[AAE-9382] SSOGuard - Call the acs user only in case of ECM (#7696)

* Call the acs user only * Fix and add unit test
2025-09-24 14:31:41 +00:00 · 2022-07-01 14:20:40 +01:00
parent 478943eed5
commit ae2c156c0e
4 changed files with 125 additions and 19 deletions
--- a/lib/core/services/auth-guard-sso-role.service.spec.ts
+++ b/lib/core/services/auth-guard-sso-role.service.spec.ts
@@ -23,16 +23,15 @@ import { AuthGuardSsoRoleService } from './auth-guard-sso-role.service';
 import { JwtHelperService } from './jwt-helper.service';
 import { MatDialog } from '@angular/material/dialog';
 import { TranslateModule } from '@ngx-translate/core';
-import { PeopleContentService } from './people-content.service';
 import { UserAccessService } from './user-access.service';
-import { of } from 'rxjs';
+import { UserContentAccessService } from './user-content-access.service';

 describe('Auth Guard SSO role service', () => {

    let authGuard: AuthGuardSsoRoleService;
    let jwtHelperService: JwtHelperService;
    let routerService: Router;
-    let peopleContentService: PeopleContentService;
+    let userContentAccessService: UserContentAccessService;
    let userAccessService: UserAccessService;

    setupTestBed({
@@ -47,7 +46,7 @@ describe('Auth Guard SSO role service', () => {
        authGuard = TestBed.inject(AuthGuardSsoRoleService);
        jwtHelperService = TestBed.inject(JwtHelperService);
        routerService = TestBed.inject(Router);
-        peopleContentService = TestBed.inject(PeopleContentService);
+        userContentAccessService = TestBed.inject(UserContentAccessService);
        userAccessService = TestBed.inject(UserAccessService);
        userAccessService.resetAccess();
    });
@@ -126,7 +125,7 @@ describe('Auth Guard SSO role service', () => {

    it('Should canActivate be false hasRealm is true and hasClientRole is false', async () => {
        const route: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
-        spyUserAccess([], {});
+        spyUserAccess([''], {});

        route.params = { appName: 'mockApp' };
        route.data = { clientRoles: ['appName'], roles: ['MOCK_USER_ROLE', 'MOCK_ADMIN_ROLE'] };
@@ -182,8 +181,7 @@ describe('Auth Guard SSO role service', () => {
    describe('Content Admin', () => {

        it('Should give access to a content section (ALFRESCO_ADMINISTRATORS) when the user has content admin capability', async () => {
-            spyOn(peopleContentService, 'getCurrentUserInfo').and.returnValue(of({}));
-            spyOn(peopleContentService, 'isCurrentUserAdmin').and.returnValue(true);
+            spyOn(userContentAccessService, 'isCurrentUserAdmin').and.returnValue(true);

            spyUserAccess([], {});

@@ -194,8 +192,7 @@ describe('Auth Guard SSO role service', () => {
        });

        it('Should not give access to a content section (ALFRESCO_ADMINISTRATORS) when the user does not have content admin capability', async () => {
-            spyOn(peopleContentService, 'getCurrentUserInfo').and.returnValue(of({}));
-            spyOn(peopleContentService, 'isCurrentUserAdmin').and.returnValue(false);
+            spyOn(userContentAccessService, 'isCurrentUserAdmin').and.returnValue(false);

            spyUserAccess([], {});

@@ -206,7 +203,7 @@ describe('Auth Guard SSO role service', () => {
        });

        it('Should not call the service to check if the user has content admin capability when the roles do not contain ALFRESCO_ADMINISTRATORS', async () => {
-            const isCurrentAdminSpy = spyOn(peopleContentService, 'isCurrentUserAdmin').and.stub();
+            const isCurrentAdminSpy = spyOn(userContentAccessService, 'isCurrentUserAdmin').and.stub();
            spyUserAccess([], {});

            const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
@@ -238,8 +235,7 @@ describe('Auth Guard SSO role service', () => {
        });

        it('Should canActivate be true when the user has none of the excluded role and is not a content admin', async () => {
-            spyOn(peopleContentService, 'getCurrentUserInfo').and.returnValue(of({}));
-            spyOn(peopleContentService, 'isCurrentUserAdmin').and.returnValue(false);
+            spyOn(userContentAccessService, 'isCurrentUserAdmin').and.returnValue(false);
            spyUserAccess(['MOCK_USER_ROLE'], {});

            const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
@@ -249,15 +245,13 @@ describe('Auth Guard SSO role service', () => {
        });

        it('Should canActivate be false if the user is a content admin but has one of the excluded roles', async () => {
-            const isCurrentAdminSpy = spyOn(peopleContentService, 'getCurrentUserInfo').and.returnValue(of({}));
-            spyOn(peopleContentService, 'isCurrentUserAdmin').and.returnValue(true);
+            spyOn(userContentAccessService, 'isCurrentUserAdmin').and.returnValue(true);
            spyUserAccess(['MOCK_USER_ROLE'], {});

            const router: ActivatedRouteSnapshot = new ActivatedRouteSnapshot();
            router.data = { roles: ['ALFRESCO_ADMINISTRATORS'], excludedRoles: ['MOCK_USER_ROLE'] };

            expect(await authGuard.canActivate(router)).toBe(false);
-            expect(isCurrentAdminSpy).toHaveBeenCalled();
        });
    });
 });