diff --git a/src/app/+admin/admin-sidebar/admin-sidebar.component.ts b/src/app/+admin/admin-sidebar/admin-sidebar.component.ts index b009aacb33..d18b1ba90f 100644 --- a/src/app/+admin/admin-sidebar/admin-sidebar.component.ts +++ b/src/app/+admin/admin-sidebar/admin-sidebar.component.ts @@ -73,7 +73,7 @@ export class AdminSidebarComponent extends MenuComponent implements OnInit { * Set and calculate all initial values of the instance variables */ ngOnInit(): void { - this.authorizationService.isAuthenticated(FeatureType.AdministratorOf).pipe(take(1)).subscribe((authorized) => { + this.authorizationService.isAuthenticated(FeatureType.AdministratorOf).subscribe((authorized) => { this.createMenu(authorized); super.ngOnInit(); this.sidebarWidth = this.variableService.getVariable('sidebarItemsWidth'); diff --git a/src/app/app-routing.module.ts b/src/app/app-routing.module.ts index 0acec5e728..b10ae4df55 100644 --- a/src/app/app-routing.module.ts +++ b/src/app/app-routing.module.ts @@ -10,7 +10,7 @@ import { Collection } from './core/shared/collection.model'; import { Item } from './core/shared/item.model'; import { getItemPageRoute } from './+item-page/item-page-routing.module'; import { getCollectionPageRoute } from './+collection-page/collection-page-routing.module'; -import { SiteAdministratorGuard } from './core/data/feature-authorization/site-administrator.guard'; +import { SiteAdministratorGuard } from './core/data/feature-authorization/feature-authorization-guard/site-administrator.guard'; const ITEM_MODULE_PATH = 'items'; diff --git a/src/app/core/core.module.ts b/src/app/core/core.module.ts index eaa384d8a5..43babd0147 100644 --- a/src/app/core/core.module.ts +++ b/src/app/core/core.module.ts @@ -149,7 +149,7 @@ import { Feature } from './shared/feature.model'; import { Authorization } from './shared/authorization.model'; import { FeatureDataService } from './data/feature-authorization/feature-data.service'; import { AuthorizationDataService } from './data/feature-authorization/authorization-data.service'; -import { SiteAdministratorGuard } from './data/feature-authorization/site-administrator.guard'; +import { SiteAdministratorGuard } from './data/feature-authorization/feature-authorization-guard/site-administrator.guard'; /** * When not in production, endpoint responses can be mocked for testing purposes diff --git a/src/app/core/data/feature-authorization/feature-authorization-guard/feature-authorization.guard.ts b/src/app/core/data/feature-authorization/feature-authorization-guard/feature-authorization.guard.ts new file mode 100644 index 0000000000..62576030a6 --- /dev/null +++ b/src/app/core/data/feature-authorization/feature-authorization-guard/feature-authorization.guard.ts @@ -0,0 +1,52 @@ +import { ActivatedRouteSnapshot, CanActivate, CanLoad, Route, RouterStateSnapshot, UrlSegment } from '@angular/router'; +import { AuthorizationDataService } from '../authorization-data.service'; +import { FeatureType } from '../feature-type'; +import { Observable } from 'rxjs/internal/Observable'; + +/** + * Abstract Guard for preventing unauthorized activating and loading of routes when a user + * doesn't have authorized rights on a specific feature and/or object. + * Override the desired getters in the parent class for checking specific authorization on a feature and/or object. + */ +export abstract class FeatureAuthorizationGuard implements CanActivate, CanLoad { + constructor(protected authorizationService: AuthorizationDataService) { + } + + /** + * True when user has authorization rights for the feature and object provided + */ + canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable { + return this.authorizationService.isAuthenticated(this.getFeatureType(), this.getObjectUrl(), this.getEPersonUuid()); + } + + /** + * True when user has authorization rights for the feature and object provided + */ + canLoad(route: Route, segments: UrlSegment[]): Observable { + return this.authorizationService.isAuthenticated(this.getFeatureType(), this.getObjectUrl(), this.getEPersonUuid()); + } + + /** + * The type of feature to check authorization for + * Override this method to define a feature + */ + getFeatureType(): FeatureType { + return undefined; + } + + /** + * The URL of the object to check if the user has authorized rights for + * Override this method to define an object URL. If not provided, the {@link Site}'s URL will be used + */ + getObjectUrl(): string { + return undefined; + } + + /** + * The UUID of the user to check authorization rights for + * Override this method to define an {@link EPerson} UUID. If not provided, the authenticated user's UUID will be used. + */ + getEPersonUuid(): string { + return undefined; + } +} diff --git a/src/app/core/data/feature-authorization/feature-authorization-guard/site-administrator.guard.ts b/src/app/core/data/feature-authorization/feature-authorization-guard/site-administrator.guard.ts new file mode 100644 index 0000000000..6034bc2f95 --- /dev/null +++ b/src/app/core/data/feature-authorization/feature-authorization-guard/site-administrator.guard.ts @@ -0,0 +1,24 @@ +import { Injectable } from '@angular/core'; +import { FeatureAuthorizationGuard } from './feature-authorization.guard'; +import { FeatureType } from '../feature-type'; +import { AuthorizationDataService } from '../authorization-data.service'; + +/** + * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have administrator + * rights to the {@link Site} + */ +@Injectable({ + providedIn: 'root' +}) +export class SiteAdministratorGuard extends FeatureAuthorizationGuard { + constructor(protected authorizationService: AuthorizationDataService) { + super(authorizationService); + } + + /** + * Check administrator authorization rights + */ + getFeatureType(): FeatureType { + return FeatureType.AdministratorOf; + } +} diff --git a/src/app/core/data/feature-authorization/site-administrator.guard.ts b/src/app/core/data/feature-authorization/site-administrator.guard.ts deleted file mode 100644 index 43208fba20..0000000000 --- a/src/app/core/data/feature-authorization/site-administrator.guard.ts +++ /dev/null @@ -1,31 +0,0 @@ -import { Injectable } from '@angular/core'; -import { ActivatedRouteSnapshot, CanActivate, CanLoad, Route, RouterStateSnapshot, UrlSegment } from '@angular/router'; -import { Observable } from 'rxjs'; -import { AuthorizationDataService } from './authorization-data.service'; -import { FeatureType } from './feature-type'; - -/** - * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have administrator - * rights to the {@link Site} - */ -@Injectable({ - providedIn: 'root' -}) -export class SiteAdministratorGuard implements CanActivate, CanLoad { - constructor(private authorizationService: AuthorizationDataService) { - } - - /** - * True when user has administrator rights to the {@link Site} - */ - canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable { - return this.authorizationService.isAuthenticated(FeatureType.AdministratorOf); - } - - /** - * True when user has administrator rights to the {@link Site} - */ - canLoad(route: Route, segments: UrlSegment[]): Observable { - return this.authorizationService.isAuthenticated(FeatureType.AdministratorOf); - } -}