[ACS-6445] Address #PT20471_7 Missing Access Control (#3627)

2025-07-24 17:31:52 +00:00 · 2024-02-05 14:59:07 +01:00
parent 4393f337c5
commit bcb7e634d9
4 changed files with 45 additions and 8 deletions
--- a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts
+++ b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts
@@ -30,7 +30,7 @@ import { AppTestingModule } from '../../../testing/app-testing.module';
 import { NO_ERRORS_SCHEMA } from '@angular/core';
 import { Site, SiteBodyCreate, SitePaging } from '@alfresco/js-api';
 import { Actions } from '@ngrx/effects';
-import { Subject } from 'rxjs';
+import { of, Subject } from 'rxjs';
 describe('LibraryMetadataFormComponent', () => {
  let fixture: ComponentFixture<LibraryMetadataFormComponent>;
@@ -51,7 +51,8 @@ describe('LibraryMetadataFormComponent', () => {
        {
          provide: Store,
          useValue: {
-            dispatch: jasmine.createSpy('dispatch')
+            dispatch: jasmine.createSpy('dispatch'),
            select: () => of()
          }
        }
      ],
@@ -210,6 +211,18 @@ describe('LibraryMetadataFormComponent', () => {
    expect(store.dispatch).not.toHaveBeenCalledWith(new UpdateLibraryAction(siteEntryModel));
  });
  it('should update library node when the user is an admin but has consumer rights', () => {
    component.node.entry.role = Site.RoleEnum.SiteConsumer;
    component.isAdmin = true;
    fixture.detectChanges();
    component.toggleEdit();
    component.update();
    expect(store.dispatch).toHaveBeenCalledWith(new UpdateLibraryAction(siteEntryModel));
  });
  it('should not call markAsPristine on form when updating valid form but has not permission to update', () => {
    component.node.entry.role = Site.RoleEnum.SiteConsumer;
    spyOn(component.form, 'markAsPristine');
--- a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts
+++ b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts
@@ -42,7 +42,8 @@ import {
  SnackbarActionTypes,
  SnackbarErrorAction,
  SnackbarInfoAction,
-  UpdateLibraryAction
+  UpdateLibraryAction,
  isAdmin
 } from '@alfresco/aca-shared/store';
 import { debounceTime, filter, mergeMap, takeUntil } from 'rxjs/operators';
 import { AlfrescoApiService } from '@alfresco/adf-core';
@@ -118,6 +119,7 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro
  matcher = new InstantErrorStateMatcher();
  canUpdateLibrary = false;
  isAdmin = false;
  onDestroy$: Subject<boolean> = new Subject<boolean>();
@@ -172,7 +174,13 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro
          this.libraryTitleExists = false;
        }
      });
-    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager';
+    this.store
      .select(isAdmin)
      .pipe(takeUntil(this.onDestroy$))
      .subscribe((value) => {
        this.isAdmin = value;
      });
    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager' || this.isAdmin;
    this.handleUpdatingEvent<SnackbarInfoAction>(SnackbarActionTypes.Info, 'LIBRARY.SUCCESS.LIBRARY_UPDATED', () =>
      Object.assign(this.node.entry, this.form.value)
    );
@@ -186,7 +194,7 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro
  ngOnChanges() {
    this.updateForm(this.node);
-    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager';
+    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager' || this.isAdmin;
  }
  update() {
--- a/projects/aca-shared/rules/src/app.rules.spec.ts
+++ b/projects/aca-shared/rules/src/app.rules.spec.ts
@@ -556,7 +556,7 @@ describe('app.evaluators', () => {
      expect(app.isLibraryManager(context)).toBe(true);
    });
-    it('should return false when role is different than SiteManager', () => {
+    it('should return false when role is different than SiteManager and user is not an admin', () => {
      const context: any = {
        selection: {
          library: {
@@ -564,11 +564,27 @@ describe('app.evaluators', () => {
              role: 'SiteCollaborator'
            }
          }
-        }
+        },
        profile: { isAdmin: false }
      };
      expect(app.isLibraryManager(context)).toBe(false);
    });
    it('should return true if user is an admin no matter what the role is', () => {
      const context: any = {
        selection: {
          library: {
            entry: {
              role: null
            }
          }
        },
        profile: { isAdmin: true }
      };
      expect(app.isLibraryManager(context)).toBe(true);
    });
  });
  describe('canOpenWithOffice', () => {
--- a/projects/aca-shared/rules/src/app.rules.ts
+++ b/projects/aca-shared/rules/src/app.rules.ts
@@ -554,7 +554,7 @@ export const canShowLogout = (context: AcaRuleContext): boolean => !context.with
 * @param context Rule execution context
 */
 export const isLibraryManager = (context: RuleContext): boolean =>
-  hasLibrarySelected(context) && context.selection.library?.entry.role === 'SiteManager';
+  hasLibrarySelected(context) && (context.selection.library?.entry.role === 'SiteManager' || isAdmin(context));
 /**
 * Checks if the preview button for search results can be showed