From bcb7e634d99ea05e3f8d506f90cf2b5e62799d89 Mon Sep 17 00:00:00 2001 From: Mykyta Maliarchuk <84377976+nikita-web-ua@users.noreply.github.com> Date: Mon, 5 Feb 2024 14:59:07 +0100 Subject: [PATCH] [ACS-6445] Address #PT20471_7 Missing Access Control (#3627) --- .../library-metadata-form.component.spec.ts | 17 ++++++++++++++-- .../library-metadata-form.component.ts | 14 ++++++++++--- .../aca-shared/rules/src/app.rules.spec.ts | 20 +++++++++++++++++-- projects/aca-shared/rules/src/app.rules.ts | 2 +- 4 files changed, 45 insertions(+), 8 deletions(-) diff --git a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts index b010f7e50f..4183e00efb 100644 --- a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts +++ b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts @@ -30,7 +30,7 @@ import { AppTestingModule } from '../../../testing/app-testing.module'; import { NO_ERRORS_SCHEMA } from '@angular/core'; import { Site, SiteBodyCreate, SitePaging } from '@alfresco/js-api'; import { Actions } from '@ngrx/effects'; -import { Subject } from 'rxjs'; +import { of, Subject } from 'rxjs'; describe('LibraryMetadataFormComponent', () => { let fixture: ComponentFixture; @@ -51,7 +51,8 @@ describe('LibraryMetadataFormComponent', () => { { provide: Store, useValue: { - dispatch: jasmine.createSpy('dispatch') + dispatch: jasmine.createSpy('dispatch'), + select: () => of() } } ], @@ -210,6 +211,18 @@ describe('LibraryMetadataFormComponent', () => { expect(store.dispatch).not.toHaveBeenCalledWith(new UpdateLibraryAction(siteEntryModel)); }); + it('should update library node when the user is an admin but has consumer rights', () => { + component.node.entry.role = Site.RoleEnum.SiteConsumer; + component.isAdmin = true; + + fixture.detectChanges(); + component.toggleEdit(); + + component.update(); + + expect(store.dispatch).toHaveBeenCalledWith(new UpdateLibraryAction(siteEntryModel)); + }); + it('should not call markAsPristine on form when updating valid form but has not permission to update', () => { component.node.entry.role = Site.RoleEnum.SiteConsumer; spyOn(component.form, 'markAsPristine'); diff --git a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts index aac068eae4..51a167f6ba 100644 --- a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts +++ b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts @@ -42,7 +42,8 @@ import { SnackbarActionTypes, SnackbarErrorAction, SnackbarInfoAction, - UpdateLibraryAction + UpdateLibraryAction, + isAdmin } from '@alfresco/aca-shared/store'; import { debounceTime, filter, mergeMap, takeUntil } from 'rxjs/operators'; import { AlfrescoApiService } from '@alfresco/adf-core'; @@ -118,6 +119,7 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro matcher = new InstantErrorStateMatcher(); canUpdateLibrary = false; + isAdmin = false; onDestroy$: Subject = new Subject(); @@ -172,7 +174,13 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro this.libraryTitleExists = false; } }); - this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager'; + this.store + .select(isAdmin) + .pipe(takeUntil(this.onDestroy$)) + .subscribe((value) => { + this.isAdmin = value; + }); + this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager' || this.isAdmin; this.handleUpdatingEvent(SnackbarActionTypes.Info, 'LIBRARY.SUCCESS.LIBRARY_UPDATED', () => Object.assign(this.node.entry, this.form.value) ); @@ -186,7 +194,7 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro ngOnChanges() { this.updateForm(this.node); - this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager'; + this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager' || this.isAdmin; } update() { diff --git a/projects/aca-shared/rules/src/app.rules.spec.ts b/projects/aca-shared/rules/src/app.rules.spec.ts index 8d48e45ba8..a955b2502a 100644 --- a/projects/aca-shared/rules/src/app.rules.spec.ts +++ b/projects/aca-shared/rules/src/app.rules.spec.ts @@ -556,7 +556,7 @@ describe('app.evaluators', () => { expect(app.isLibraryManager(context)).toBe(true); }); - it('should return false when role is different than SiteManager', () => { + it('should return false when role is different than SiteManager and user is not an admin', () => { const context: any = { selection: { library: { @@ -564,11 +564,27 @@ describe('app.evaluators', () => { role: 'SiteCollaborator' } } - } + }, + profile: { isAdmin: false } }; expect(app.isLibraryManager(context)).toBe(false); }); + + it('should return true if user is an admin no matter what the role is', () => { + const context: any = { + selection: { + library: { + entry: { + role: null + } + } + }, + profile: { isAdmin: true } + }; + + expect(app.isLibraryManager(context)).toBe(true); + }); }); describe('canOpenWithOffice', () => { diff --git a/projects/aca-shared/rules/src/app.rules.ts b/projects/aca-shared/rules/src/app.rules.ts index 90ee6cd632..7315b0fcf1 100644 --- a/projects/aca-shared/rules/src/app.rules.ts +++ b/projects/aca-shared/rules/src/app.rules.ts @@ -554,7 +554,7 @@ export const canShowLogout = (context: AcaRuleContext): boolean => !context.with * @param context Rule execution context */ export const isLibraryManager = (context: RuleContext): boolean => - hasLibrarySelected(context) && context.selection.library?.entry.role === 'SiteManager'; + hasLibrarySelected(context) && (context.selection.library?.entry.role === 'SiteManager' || isAdmin(context)); /** * Checks if the preview button for search results can be showed