77205: Use existing admin authorization guards for comm/coll

2025-10-07 10:04:11 +00:00 · 2021-02-25 16:37:32 +01:00
parent 3f4e032bb5
commit 70e9bb1180
10 changed files with 33 additions and 114 deletions
--- a/src/app/+collection-page/edit-collection-page/edit-collection-page.routing.module.ts
+++ b/src/app/+collection-page/edit-collection-page/edit-collection-page.routing.module.ts
@@ -12,7 +12,7 @@ import { ResourcePolicyTargetResolver } from '../../shared/resource-policies/res
 import { ResourcePolicyCreateComponent } from '../../shared/resource-policies/create/resource-policy-create.component';
 import { ResourcePolicyResolver } from '../../shared/resource-policies/resolvers/resource-policy.resolver';
 import { ResourcePolicyEditComponent } from '../../shared/resource-policies/edit/resource-policy-edit.component';
-import { IsCollectionAdminGuard } from '../../access-control/guards/is-collection-admin.guard';
+import { CollectionPageAdministratorGuard } from '../collection-page-administrator.guard';
 /**
 * Routing module that handles the routing for the Edit Collection page administrator functionality
@@ -27,7 +27,7 @@ import { IsCollectionAdminGuard } from '../../access-control/guards/is-collectio
        },
        data: { breadcrumbKey: 'collection.edit' },
        component: EditCollectionPageComponent,
-        canActivate: [IsCollectionAdminGuard],
+        canActivate: [CollectionPageAdministratorGuard],
        children: [
          {
            path: '',
--- a/src/app/+community-page/edit-community-page/edit-community-page.routing.module.ts
+++ b/src/app/+community-page/edit-community-page/edit-community-page.routing.module.ts
@@ -10,7 +10,7 @@ import { ResourcePolicyTargetResolver } from '../../shared/resource-policies/res
 import { ResourcePolicyCreateComponent } from '../../shared/resource-policies/create/resource-policy-create.component';
 import { ResourcePolicyResolver } from '../../shared/resource-policies/resolvers/resource-policy.resolver';
 import { ResourcePolicyEditComponent } from '../../shared/resource-policies/edit/resource-policy-edit.component';
-import { IsCommunityAdminGuard } from '../../access-control/guards/is-community-admin.guard';
+import { CommunityPageAdministratorGuard } from '../community-page-administrator.guard';
 /**
 * Routing module that handles the routing for the Edit Community page administrator functionality
@@ -25,7 +25,7 @@ import { IsCommunityAdminGuard } from '../../access-control/guards/is-community-
        },
        data: { breadcrumbKey: 'community.edit' },
        component: EditCommunityPageComponent,
-        canActivate: [IsCommunityAdminGuard],
+        canActivate: [CommunityPageAdministratorGuard],
        children: [
          {
            path: '',
--- a/src/app/access-control/guards/can-manage-group.guard.spec.ts
+++ b/src/app/access-control/guards/can-manage-group.guard.spec.ts
@@ -1,16 +0,0 @@
 import { TestBed } from '@angular/core/testing';
 import { CanManageGroupGuard } from './can-manage-group.guard';
 describe('CanManageGroupGuard', () => {
  let guard: CanManageGroupGuard;
  beforeEach(() => {
    TestBed.configureTestingModule({});
    guard = TestBed.inject(CanManageGroupGuard);
  });
  it('should be created', () => {
    expect(guard).toBeTruthy();
  });
 });
--- a/src/app/access-control/guards/can-manage-group.guard.ts
+++ b/src/app/access-control/guards/can-manage-group.guard.ts
@@ -1,20 +0,0 @@
 import { Injectable } from '@angular/core';
 import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
 import { Observable } from 'rxjs';
 import { FeatureID } from '../../core/data/feature-authorization/feature-id';
 import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
 /**
 * Guard for preventing unauthorized access to /access-control/groups/*
 */
@Injectable({
  providedIn: 'root'
 })
 export class CanManageGroupGuard implements CanActivate {
  constructor(private authorizationService: AuthorizationDataService) {
  }
  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>  {
    return this.authorizationService.isAuthorized(FeatureID.CanManageGroups);
  }
 }
--- a/src/app/access-control/guards/is-collection-admin.guard.spec.ts
+++ b/src/app/access-control/guards/is-collection-admin.guard.spec.ts
@@ -1,16 +0,0 @@
 import { TestBed } from '@angular/core/testing';
 import { IsCollectionAdminGuard } from './is-collection-admin.guard';
 describe('IsCollectionAdminGuard', () => {
  let guard: IsCollectionAdminGuard;
  beforeEach(() => {
    TestBed.configureTestingModule({});
    guard = TestBed.inject(IsCollectionAdminGuard);
  });
  it('should be created', () => {
    expect(guard).toBeTruthy();
  });
 });
--- a/src/app/access-control/guards/is-collection-admin.guard.ts
+++ b/src/app/access-control/guards/is-collection-admin.guard.ts
@@ -1,20 +0,0 @@
 import { Injectable } from '@angular/core';
 import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
 import { Observable } from 'rxjs';
 import { FeatureID } from '../../core/data/feature-authorization/feature-id';
 import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
 /**
 * Guard for preventing unauthorized editing of Communities
 */
@Injectable({
  providedIn: 'root'
 })
 export class IsCollectionAdminGuard implements CanActivate {
  constructor(private authorizationService: AuthorizationDataService) {
  }
  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>  {
    return this.authorizationService.isAuthorized(FeatureID.IsCollectionAdmin);
  }
 }
--- a/src/app/access-control/guards/is-community-admin.guard.spec.ts
+++ b/src/app/access-control/guards/is-community-admin.guard.spec.ts
@@ -1,16 +0,0 @@
 import { TestBed } from '@angular/core/testing';
 import { IsCommunityAdminGuard } from './is-community-admin.guard';
 describe('IsCommunityAdminGuard', () => {
  let guard: IsCommunityAdminGuard;
  beforeEach(() => {
    TestBed.configureTestingModule({});
    guard = TestBed.inject(IsCommunityAdminGuard);
  });
  it('should be created', () => {
    expect(guard).toBeTruthy();
  });
 });
--- a/src/app/access-control/guards/is-community-admin.guard.ts
+++ b/src/app/access-control/guards/is-community-admin.guard.ts
@@ -1,20 +0,0 @@
 import { Injectable } from '@angular/core';
 import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
 import { Observable } from 'rxjs';
 import { FeatureID } from '../../core/data/feature-authorization/feature-id';
 import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
 /**
 * Guard for preventing unauthorized editing of Communities
 */
@Injectable({
  providedIn: 'root'
 })
 export class IsCommunityAdminGuard implements CanActivate {
  constructor(private authorizationService: AuthorizationDataService) {
  }
  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>  {
    return this.authorizationService.isAuthorized(FeatureID.IsCommunityAdmin);
  }
 }
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -24,7 +24,7 @@ import { ReloadGuard } from './core/reload/reload.guard';
 import { EndUserAgreementCurrentUserGuard } from './core/end-user-agreement/end-user-agreement-current-user.guard';
 import { SiteRegisterGuard } from './core/data/feature-authorization/feature-authorization-guard/site-register.guard';
 import { ForbiddenComponent } from './forbidden/forbidden.component';
-import { CanManageGroupGuard } from './access-control/guards/can-manage-group.guard';
+import { GroupAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/group-administrator.guard';
@NgModule({
  imports: [
@@ -180,7 +180,7 @@ import { CanManageGroupGuard } from './access-control/guards/can-manage-group.gu
          {
            path: ACCESS_CONTROL_MODULE_PATH,
            loadChildren: () => import('./access-control/access-control.module').then((m) => m.AccessControlModule),
-            canActivate: [CanManageGroupGuard],
+            canActivate: [GroupAdministratorGuard],
          },
          { path: '**', pathMatch: 'full', component: PageNotFoundComponent },
      ]}
--- a/src/app/core/data/feature-authorization/feature-authorization-guard/group-administrator.guard.ts
+++ b/src/app/core/data/feature-authorization/feature-authorization-guard/group-administrator.guard.ts
@@ -0,0 +1,27 @@
 import { Injectable } from '@angular/core';
 import { FeatureAuthorizationGuard } from './feature-authorization.guard';
 import { AuthorizationDataService } from '../authorization-data.service';
 import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
 import { AuthService } from '../../../auth/auth.service';
 import { Observable, of as observableOf } from 'rxjs';
 import { FeatureID } from '../feature-id';
 /**
 * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have group
 * management rights
 */
@Injectable({
  providedIn: 'root'
 })
 export class GroupAdministratorGuard extends FeatureAuthorizationGuard {
  constructor(protected authorizationService: AuthorizationDataService, protected router: Router, protected authService: AuthService) {
    super(authorizationService, router, authService);
  }
  /**
   * Check group management rights
   */
  getFeatureID(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<FeatureID> {
    return observableOf(FeatureID.CanManageGroups);
  }
 }