[ACS-6445] Address #PT20471_7 Missing Access Control (#3627)

2025-07-24 17:31:52 +00:00 · 2024-02-05 14:59:07 +01:00
parent 4393f337c5
commit bcb7e634d9
4 changed files with 45 additions and 8 deletions
--- a/projects/aca-shared/rules/src/app.rules.spec.ts
+++ b/projects/aca-shared/rules/src/app.rules.spec.ts
@@ -556,7 +556,7 @@ describe('app.evaluators', () => {
      expect(app.isLibraryManager(context)).toBe(true);
    });

-    it('should return false when role is different than SiteManager', () => {
+    it('should return false when role is different than SiteManager and user is not an admin', () => {
      const context: any = {
        selection: {
          library: {
@@ -564,11 +564,27 @@ describe('app.evaluators', () => {
              role: 'SiteCollaborator'
            }
          }
-        }
+        },
+        profile: { isAdmin: false }
      };

      expect(app.isLibraryManager(context)).toBe(false);
    });
+
+    it('should return true if user is an admin no matter what the role is', () => {
+      const context: any = {
+        selection: {
+          library: {
+            entry: {
+              role: null
+            }
+          }
+        },
+        profile: { isAdmin: true }
+      };
+
+      expect(app.isLibraryManager(context)).toBe(true);
+    });
  });

  describe('canOpenWithOffice', () => {
--- a/projects/aca-shared/rules/src/app.rules.ts
+++ b/projects/aca-shared/rules/src/app.rules.ts
@@ -554,7 +554,7 @@ export const canShowLogout = (context: AcaRuleContext): boolean => !context.with
 * @param context Rule execution context
 */
 export const isLibraryManager = (context: RuleContext): boolean =>
-  hasLibrarySelected(context) && context.selection.library?.entry.role === 'SiteManager';
+  hasLibrarySelected(context) && (context.selection.library?.entry.role === 'SiteManager' || isAdmin(context));

 /**
 * Checks if the preview button for search results can be showed