[AAE-4985] - Make SSO Role Service accept a content admin role that is not part of the JWT token (#6942)

* Add ability to check if the user is an ACS_ADMIN - not part of JTW token

* Make get user api call only once

* Add unit tests

* Add documentation

* Fix comments

* Exclude flaky tests, dependent on another test

* Fix unit test

* Fix comments

* Update documentation

lib/core/services/auth-guard-sso-role.service.ts

@@ -19,24 +19,28 @@ import { Injectable } from '@angular/core';
 import { JwtHelperService } from './jwt-helper.service';
 import { ActivatedRouteSnapshot, CanActivate, Router } from '@angular/router';
 import { MatDialog } from '@angular/material/dialog';
+import { ContentGroups, PeopleContentService } from './people-content.service';
 
 @Injectable({
     providedIn: 'root'
 })
 export class AuthGuardSsoRoleService implements CanActivate {
-
-    constructor(private jwtHelperService: JwtHelperService, private router: Router, private dialog: MatDialog) {
+    constructor(private jwtHelperService: JwtHelperService,
+                private router: Router,
+                private dialog: MatDialog,
+                private peopleContentService: PeopleContentService) {
     }
 
-    canActivate(route: ActivatedRouteSnapshot): boolean {
+    async canActivate(route: ActivatedRouteSnapshot): Promise<boolean> {
         let hasRole;
         let hasRealmRole = false;
         let hasClientRole = true;
 
         if (route.data) {
             if (route.data['roles']) {
-                const rolesToCheck = route.data['roles'];
-                hasRealmRole = this.jwtHelperService.hasRealmRoles(rolesToCheck);
+                const rolesToCheck: string[] = route.data['roles'];
+                const isContentAdmin = rolesToCheck.includes(ContentGroups.ALFRESCO_ADMINISTRATORS) ? await this.peopleContentService.isContentAdmin() : false;
+                hasRealmRole = this.jwtHelperService.hasRealmRoles(rolesToCheck) || isContentAdmin;
             }
 
             if (route.data['clientRoles']) {