77205: Use existing admin authorization guards for comm/coll

2025-10-07 10:04:11 +00:00 · 2021-02-25 16:37:32 +01:00
parent 3f4e032bb5
commit 70e9bb1180
10 changed files with 33 additions and 114 deletions
--- a/src/app/+collection-page/edit-collection-page/edit-collection-page.routing.module.ts
+++ b/src/app/+collection-page/edit-collection-page/edit-collection-page.routing.module.ts
@@ -12,7 +12,7 @@ import { ResourcePolicyTargetResolver } from '../../shared/resource-policies/res
 import { ResourcePolicyCreateComponent } from '../../shared/resource-policies/create/resource-policy-create.component';
 import { ResourcePolicyResolver } from '../../shared/resource-policies/resolvers/resource-policy.resolver';
 import { ResourcePolicyEditComponent } from '../../shared/resource-policies/edit/resource-policy-edit.component';
-import { IsCollectionAdminGuard } from '../../access-control/guards/is-collection-admin.guard';
+import { CollectionPageAdministratorGuard } from '../collection-page-administrator.guard';

 /**
 * Routing module that handles the routing for the Edit Collection page administrator functionality
@@ -27,7 +27,7 @@ import { IsCollectionAdminGuard } from '../../access-control/guards/is-collectio
        },
        data: { breadcrumbKey: 'collection.edit' },
        component: EditCollectionPageComponent,
-        canActivate: [IsCollectionAdminGuard],
+        canActivate: [CollectionPageAdministratorGuard],
        children: [
          {
            path: '',
--- a/src/app/+community-page/edit-community-page/edit-community-page.routing.module.ts
+++ b/src/app/+community-page/edit-community-page/edit-community-page.routing.module.ts
@@ -10,7 +10,7 @@ import { ResourcePolicyTargetResolver } from '../../shared/resource-policies/res
 import { ResourcePolicyCreateComponent } from '../../shared/resource-policies/create/resource-policy-create.component';
 import { ResourcePolicyResolver } from '../../shared/resource-policies/resolvers/resource-policy.resolver';
 import { ResourcePolicyEditComponent } from '../../shared/resource-policies/edit/resource-policy-edit.component';
-import { IsCommunityAdminGuard } from '../../access-control/guards/is-community-admin.guard';
+import { CommunityPageAdministratorGuard } from '../community-page-administrator.guard';

 /**
 * Routing module that handles the routing for the Edit Community page administrator functionality
@@ -25,7 +25,7 @@ import { IsCommunityAdminGuard } from '../../access-control/guards/is-community-
        },
        data: { breadcrumbKey: 'community.edit' },
        component: EditCommunityPageComponent,
-        canActivate: [IsCommunityAdminGuard],
+        canActivate: [CommunityPageAdministratorGuard],
        children: [
          {
            path: '',
--- a/src/app/access-control/guards/can-manage-group.guard.spec.ts
+++ b/src/app/access-control/guards/can-manage-group.guard.spec.ts
@@ -1,16 +0,0 @@
-import { TestBed } from '@angular/core/testing';
-
-import { CanManageGroupGuard } from './can-manage-group.guard';
-
-describe('CanManageGroupGuard', () => {
-  let guard: CanManageGroupGuard;
-
-  beforeEach(() => {
-    TestBed.configureTestingModule({});
-    guard = TestBed.inject(CanManageGroupGuard);
-  });
-
-  it('should be created', () => {
-    expect(guard).toBeTruthy();
-  });
-});
--- a/src/app/access-control/guards/can-manage-group.guard.ts
+++ b/src/app/access-control/guards/can-manage-group.guard.ts
@@ -1,20 +0,0 @@
-import { Injectable } from '@angular/core';
-import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
-import { Observable } from 'rxjs';
-import { FeatureID } from '../../core/data/feature-authorization/feature-id';
-import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
-
-/**
- * Guard for preventing unauthorized access to /access-control/groups/*
- */
-@Injectable({
-  providedIn: 'root'
-})
-export class CanManageGroupGuard implements CanActivate {
-  constructor(private authorizationService: AuthorizationDataService) {
-  }
-
-  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>  {
-    return this.authorizationService.isAuthorized(FeatureID.CanManageGroups);
-  }
-}
--- a/src/app/access-control/guards/is-collection-admin.guard.spec.ts
+++ b/src/app/access-control/guards/is-collection-admin.guard.spec.ts
@@ -1,16 +0,0 @@
-import { TestBed } from '@angular/core/testing';
-
-import { IsCollectionAdminGuard } from './is-collection-admin.guard';
-
-describe('IsCollectionAdminGuard', () => {
-  let guard: IsCollectionAdminGuard;
-
-  beforeEach(() => {
-    TestBed.configureTestingModule({});
-    guard = TestBed.inject(IsCollectionAdminGuard);
-  });
-
-  it('should be created', () => {
-    expect(guard).toBeTruthy();
-  });
-});
--- a/src/app/access-control/guards/is-collection-admin.guard.ts
+++ b/src/app/access-control/guards/is-collection-admin.guard.ts
@@ -1,20 +0,0 @@
-import { Injectable } from '@angular/core';
-import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
-import { Observable } from 'rxjs';
-import { FeatureID } from '../../core/data/feature-authorization/feature-id';
-import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
-
-/**
- * Guard for preventing unauthorized editing of Communities
- */
-@Injectable({
-  providedIn: 'root'
-})
-export class IsCollectionAdminGuard implements CanActivate {
-  constructor(private authorizationService: AuthorizationDataService) {
-  }
-
-  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>  {
-    return this.authorizationService.isAuthorized(FeatureID.IsCollectionAdmin);
-  }
-}
--- a/src/app/access-control/guards/is-community-admin.guard.spec.ts
+++ b/src/app/access-control/guards/is-community-admin.guard.spec.ts
@@ -1,16 +0,0 @@
-import { TestBed } from '@angular/core/testing';
-
-import { IsCommunityAdminGuard } from './is-community-admin.guard';
-
-describe('IsCommunityAdminGuard', () => {
-  let guard: IsCommunityAdminGuard;
-
-  beforeEach(() => {
-    TestBed.configureTestingModule({});
-    guard = TestBed.inject(IsCommunityAdminGuard);
-  });
-
-  it('should be created', () => {
-    expect(guard).toBeTruthy();
-  });
-});
--- a/src/app/access-control/guards/is-community-admin.guard.ts
+++ b/src/app/access-control/guards/is-community-admin.guard.ts
@@ -1,20 +0,0 @@
-import { Injectable } from '@angular/core';
-import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
-import { Observable } from 'rxjs';
-import { FeatureID } from '../../core/data/feature-authorization/feature-id';
-import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
-
-/**
- * Guard for preventing unauthorized editing of Communities
- */
-@Injectable({
-  providedIn: 'root'
-})
-export class IsCommunityAdminGuard implements CanActivate {
-  constructor(private authorizationService: AuthorizationDataService) {
-  }
-
-  canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean>  {
-    return this.authorizationService.isAuthorized(FeatureID.IsCommunityAdmin);
-  }
-}
--- a/src/app/app-routing.module.ts
+++ b/src/app/app-routing.module.ts
@@ -24,7 +24,7 @@ import { ReloadGuard } from './core/reload/reload.guard';
 import { EndUserAgreementCurrentUserGuard } from './core/end-user-agreement/end-user-agreement-current-user.guard';
 import { SiteRegisterGuard } from './core/data/feature-authorization/feature-authorization-guard/site-register.guard';
 import { ForbiddenComponent } from './forbidden/forbidden.component';
-import { CanManageGroupGuard } from './access-control/guards/can-manage-group.guard';
+import { GroupAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/group-administrator.guard';

@NgModule({
  imports: [
@@ -180,7 +180,7 @@ import { CanManageGroupGuard } from './access-control/guards/can-manage-group.gu
          {
            path: ACCESS_CONTROL_MODULE_PATH,
            loadChildren: () => import('./access-control/access-control.module').then((m) => m.AccessControlModule),
-            canActivate: [CanManageGroupGuard],
+            canActivate: [GroupAdministratorGuard],
          },
          { path: '**', pathMatch: 'full', component: PageNotFoundComponent },
      ]}
--- a/src/app/core/data/feature-authorization/feature-authorization-guard/group-administrator.guard.ts
+++ b/src/app/core/data/feature-authorization/feature-authorization-guard/group-administrator.guard.ts
@@ -0,0 +1,27 @@
+import { Injectable } from '@angular/core';
+import { FeatureAuthorizationGuard } from './feature-authorization.guard';
+import { AuthorizationDataService } from '../authorization-data.service';
+import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
+import { AuthService } from '../../../auth/auth.service';
+import { Observable, of as observableOf } from 'rxjs';
+import { FeatureID } from '../feature-id';
+
+/**
+ * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have group
+ * management rights
+ */
+@Injectable({
+  providedIn: 'root'
+})
+export class GroupAdministratorGuard extends FeatureAuthorizationGuard {
+  constructor(protected authorizationService: AuthorizationDataService, protected router: Router, protected authService: AuthService) {
+    super(authorizationService, router, authService);
+  }
+
+  /**
+   * Check group management rights
+   */
+  getFeatureID(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<FeatureID> {
+    return observableOf(FeatureID.CanManageGroups);
+  }
+}