Merged dspace-cris-2023_02_x into task/dspace-cris-2023_02_x/DSC-1917

Author: atarix83

src/app/admin/admin-routing.module.ts

@@ -10,6 +10,12 @@ import { AdminEditUserAgreementComponent } from './admin-edit-user-agreement/adm
 import { NOTIFICATIONS_MODULE_PATH, REGISTRIES_MODULE_PATH } from './admin-routing-paths';
 import { EditCmsMetadataComponent } from './edit-cms-metadata/edit-cms-metadata.component';
 import { BatchImportPageComponent } from './admin-import-batch-page/batch-import-page.component';
+import {
+  SiteAdministratorGuard
+} from '../core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
+import {
+  GenericAdministratorGuard
+} from '../core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard';
 
 @NgModule({
   imports: [
@@ -18,59 +24,69 @@ import { BatchImportPageComponent } from './admin-import-batch-page/batch-import
         path: NOTIFICATIONS_MODULE_PATH,
         loadChildren: () => import('./admin-notifications/admin-notifications.module')
           .then((m) => m.AdminNotificationsModule),
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: REGISTRIES_MODULE_PATH,
         loadChildren: () => import('./admin-registries/admin-registries.module')
           .then((m) => m.AdminRegistriesModule),
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'search',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminSearchPageComponent,
-        data: { title: 'admin.search.title', breadcrumbKey: 'admin.search' }
+        data: { title: 'admin.search.title', breadcrumbKey: 'admin.search' },
+        canActivate: [GenericAdministratorGuard]
       },
       {
         path: 'workflow',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminWorkflowPageComponent,
-        data: { title: 'admin.workflow.title', breadcrumbKey: 'admin.workflow' }
+        data: { title: 'admin.workflow.title', breadcrumbKey: 'admin.workflow' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'curation-tasks',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminCurationTasksComponent,
-        data: { title: 'admin.curation-tasks.title', breadcrumbKey: 'admin.curation-tasks' }
+        data: { title: 'admin.curation-tasks.title', breadcrumbKey: 'admin.curation-tasks' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'metadata-import',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: MetadataImportPageComponent,
-        data: { title: 'admin.metadata-import.title', breadcrumbKey: 'admin.metadata-import' }
+        data: { title: 'admin.metadata-import.title', breadcrumbKey: 'admin.metadata-import' },
+        canActivate: [GenericAdministratorGuard]
       },
       {
         path: 'edit-user-agreement',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminEditUserAgreementComponent,
-        data: { title: 'admin.edit-user-agreement.title', breadcrumbKey: 'admin.edit-user-agreement' }
+        data: { title: 'admin.edit-user-agreement.title', breadcrumbKey: 'admin.edit-user-agreement' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'edit-cms-metadata',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: EditCmsMetadataComponent,
-        data: { title: 'admin.edit-cms-metadata.title', breadcrumbKey: 'admin.edit-cms-metadata' }
+        data: { title: 'admin.edit-cms-metadata.title', breadcrumbKey: 'admin.edit-cms-metadata' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'batch-import',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: BatchImportPageComponent,
-        data: { title: 'admin.batch-import.title', breadcrumbKey: 'admin.batch-import' }
+        data: { title: 'admin.batch-import.title', breadcrumbKey: 'admin.batch-import' },
+        canActivate: [GenericAdministratorGuard]
       },
       {
         path: 'system-wide-alert',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         loadChildren: () => import('../system-wide-alert/system-wide-alert.module').then((m) => m.SystemWideAlertModule),
-        data: {title: 'admin.system-wide-alert.title', breadcrumbKey: 'admin.system-wide-alert'}
+        data: {title: 'admin.system-wide-alert.title', breadcrumbKey: 'admin.system-wide-alert'},
+        canActivate: [SiteAdministratorGuard]
       },
     ])
   ],

src/app/admin/edit-cms-metadata/edit-cms-metadata.component.ts

@@ -83,6 +83,9 @@ export class EditCmsMetadataComponent implements OnInit {
           this.notificationsService.error(this.translateService.get('admin.edit-cms-metadata.error'));
         }
         this.siteService.setStale();
+        this.siteService.find().subscribe((site) => {
+          this.site = site;
+        });
       });
   }
 

src/app/app-routing.module.ts

@@ -3,9 +3,8 @@ import { NoPreloading, RouterModule } from '@angular/router';
 import { AuthBlockingGuard } from './core/auth/auth-blocking.guard';
 
 import { AuthenticatedGuard } from './core/auth/authenticated.guard';
-import {
-  SiteAdministratorGuard
-} from './core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
+
+
 import {
   ACCESS_CONTROL_MODULE_PATH,
   ADMIN_MODULE_PATH,
@@ -46,6 +45,11 @@ import { ThemedPageErrorComponent } from './page-error/themed-page-error.compone
 import { ForgotPasswordCheckGuard } from './core/rest-property/forgot-password-check-guard.guard';
 import { SUGGESTION_MODULE_PATH } from './suggestions-page/suggestions-page-routing-paths';
 import { RedirectService } from './redirect/redirect.service';
+import {
+  GenericAdministratorGuard
+} from './core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard';
+
+
 
 @NgModule({
   imports: [
@@ -168,7 +172,7 @@ import { RedirectService } from './redirect/redirect.service';
             path: ADMIN_MODULE_PATH,
             loadChildren: () => import('./admin/admin.module')
               .then((m) => m.AdminModule),
-            canActivate: [SiteAdministratorGuard, EndUserAgreementCurrentUserGuard]
+            canActivate: [GenericAdministratorGuard, EndUserAgreementCurrentUserGuard]
           },
           {
             path: 'login',

src/app/collection-page/edit-item-template-page/edit-item-template-page.component.html

@@ -4,7 +4,10 @@
       <ng-container *ngIf="itemRD?.hasSucceeded">
         <h2 class="border-bottom">{{ 'collection.edit.template.head' | translate:{ collection: dsoNameService.getName(collection) } }}</h2>
         <ds-themed-dso-edit-metadata [updateDataService]="itemTemplateService" [dso]="itemRD?.payload"></ds-themed-dso-edit-metadata>
-        <button [routerLink]="getCollectionEditUrl(collection)" class="btn btn-outline-secondary">{{ 'collection.edit.template.cancel' | translate }}</button>
+        <button [routerLink]="getCollectionEditUrl(collection)" class="btn btn-outline-secondary">
+          <i class="fas fa-arrow-left"></i>
+          {{ 'collection.edit.template.back' | translate }}
+        </button>
       </ng-container>
       <ds-themed-loading *ngIf="itemRD?.isLoading" [message]="'collection.edit.template.loading' | translate"></ds-themed-loading>
       <ds-alert *ngIf="itemRD?.hasFailed" [type]="AlertTypeEnum.Error" [content]="'collection.edit.template.error' | translate"></ds-alert>

src/app/core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard.ts

@@ -0,0 +1,31 @@
+import { Injectable } from '@angular/core';
+import { FeatureID } from '../feature-id';
+import { AuthorizationDataService } from '../authorization-data.service';
+import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
+import { Observable, of as observableOf } from 'rxjs';
+import { AuthService } from '../../../auth/auth.service';
+import { SomeFeatureAuthorizationGuard } from './some-feature-authorization.guard';
+
+/**
+ * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have administrator
+ * rights to the {@link Site}, Community or Collection
+ */
+@Injectable({
+  providedIn: 'root'
+})
+export class GenericAdministratorGuard extends SomeFeatureAuthorizationGuard {
+  constructor(protected authorizationService: AuthorizationDataService, protected router: Router, protected authService: AuthService) {
+    super(authorizationService, router, authService);
+  }
+
+  /**
+   * Check if user have administrator rights to Site, Community or Collection
+   */
+  getFeatureIDs(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<FeatureID[]> {
+    return  observableOf([
+      FeatureID.AdministratorOf,
+      FeatureID.IsCommunityAdmin,
+      FeatureID.IsCollectionAdmin,
+    ]);
+  }
+}

src/app/dso-shared/dso-edit-metadata/dso-edit-metadata-headers/dso-edit-metadata-headers.component.html

@@ -6,7 +6,7 @@
       <div class="ds-flex-cell ds-lang-cell"><b>{{ dsoType + '.edit.metadata.headers.language' | translate }}</b></div>
       <div class="ds-flex-cell ds-authority-cell"><b>{{ dsoType + '.edit.metadata.headers.authority' | translate }}</b></div>
       <div class="ds-flex-cell ds-security-cell"><b>{{'item.edit.metadata.headers.security'| translate}}</b></div>
-      <div class="text-center ds-flex-cell ds-edit-cell"><b>{{ dsoType + '.edit.metadata.headers.edit' | translate }}</b></div>
+      <div class="ds-flex-cell ds-edit-cell"><b>{{ dsoType + '.edit.metadata.headers.edit' | translate }}</b></div>
     </div>
   </div>
 </div>

src/app/item-page/alerts/item-alerts.component.html

@@ -1,4 +1,4 @@
-<div>
+<div class="pb-3">
     <div *ngIf="item && !item.isDiscoverable" class="private-warning">
         <ds-alert [type]="AlertTypeEnum.Warning" [content]="'item.alerts.private' | translate"></ds-alert>
     </div>
@@ -8,7 +8,7 @@
                 <span class="align-self-center">{{'item.alerts.withdrawn' | translate}}</span>
             </div>
         </ds-alert>
-        <p class="text-center">
+        <p class="text-center" *ngIf="!(isAdministrator$ | async)">
           <a routerLink="/home" class="btn btn-primary">{{"410.link.home-page" | translate}}</a>
         </p>
     </div>

src/app/item-page/alerts/item-alerts.component.spec.ts

@@ -4,6 +4,8 @@ import { TranslateModule } from '@ngx-translate/core';
 import { NO_ERRORS_SCHEMA } from '@angular/core';
 import { Item } from '../../core/shared/item.model';
 import { By } from '@angular/platform-browser';
+import {AuthorizationDataService} from '../../core/data/feature-authorization/authorization-data.service';
+import {AuthorizationDataServiceStub} from '../../shared/testing/authorization-service.stub';
 
 describe('ItemAlertsComponent', () => {
   let component: ItemAlertsComponent;
@@ -14,7 +16,10 @@ describe('ItemAlertsComponent', () => {
     TestBed.configureTestingModule({
       declarations: [ItemAlertsComponent],
       imports: [TranslateModule.forRoot()],
-      schemas: [NO_ERRORS_SCHEMA]
+      schemas: [NO_ERRORS_SCHEMA],
+      providers: [
+        { provide: AuthorizationDataService, useClass: AuthorizationDataServiceStub }
+      ]
     })
       .compileComponents();
   }));

src/app/item-page/alerts/item-alerts.component.ts

@@ -1,6 +1,9 @@
-import { Component, Input } from '@angular/core';
+import {Component, Input, OnInit} from '@angular/core';
 import { Item } from '../../core/shared/item.model';
 import { AlertType } from '../../shared/alert/alert-type';
+import {Observable} from 'rxjs';
+import {FeatureID} from '../../core/data/feature-authorization/feature-id';
+import {AuthorizationDataService} from '../../core/data/feature-authorization/authorization-data.service';
 
 @Component({
   selector: 'ds-item-alerts',
@@ -10,7 +13,7 @@ import { AlertType } from '../../shared/alert/alert-type';
 /**
  * Component displaying alerts for an item
  */
-export class ItemAlertsComponent {
+export class ItemAlertsComponent implements OnInit {
   /**
    * The Item to display alerts for
    */
@@ -21,4 +24,13 @@ export class ItemAlertsComponent {
    * @type {AlertType}
    */
   public AlertTypeEnum = AlertType;
+
+  isAdministrator$: Observable<boolean>;
+
+  constructor(private authorizationService: AuthorizationDataService) {
+  }
+
+  ngOnInit() {
+    this.isAdministrator$ = this.authorizationService.isAuthorized(FeatureID.AdministratorOf);
+  }
 }

src/app/menu.resolver.ts

@@ -1,6 +1,6 @@
-import { Injectable } from '@angular/core';
+import { Inject, Injectable, PLATFORM_ID } from '@angular/core';
 import { ActivatedRoute, ActivatedRouteSnapshot, Resolve, RouterStateSnapshot } from '@angular/router';
-import { combineLatest as observableCombineLatest, Observable } from 'rxjs';
+import { combineLatest as observableCombineLatest, Observable, of } from 'rxjs';
 import { MenuID } from './shared/menu/menu-id.model';
 import { MenuState } from './shared/menu/menu-state.model';
 import { MenuItemType } from './shared/menu/menu-item-type.model';
@@ -52,11 +52,12 @@ import { environment } from '../environments/environment';
 import { SectionDataService } from './core/layout/section-data.service';
 import { Section } from './core/layout/models/section.model';
 import { NOTIFICATIONS_RECITER_SUGGESTION_PATH } from './admin/admin-notifications/admin-notifications-routing-paths';
+import { isPlatformBrowser } from '@angular/common';
 import { ConfigurationDataService } from './core/data/configuration-data.service';
 import { ConfigurationProperty } from './core/shared/configuration-property.model';
 
 /**
- * Creates all of the app's menus
+ * Creates all the app's menus
  */
 @Injectable({
   providedIn: 'root'
@@ -66,6 +67,7 @@ export class MenuResolver implements Resolve<boolean> {
   private activatedRouteLastChild: ActivatedRoute;
 
   constructor(
+    @Inject(PLATFORM_ID) public platformId: any,
     protected route: ActivatedRoute,
     protected menuService: MenuService,
     protected authorizationService: AuthorizationDataService,
@@ -80,6 +82,9 @@ export class MenuResolver implements Resolve<boolean> {
    * Initialize all menus
    */
   resolve(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> {
+    if (!isPlatformBrowser(this.platformId)) {
+      return of(true);
+    }
     return observableCombineLatest([
       this.createPublicMenu$(),
       this.createAdminMenu$(),
@@ -318,7 +323,7 @@ export class MenuResolver implements Resolve<boolean> {
           id: 'new_item',
           parentID: 'new',
           active: false,
-          visible: isSiteAdmin,
+          visible: isSiteAdmin || isCommunityAdmin || isCollectionAdmin,
           model: {
             type: MenuItemType.ONCLICK,
             text: 'menu.section.new_item',
@@ -451,12 +456,24 @@ export class MenuResolver implements Resolve<boolean> {
         //   icon: 'cogs',
         //   index: 9
         // },
-
+        /*  Admin Search */
+        {
+          id: 'admin_search',
+          active: false,
+          visible: isSiteAdmin || isCollectionAdmin || isCommunityAdmin,
+          model: {
+            type: MenuItemType.LINK,
+            text: 'menu.section.admin_search',
+            link: '/admin/search'
+          } as LinkMenuItemModel,
+          index: 5,
+          icon: 'search',
+        },
         /* Processes */
         {
           id: 'processes',
           active: false,
-          visible: isSiteAdmin,
+          visible: isSiteAdmin || isCommunityAdmin || isCollectionAdmin,
           model: {
             type: MenuItemType.LINK,
             text: 'menu.section.processes',
@@ -532,8 +549,14 @@ export class MenuResolver implements Resolve<boolean> {
     ];
     menuList.forEach((menuSection) => this.menuService.addSection(MenuID.ADMIN, menuSection));
 
-    this.authorizationService.isAuthorized(FeatureID.AdministratorOf).pipe(
-      filter((authorized: boolean) => authorized),
+    observableCombineLatest([
+      this.authorizationService.isAuthorized(FeatureID.AdministratorOf),
+      this.authorizationService.isAuthorized(FeatureID.IsCommunityAdmin),
+      this.authorizationService.isAuthorized(FeatureID.IsCollectionAdmin),
+    ]).pipe(
+      filter(([isAdmin, isCommunityAdmin, isCollectionAdmin]) =>
+        isAdmin || isCollectionAdmin || isCommunityAdmin
+      ),
       take(1),
       switchMap(() => this.scriptDataService.scriptWithNameExistsAndCanExecute(METADATA_EXPORT_SCRIPT_NAME)),
       filter((metadataExportScriptExists: boolean) => metadataExportScriptExists),
@@ -659,8 +682,14 @@ export class MenuResolver implements Resolve<boolean> {
     const menuList = [];
     menuList.forEach((menuSection) => this.menuService.addSection(MenuID.ADMIN, menuSection));
 
-    this.authorizationService.isAuthorized(FeatureID.AdministratorOf).pipe(
-      filter((authorized: boolean) => authorized),
+    observableCombineLatest([
+      this.authorizationService.isAuthorized(FeatureID.AdministratorOf),
+      this.authorizationService.isAuthorized(FeatureID.IsCommunityAdmin),
+      this.authorizationService.isAuthorized(FeatureID.IsCollectionAdmin),
+    ]).pipe(
+      filter(([isAdmin, isCommunityAdmin, isCollectionAdmin]) =>
+        isAdmin || isCollectionAdmin || isCommunityAdmin
+      ),
       take(1),
       switchMap(() => this.scriptDataService.scriptWithNameExistsAndCanExecute(METADATA_IMPORT_SCRIPT_NAME)),
       filter((metadataImportScriptExists: boolean) => metadataImportScriptExists),
@@ -761,19 +790,6 @@ export class MenuResolver implements Resolve<boolean> {
             link: '/admin/notifications/' + NOTIFICATIONS_RECITER_SUGGESTION_PATH
           } as LinkMenuItemModel,
         },
-        /*  Admin Search */
-        {
-          id: 'admin_search',
-          active: false,
-          visible: authorized,
-          model: {
-            type: MenuItemType.LINK,
-            text: 'menu.section.admin_search',
-            link: '/admin/search'
-          } as LinkMenuItemModel,
-          icon: 'search',
-          index: 5
-        },
         /*  Registries */
         {
           id: 'registries',