Merged in task/dspace-cris-2023_02_x/DSC-1904 (pull request DSpace#2229)

Task/dspace cris 2023 02 x/DSC-1904

Approved-by: Vincenzo Mecca

Author: FrancescoMolinaro

src/app/admin/admin-routing.module.ts

@@ -10,6 +10,12 @@ import { AdminEditUserAgreementComponent } from './admin-edit-user-agreement/adm
 import { NOTIFICATIONS_MODULE_PATH, REGISTRIES_MODULE_PATH } from './admin-routing-paths';
 import { EditCmsMetadataComponent } from './edit-cms-metadata/edit-cms-metadata.component';
 import { BatchImportPageComponent } from './admin-import-batch-page/batch-import-page.component';
+import {
+  SiteAdministratorGuard
+} from '../core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
+import {
+  GenericAdministratorGuard
+} from '../core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard';
 
 @NgModule({
   imports: [
@@ -18,59 +24,69 @@ import { BatchImportPageComponent } from './admin-import-batch-page/batch-import
         path: NOTIFICATIONS_MODULE_PATH,
         loadChildren: () => import('./admin-notifications/admin-notifications.module')
           .then((m) => m.AdminNotificationsModule),
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: REGISTRIES_MODULE_PATH,
         loadChildren: () => import('./admin-registries/admin-registries.module')
           .then((m) => m.AdminRegistriesModule),
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'search',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminSearchPageComponent,
-        data: { title: 'admin.search.title', breadcrumbKey: 'admin.search' }
+        data: { title: 'admin.search.title', breadcrumbKey: 'admin.search' },
+        canActivate: [GenericAdministratorGuard]
       },
       {
         path: 'workflow',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminWorkflowPageComponent,
-        data: { title: 'admin.workflow.title', breadcrumbKey: 'admin.workflow' }
+        data: { title: 'admin.workflow.title', breadcrumbKey: 'admin.workflow' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'curation-tasks',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminCurationTasksComponent,
-        data: { title: 'admin.curation-tasks.title', breadcrumbKey: 'admin.curation-tasks' }
+        data: { title: 'admin.curation-tasks.title', breadcrumbKey: 'admin.curation-tasks' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'metadata-import',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: MetadataImportPageComponent,
-        data: { title: 'admin.metadata-import.title', breadcrumbKey: 'admin.metadata-import' }
+        data: { title: 'admin.metadata-import.title', breadcrumbKey: 'admin.metadata-import' },
+        canActivate: [GenericAdministratorGuard]
       },
       {
         path: 'edit-user-agreement',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: AdminEditUserAgreementComponent,
-        data: { title: 'admin.edit-user-agreement.title', breadcrumbKey: 'admin.edit-user-agreement' }
+        data: { title: 'admin.edit-user-agreement.title', breadcrumbKey: 'admin.edit-user-agreement' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'edit-cms-metadata',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: EditCmsMetadataComponent,
-        data: { title: 'admin.edit-cms-metadata.title', breadcrumbKey: 'admin.edit-cms-metadata' }
+        data: { title: 'admin.edit-cms-metadata.title', breadcrumbKey: 'admin.edit-cms-metadata' },
+        canActivate: [SiteAdministratorGuard]
       },
       {
         path: 'batch-import',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         component: BatchImportPageComponent,
-        data: { title: 'admin.batch-import.title', breadcrumbKey: 'admin.batch-import' }
+        data: { title: 'admin.batch-import.title', breadcrumbKey: 'admin.batch-import' },
+        canActivate: [GenericAdministratorGuard]
       },
       {
         path: 'system-wide-alert',
         resolve: { breadcrumb: I18nBreadcrumbResolver },
         loadChildren: () => import('../system-wide-alert/system-wide-alert.module').then((m) => m.SystemWideAlertModule),
-        data: {title: 'admin.system-wide-alert.title', breadcrumbKey: 'admin.system-wide-alert'}
+        data: {title: 'admin.system-wide-alert.title', breadcrumbKey: 'admin.system-wide-alert'},
+        canActivate: [SiteAdministratorGuard]
       },
     ])
   ],

src/app/app-routing.module.ts

@@ -3,9 +3,8 @@ import { NoPreloading, RouterModule } from '@angular/router';
 import { AuthBlockingGuard } from './core/auth/auth-blocking.guard';
 
 import { AuthenticatedGuard } from './core/auth/authenticated.guard';
-import {
-  SiteAdministratorGuard
-} from './core/data/feature-authorization/feature-authorization-guard/site-administrator.guard';
+
+
 import {
   ACCESS_CONTROL_MODULE_PATH,
   ADMIN_MODULE_PATH,
@@ -46,6 +45,11 @@ import { ThemedPageErrorComponent } from './page-error/themed-page-error.compone
 import { ForgotPasswordCheckGuard } from './core/rest-property/forgot-password-check-guard.guard';
 import { SUGGESTION_MODULE_PATH } from './suggestions-page/suggestions-page-routing-paths';
 import { RedirectService } from './redirect/redirect.service';
+import {
+  GenericAdministratorGuard
+} from './core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard';
+
+
 
 @NgModule({
   imports: [
@@ -168,7 +172,7 @@ import { RedirectService } from './redirect/redirect.service';
             path: ADMIN_MODULE_PATH,
             loadChildren: () => import('./admin/admin.module')
               .then((m) => m.AdminModule),
-            canActivate: [SiteAdministratorGuard, EndUserAgreementCurrentUserGuard]
+            canActivate: [GenericAdministratorGuard, EndUserAgreementCurrentUserGuard]
           },
           {
             path: 'login',

src/app/core/data/feature-authorization/feature-authorization-guard/generic-administrator-guard.ts

@@ -0,0 +1,31 @@
+import { Injectable } from '@angular/core';
+import { FeatureID } from '../feature-id';
+import { AuthorizationDataService } from '../authorization-data.service';
+import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from '@angular/router';
+import { Observable, of as observableOf } from 'rxjs';
+import { AuthService } from '../../../auth/auth.service';
+import { SomeFeatureAuthorizationGuard } from './some-feature-authorization.guard';
+
+/**
+ * Prevent unauthorized activating and loading of routes when the current authenticated user doesn't have administrator
+ * rights to the {@link Site}, Community or Collection
+ */
+@Injectable({
+  providedIn: 'root'
+})
+export class GenericAdministratorGuard extends SomeFeatureAuthorizationGuard {
+  constructor(protected authorizationService: AuthorizationDataService, protected router: Router, protected authService: AuthService) {
+    super(authorizationService, router, authService);
+  }
+
+  /**
+   * Check if user have administrator rights to Site, Community or Collection
+   */
+  getFeatureIDs(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<FeatureID[]> {
+    return  observableOf([
+      FeatureID.AdministratorOf,
+      FeatureID.IsCommunityAdmin,
+      FeatureID.IsCollectionAdmin,
+    ]);
+  }
+}

src/app/menu.resolver.ts

@@ -1,6 +1,6 @@
 import { Injectable } from '@angular/core';
 import { ActivatedRoute, ActivatedRouteSnapshot, Resolve, RouterStateSnapshot } from '@angular/router';
-import { combineLatest as observableCombineLatest, Observable } from 'rxjs';
+import { combineLatest, combineLatest as observableCombineLatest, Observable } from 'rxjs';
 import { MenuID } from './shared/menu/menu-id.model';
 import { MenuState } from './shared/menu/menu-state.model';
 import { MenuItemType } from './shared/menu/menu-item-type.model';
@@ -451,7 +451,19 @@ export class MenuResolver implements Resolve<boolean> {
         //   icon: 'cogs',
         //   index: 9
         // },
-
+        /*  Admin Search */
+        {
+          id: 'admin_search',
+          active: false,
+          visible: isSiteAdmin || isCollectionAdmin || isCommunityAdmin,
+          model: {
+            type: MenuItemType.LINK,
+            text: 'menu.section.admin_search',
+            link: '/admin/search'
+          } as LinkMenuItemModel,
+          index: 5,
+          icon: 'search',
+        },
         /* Processes */
         {
           id: 'processes',
@@ -532,8 +544,14 @@ export class MenuResolver implements Resolve<boolean> {
     ];
     menuList.forEach((menuSection) => this.menuService.addSection(MenuID.ADMIN, menuSection));
 
-    this.authorizationService.isAuthorized(FeatureID.AdministratorOf).pipe(
-      filter((authorized: boolean) => authorized),
+    combineLatest([
+      this.authorizationService.isAuthorized(FeatureID.AdministratorOf),
+      this.authorizationService.isAuthorized(FeatureID.IsCommunityAdmin),
+      this.authorizationService.isAuthorized(FeatureID.IsCollectionAdmin),
+    ]).pipe(
+      filter(([isAdmin, isCommunityAdmin, isCollectionAdmin]) =>
+        isAdmin || isCollectionAdmin || isCommunityAdmin
+      ),
       take(1),
       switchMap(() => this.scriptDataService.scriptWithNameExistsAndCanExecute(METADATA_EXPORT_SCRIPT_NAME)),
       filter((metadataExportScriptExists: boolean) => metadataExportScriptExists),
@@ -659,8 +677,14 @@ export class MenuResolver implements Resolve<boolean> {
     const menuList = [];
     menuList.forEach((menuSection) => this.menuService.addSection(MenuID.ADMIN, menuSection));
 
-    this.authorizationService.isAuthorized(FeatureID.AdministratorOf).pipe(
-      filter((authorized: boolean) => authorized),
+    combineLatest([
+      this.authorizationService.isAuthorized(FeatureID.AdministratorOf),
+      this.authorizationService.isAuthorized(FeatureID.IsCommunityAdmin),
+      this.authorizationService.isAuthorized(FeatureID.IsCollectionAdmin),
+    ]).pipe(
+      filter(([isAdmin, isCommunityAdmin, isCollectionAdmin]) =>
+        isAdmin || isCollectionAdmin || isCommunityAdmin
+      ),
       take(1),
       switchMap(() => this.scriptDataService.scriptWithNameExistsAndCanExecute(METADATA_IMPORT_SCRIPT_NAME)),
       filter((metadataImportScriptExists: boolean) => metadataImportScriptExists),
@@ -761,19 +785,6 @@ export class MenuResolver implements Resolve<boolean> {
             link: '/admin/notifications/' + NOTIFICATIONS_RECITER_SUGGESTION_PATH
           } as LinkMenuItemModel,
         },
-        /*  Admin Search */
-        {
-          id: 'admin_search',
-          active: false,
-          visible: authorized,
-          model: {
-            type: MenuItemType.LINK,
-            text: 'menu.section.admin_search',
-            link: '/admin/search'
-          } as LinkMenuItemModel,
-          icon: 'search',
-          index: 5
-        },
         /*  Registries */
         {
           id: 'registries',

src/app/shared/upload/file-dropzone-no-uploader/file-dropzone-no-uploader.scss

@@ -6,10 +6,12 @@
   top: 0;
   left: 0;
   z-index: -1;
+  pointer-events: none;
 }
 
 .ds-document-drop-zone-active {
   z-index: var(--ds-drop-zone-area-z-index) !important;
+  pointer-events: unset;
 }
 
 .ds-document-drop-zone-inner {