71764: SiteRegisterGuard + hide register link when unauthorized

src/app/app-routing.module.ts

@@ -12,6 +12,7 @@ import { getItemPageRoute } from './+item-page/item-page-routing.module';
 import { getCollectionPageRoute } from './+collection-page/collection-page-routing.module';
 import { SiteAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
 import { UnauthorizedComponent } from './unauthorized/unauthorized.component';
+import { SiteRegisterGuard } from './core/data/feature-authorization/feature-authorization-guard/site-register.guard';
 
 const ITEM_MODULE_PATH = 'items';
 
@@ -93,7 +94,7 @@ export function getUnauthorizedPath() {
       { path: 'community-list', loadChildren: './community-list-page/community-list-page.module#CommunityListPageModule' },
       { path: 'id', loadChildren: './+lookup-by-id/lookup-by-id.module#LookupIdModule' },
       { path: 'handle', loadChildren: './+lookup-by-id/lookup-by-id.module#LookupIdModule' },
-      { path: REGISTER_PATH, loadChildren: './register-page/register-page.module#RegisterPageModule' },
+      { path: REGISTER_PATH, loadChildren: './register-page/register-page.module#RegisterPageModule', canActivate: [SiteRegisterGuard] },
       { path: FORGOT_PASSWORD_PATH, loadChildren: './forgot-password/forgot-password.module#ForgotPasswordModule' },
       { path: COMMUNITY_MODULE_PATH, loadChildren: './+community-page/community-page.module#CommunityPageModule' },
       { path: COLLECTION_MODULE_PATH, loadChildren: './+collection-page/collection-page.module#CollectionPageModule' },

src/app/core/core.module.ts

@@ -159,6 +159,7 @@ import { SubmissionCcLicenseDataService } from './submission/submission-cc-licen
 import { SubmissionCcLicence } from './submission/models/submission-cc-license.model';
 import { SubmissionCcLicenceUrl } from './submission/models/submission-cc-license-url.model';
 import { SubmissionCcLicenseUrlDataService } from './submission/submission-cc-license-url-data.service';
+import { SiteRegisterGuard } from './data/feature-authorization/feature-authorization-guard/site-register.guard';
 
 /**
  * When not in production, endpoint responses can be mocked for testing purposes
@@ -282,6 +283,7 @@ const PROVIDERS = [
   FeatureDataService,
   AuthorizationDataService,
   SiteAdministratorGuard,
+  SiteRegisterGuard,
   MetadataSchemaDataService,
   MetadataFieldDataService,
   TokenResponseParsingService,

src/app/core/data/feature-authorization/feature-authorization-guard/site-register.guard.ts

@@ -0,0 +1,27 @@
+import { FeatureAuthorizationGuard } from './feature-authorization.guard';
+import { Injectable } from '@angular/core';
+import { AuthorizationDataService } from '../authorization-data.service';
+import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
+import { Observable } from 'rxjs/internal/Observable';
+import { FeatureID } from '../feature-id';
+import { of as observableOf } from 'rxjs';
+
+/**
+ * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have registration
+ * rights to the {@link Site}
+ */
+@Injectable({
+  providedIn: 'root'
+})
+export class SiteRegisterGuard extends FeatureAuthorizationGuard {
+  constructor(protected authorizationService: AuthorizationDataService, protected router: Router) {
+    super(authorizationService, router);
+  }
+
+  /**
+   * Check registration authorization rights
+   */
+  getFeatureID(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<FeatureID> {
+    return observableOf(FeatureID.EPersonRegistration);
+  }
+}

src/app/core/data/feature-authorization/feature-id.ts

@@ -6,4 +6,5 @@ export enum FeatureID {
   AdministratorOf = 'administratorOf',
   WithdrawItem = 'withdrawItem',
   ReinstateItem = 'reinstateItem',
+  EPersonRegistration = 'epersonRegistration',
 }

src/app/shared/log-in/log-in.component.html

@@ -8,6 +8,6 @@
   </ng-container>
 
   <div class="dropdown-divider"></div>
-  <a class="dropdown-item" [routerLink]="[getRegisterPath()]">{{"login.form.new-user" | translate}}</a>
+  <a class="dropdown-item" *ngIf="canRegister$ | async" [routerLink]="[getRegisterPath()]">{{"login.form.new-user" | translate}}</a>
   <a class="dropdown-item" [routerLink]="[getForgotPath()]">{{"login.form.forgot-password" | translate}}</a>
 </div>

src/app/shared/log-in/log-in.component.ts

@@ -9,6 +9,8 @@ import { getAuthenticationMethods, isAuthenticated, isAuthenticationLoading } fr
 import { CoreState } from '../../core/core.reducers';
 import { AuthService } from '../../core/auth/auth.service';
 import { getForgotPasswordPath, getRegisterPath } from '../../app-routing.module';
+import { AuthorizationDataService } from '../../core/data/feature-authorization/authorization-data.service';
+import { FeatureID } from '../../core/data/feature-authorization/feature-id';
 
 /**
  * /users/sign-in
@@ -51,8 +53,14 @@ export class LogInComponent implements OnInit, OnDestroy {
    */
   private alive = true;
 
+  /**
+   * Whether or not the current user (or anonymous) is authorized to register an account
+   */
+  canRegister$: Observable<boolean>;
+
   constructor(private store: Store<CoreState>,
-              private authService: AuthService,) {
+              private authService: AuthService,
+              private authorizationService: AuthorizationDataService) {
   }
 
   ngOnInit(): void {
@@ -77,6 +85,7 @@ export class LogInComponent implements OnInit, OnDestroy {
         }
       );
 
+    this.canRegister$ = this.authorizationService.isAuthorized(FeatureID.EPersonRegistration);
   }
 
   ngOnDestroy(): void {