionGuard, JwtHelper, Permissions, USE_AUTHORIZATION, initializeAuth };
 //# sourceMappingURL=bravobit-bb-foundation-auth.mjs.map