[ACS-6445] Address #PT20471_7 Missing Access Control (#3627)

2025-07-24 17:31:52 +00:00 · 2024-02-05 14:59:07 +01:00
parent 4393f337c5
commit bcb7e634d9
4 changed files with 45 additions and 8 deletions
--- a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts
+++ b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.spec.ts
@@ -30,7 +30,7 @@ import { AppTestingModule } from '../../../testing/app-testing.module';
 import { NO_ERRORS_SCHEMA } from '@angular/core';
 import { Site, SiteBodyCreate, SitePaging } from '@alfresco/js-api';
 import { Actions } from '@ngrx/effects';
-import { Subject } from 'rxjs';
+import { of, Subject } from 'rxjs';

 describe('LibraryMetadataFormComponent', () => {
  let fixture: ComponentFixture<LibraryMetadataFormComponent>;
@@ -51,7 +51,8 @@ describe('LibraryMetadataFormComponent', () => {
        {
          provide: Store,
          useValue: {
-            dispatch: jasmine.createSpy('dispatch')
+            dispatch: jasmine.createSpy('dispatch'),
+            select: () => of()
          }
        }
      ],
@@ -210,6 +211,18 @@ describe('LibraryMetadataFormComponent', () => {
    expect(store.dispatch).not.toHaveBeenCalledWith(new UpdateLibraryAction(siteEntryModel));
  });

+  it('should update library node when the user is an admin but has consumer rights', () => {
+    component.node.entry.role = Site.RoleEnum.SiteConsumer;
+    component.isAdmin = true;
+
+    fixture.detectChanges();
+    component.toggleEdit();
+
+    component.update();
+
+    expect(store.dispatch).toHaveBeenCalledWith(new UpdateLibraryAction(siteEntryModel));
+  });
+
  it('should not call markAsPristine on form when updating valid form but has not permission to update', () => {
    component.node.entry.role = Site.RoleEnum.SiteConsumer;
    spyOn(component.form, 'markAsPristine');
--- a/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts
+++ b/projects/aca-content/src/lib/components/info-drawer/library-metadata-tab/library-metadata-form.component.ts
@@ -42,7 +42,8 @@ import {
  SnackbarActionTypes,
  SnackbarErrorAction,
  SnackbarInfoAction,
-  UpdateLibraryAction
+  UpdateLibraryAction,
+  isAdmin
 } from '@alfresco/aca-shared/store';
 import { debounceTime, filter, mergeMap, takeUntil } from 'rxjs/operators';
 import { AlfrescoApiService } from '@alfresco/adf-core';
@@ -118,6 +119,7 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro

  matcher = new InstantErrorStateMatcher();
  canUpdateLibrary = false;
+  isAdmin = false;

  onDestroy$: Subject<boolean> = new Subject<boolean>();

@@ -172,7 +174,13 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro
          this.libraryTitleExists = false;
        }
      });
-    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager';
+    this.store
+      .select(isAdmin)
+      .pipe(takeUntil(this.onDestroy$))
+      .subscribe((value) => {
+        this.isAdmin = value;
+      });
+    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager' || this.isAdmin;
    this.handleUpdatingEvent<SnackbarInfoAction>(SnackbarActionTypes.Info, 'LIBRARY.SUCCESS.LIBRARY_UPDATED', () =>
      Object.assign(this.node.entry, this.form.value)
    );
@@ -186,7 +194,7 @@ export class LibraryMetadataFormComponent implements OnInit, OnChanges, OnDestro

  ngOnChanges() {
    this.updateForm(this.node);
-    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager';
+    this.canUpdateLibrary = this.node?.entry?.role === 'SiteManager' || this.isAdmin;
  }

  update() {
--- a/projects/aca-shared/rules/src/app.rules.spec.ts
+++ b/projects/aca-shared/rules/src/app.rules.spec.ts
@@ -556,7 +556,7 @@ describe('app.evaluators', () => {
      expect(app.isLibraryManager(context)).toBe(true);
    });

-    it('should return false when role is different than SiteManager', () => {
+    it('should return false when role is different than SiteManager and user is not an admin', () => {
      const context: any = {
        selection: {
          library: {
@@ -564,11 +564,27 @@ describe('app.evaluators', () => {
              role: 'SiteCollaborator'
            }
          }
-        }
+        },
+        profile: { isAdmin: false }
      };

      expect(app.isLibraryManager(context)).toBe(false);
    });
+
+    it('should return true if user is an admin no matter what the role is', () => {
+      const context: any = {
+        selection: {
+          library: {
+            entry: {
+              role: null
+            }
+          }
+        },
+        profile: { isAdmin: true }
+      };
+
+      expect(app.isLibraryManager(context)).toBe(true);
+    });
  });

  describe('canOpenWithOffice', () => {
--- a/projects/aca-shared/rules/src/app.rules.ts
+++ b/projects/aca-shared/rules/src/app.rules.ts
@@ -554,7 +554,7 @@ export const canShowLogout = (context: AcaRuleContext): boolean => !context.with
 * @param context Rule execution context
 */
 export const isLibraryManager = (context: RuleContext): boolean =>
-  hasLibrarySelected(context) && context.selection.library?.entry.role === 'SiteManager';
+  hasLibrarySelected(context) && (context.selection.library?.entry.role === 'SiteManager' || isAdmin(context));

 /**
 * Checks if the preview button for search results can be showed