hazza/dspace-angular
1
0
Fork 1
mirror of https://github.com/DSpace/dspace-angular.git synced 2025-10-08 10:34:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

80113: Prevent anyone but site admin from accessing /access-control/epeople

Browse Source
This commit is contained in:
Marie Verdonck
2021-06-16 16:49:57 +02:00
parent 3fc44f6fc1
commit cf515fe6f0
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/app/+admin/admin-sidebar/admin-sidebar.component.ts
View File

@@ -531,14 +531,17 @@ export class AdminSidebarComponent extends MenuComponent implements OnInit {
* Create menu sections dependent on whether or not the current user can manage access control groups * Create menu sections dependent on whether or not the current user can manage access control groups
*/ */
createAccessControlMenuSections() { createAccessControlMenuSections() {
this.authorizationService.isAuthorized(FeatureID.CanManageGroups).subscribe((authorized) => { observableCombineLatest(
this.authorizationService.isAuthorized(FeatureID.AdministratorOf),
this.authorizationService.isAuthorized(FeatureID.CanManageGroups)
).subscribe(([isSiteAdmin, canManageGroups]) => {
const menuList = [ const menuList = [
/* Access Control */ /* Access Control */
{ {
id: 'access_control_people', id: 'access_control_people',
parentID: 'access_control', parentID: 'access_control',
active: false, active: false,
visible: authorized, visible: isSiteAdmin,
model: { model: {
type: MenuItemType.LINK, type: MenuItemType.LINK,
text: 'menu.section.access_control_people', text: 'menu.section.access_control_people',
@@ -549,7 +552,7 @@ export class AdminSidebarComponent extends MenuComponent implements OnInit {
id: 'access_control_groups', id: 'access_control_groups',
parentID: 'access_control', parentID: 'access_control',
active: false, active: false,
visible: authorized, visible: canManageGroups,
model: { model: {
type: MenuItemType.LINK, type: MenuItemType.LINK,
text: 'menu.section.access_control_groups', text: 'menu.section.access_control_groups',
@@ -571,7 +574,7 @@ export class AdminSidebarComponent extends MenuComponent implements OnInit {
{ {
id: 'access_control', id: 'access_control',
active: false, active: false,
visible: authorized, visible: canManageGroups || isSiteAdmin,
model: { model: {
type: MenuItemType.TEXT, type: MenuItemType.TEXT,
text: 'menu.section.access_control' text: 'menu.section.access_control'

4
src/app/access-control/access-control-routing-paths.ts
View File

@@ -3,6 +3,10 @@ import { getAccessControlModuleRoute } from '../app-routing-paths';
export const GROUP_EDIT_PATH = 'groups'; export const GROUP_EDIT_PATH = 'groups';
export function getGroupsRoute() {
return new URLCombiner(getAccessControlModuleRoute(), GROUP_EDIT_PATH).toString();
}
export function getGroupEditRoute(id: string) { export function getGroupEditRoute(id: string) {
return new URLCombiner(getAccessControlModuleRoute(), GROUP_EDIT_PATH, id).toString(); return new URLCombiner(getAccessControlModuleRoute(), GROUP_EDIT_PATH, id).toString();
} }

11
src/app/access-control/access-control-routing.module.ts
View File

@@ -6,6 +6,8 @@ import { GroupsRegistryComponent } from './group-registry/groups-registry.compon
import { GROUP_EDIT_PATH } from './access-control-routing-paths'; import { GROUP_EDIT_PATH } from './access-control-routing-paths';
import { I18nBreadcrumbResolver } from '../core/breadcrumbs/i18n-breadcrumb.resolver'; import { I18nBreadcrumbResolver } from '../core/breadcrumbs/i18n-breadcrumb.resolver';
import { GroupPageGuard } from './group-registry/group-page.guard'; import { GroupPageGuard } from './group-registry/group-page.guard';
import { GroupAdministratorGuard } from '../core/data/feature-authorization/feature-authorization-guard/group-administrator.guard';
import { SiteAdministratorGuard } from '../core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
@NgModule({ @NgModule({
imports: [ imports: [
@@ -16,7 +18,8 @@ import { GroupPageGuard } from './group-registry/group-page.guard';
resolve: { resolve: {
breadcrumb: I18nBreadcrumbResolver breadcrumb: I18nBreadcrumbResolver
}, },
data: { title: 'admin.access-control.epeople.title', breadcrumbKey: 'admin.access-control.epeople' } data: { title: 'admin.access-control.epeople.title', breadcrumbKey: 'admin.access-control.epeople' },
canActivate: [SiteAdministratorGuard]
}, },
{ {
path: GROUP_EDIT_PATH, path: GROUP_EDIT_PATH,
@@ -24,7 +27,8 @@ import { GroupPageGuard } from './group-registry/group-page.guard';
resolve: { resolve: {
breadcrumb: I18nBreadcrumbResolver breadcrumb: I18nBreadcrumbResolver
}, },
data: { title: 'admin.access-control.groups.title', breadcrumbKey: 'admin.access-control.groups' } data: { title: 'admin.access-control.groups.title', breadcrumbKey: 'admin.access-control.groups' },
canActivate: [GroupAdministratorGuard]
}, },
{ {
path: `${GROUP_EDIT_PATH}/newGroup`, path: `${GROUP_EDIT_PATH}/newGroup`,
@@ -32,7 +36,8 @@ import { GroupPageGuard } from './group-registry/group-page.guard';
resolve: { resolve: {
breadcrumb: I18nBreadcrumbResolver breadcrumb: I18nBreadcrumbResolver
}, },
data: { title: 'admin.access-control.groups.title.addGroup', breadcrumbKey: 'admin.access-control.groups.addGroup' } data: { title: 'admin.access-control.groups.title.addGroup', breadcrumbKey: 'admin.access-control.groups.addGroup' },
canActivate: [GroupAdministratorGuard]
}, },
{ {
path: `${GROUP_EDIT_PATH}/:groupId`, path: `${GROUP_EDIT_PATH}/:groupId`,