Add Check for Orgaadmin

OpenSlides · Nov 21, 2024 · 50584ed · 50584ed
1 parent 4e97137
commit 50584ed
Show file tree

Hide file tree

Showing 10 changed files with 37 additions and 27 deletions.
diff --git a/...c/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts b/...c/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts
@@ -5,7 +5,6 @@ import { ActivatedRoute } from '@angular/router';
 import { TranslateService } from '@ngx-translate/core';
 import { Observable, Subject } from 'rxjs';
 import { Collection, Fqid, Id } from 'src/app/domain/definitions/key-types';
-import { OML } from 'src/app/domain/definitions/organization-permission';
 import { Selectable } from 'src/app/domain/interfaces';
 import { BaseModel } from 'src/app/domain/models/base/base-model';
 import { HistoryPosition, HistoryPresenterService } from 'src/app/gateways/presenter/history-presenter.service';
@@ -94,10 +93,6 @@ export class HistoryListComponent extends BaseMeetingComponent implements OnInit
         }
     }
 
-    public get isSuperadmin(): boolean {
-        return this.operator.hasOrganizationPermissions(OML.superadmin);
-    }
-
     public constructor(
         protected override translate: TranslateService,
         private viewModelStore: ViewModelStoreService,

diff --git a/.../meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts b/.../meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
@@ -294,6 +294,6 @@ export class GroupListComponent extends BaseMeetingComponent implements OnInit,
      * Function to allow to edit the external_id
      */
     public get allowExternalId(): boolean {
-        return this.operator.isMeetingAdmin || this.operator.isSuperAdmin;
+        return this.operator.isMeetingAdmin || this.operator.isSuperAdmin || this.operator.isOrgaManager;
     }
 }
diff --git a/...es/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts b/...es/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
@@ -109,7 +109,7 @@ export class AccountAddToMeetingsComponent extends BaseUiComponent implements On
                 .getViewModelListObservable()
                 .pipe(
                     map(meetings =>
-                        this.operator.isSuperAdmin
+                        this.operator.isSuperAdmin || this.operator.isOrgaManager
                             ? meetings.filter(meeting => !meeting.locked_from_inside)
                             : meetings.filter(
                                   meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside

diff --git a/...pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts b/...pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts
@@ -50,7 +50,10 @@ export class AccountDetailComponent extends BaseComponent implements OnInit {
     }
 
     public get orgaManagementLevelChangeDisabled(): boolean {
-        return this.user?.id === this.operator.operatorId && this.operator.isSuperAdmin;
+        return (
+            this.user?.id === this.operator.operatorId &&
+            (this.operator.isSuperAdmin || this.operator.isOrgaManager || this.operator.isAccountAdmin)
+        );
     }
 
     @ViewChild(UserDetailViewComponent, { static: false })

diff --git a/...ation/pages/accounts/pages/account-list/components/account-list/account-list.component.ts b/...ation/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
@@ -113,9 +113,10 @@ export class AccountListComponent extends BaseListViewComponent<ViewUser> {
         const meetings = this.meetingRepo.getViewModelList();
         const result = await this.choiceService.open<ViewMeeting>({
             title,
-            choices: this.operator.isSuperAdmin
-                ? meetings.filter(meeting => !meeting.locked_from_inside)
-                : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
+            choices:
+                this.operator.isSuperAdmin || this.operator.isOrgaManager
+                    ? meetings.filter(meeting => !meeting.locked_from_inside)
+                    : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
             multiSelect: true,
             actions,
             content: this.translate.instant(

diff --git a/...detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts b/...detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
@@ -277,7 +277,11 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private onAfterCreateForm(): void {
         this.enableFormControls();
-        if (!this.operator.isSuperAdmin && !this.isMeetingAdmin && !this.isCreateView) {
+        if (
+            !(this.operator.isSuperAdmin || this.operator.isOrgaManager) &&
+            !this.isMeetingAdmin &&
+            !this.isCreateView
+        ) {
             Object.keys(this.meetingForm.controls).forEach(controlName => {
                 if (!ORGA_ADMIN_ALLOWED_CONTROLNAMES.includes(controlName)) {
                     this.meetingForm.get(controlName)!.disable();
@@ -347,7 +351,9 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private async doUpdateMeeting(): Promise<void> {
         const options =
-            this.operator.isSuperAdmin && !this.isMeetingAdmin && this.editMeeting?.locked_from_inside
+            (this.operator.isSuperAdmin || this.operator.isOrgaManager) &&
+            !this.isMeetingAdmin &&
+            this.editMeeting?.locked_from_inside
                 ? {}
                 : this.getUsersToUpdateForMeetingObject();
         await this.meetingRepo.update(this.sanitizePayload(this.getPayload()), {

diff --git a/...zation/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts b/...zation/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
@@ -86,6 +86,7 @@ export class DashboardComponent extends BaseComponent {
                     meeting =>
                         this.operator.isInMeeting(meeting.id) ||
                         this.operator.isSuperAdmin ||
+                        this.operator.isOrgaManager ||
                         (meeting.publicAccessPossible() && this.operator.isAnonymous)
                 );
                 const currentDate = new Date();

diff --git a/...a-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts b/...a-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
@@ -81,7 +81,7 @@ export class MeetingListFilterService extends BaseFilterListService<ViewMeeting>
     }
 
     protected override preFilter(rawInputData: ViewMeeting[]): ViewMeeting[] {
-        return this.operator.isSuperAdmin
+        return this.operator.isSuperAdmin || this.operator.isOrgaManager
             ? rawInputData
             : rawInputData.filter(meeting => this.operator.isInMeeting(meeting.id));
     }

diff --git a/client/src/app/site/services/auth-check.service.ts b/client/src/app/site/services/auth-check.service.ts
@@ -103,7 +103,11 @@ export class AuthCheckService {
         await this.fetchMeetingIfNotExists(+meetingIdString);
 
         await this.operator.ready;
-        return this.operator.isInMeeting(Number(meetingIdString)) || this.operator.isSuperAdmin;
+        return (
+            this.operator.isInMeeting(Number(meetingIdString)) ||
+            this.operator.isSuperAdmin ||
+            this.operator.isOrgaManager
+        );
     }
 
     private async fetchMeetingIfNotExists(meetingId: Id): Promise<void> {

diff --git a/client/src/app/site/services/operator.service.ts b/client/src/app/site/services/operator.service.ts
@@ -588,7 +588,7 @@ export class OperatorService {
             // console.warn(`has perms: Usage outside of meeting!`);
             return false;
         }
-        if (this.isSuperAdmin && !this.activeMeeting.locked_from_inside) {
+        if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) {
             return true;
         }
 
@@ -612,7 +612,7 @@ export class OperatorService {
             // console.warn(`has perms: Operator is not ready!`);
             return false;
         }
-        if (this.isSuperAdmin && !this.activeMeeting.locked_from_inside) {
+        if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) {
             return true;
         }
         const groups = this.user.groups(meetingId);
@@ -669,8 +669,8 @@ export class OperatorService {
     }
 
     public hasCommitteePermissionsNonAdminCheck(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
-        // A superadmin can still do everything
-        if (this.isSuperAdmin) {
+        // A superadmin and orgaadmin can do everything
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         // A user can have a CML for any committee but they could be not present in some of them.
@@ -694,7 +694,7 @@ export class OperatorService {
      * @returns `true`, if the current operator is included in at least one of the given committees.
      */
     public isInCommittees(...committees: Committee[]): boolean {
-        if (this.isSuperAdmin) {
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         return this.isInCommitteesNonAdminCheck(...committees);
@@ -714,7 +714,7 @@ export class OperatorService {
 
     /**
      * This function checks if the operator is in one of the given groups. It is also a permission check.
-     * That means, if the operator is an admin or a superadmin, this function will return `true`, too.
+     * That means, if the operator is an admin a superadmin or an orgaadmin, this function will return `true`, too.
      *
      * TODO: what if no active meeting??
      *
@@ -728,19 +728,19 @@ export class OperatorService {
 
     /**
      * This checks if an operator is in at least one of the given groups. It is also a permission check.
-     * That means, if the operator is an admin or a superadmin, this function returns `true`, too.
+     * That means, if the operator is an admin, a superadmin or an orgaadmin, this function returns `true`, too.
      *
      * TODO: what if no active meeting??
      *
      * @param groups The group ids to check
      *
-     * @returns `true`, if the operator is in at least one group or they are an admin or a superadmin.
+     * @returns `true`, if the operator is in at least one group or they are an admin. a superadmin or a orgaadmin.
      */
     public isInGroupIds(...groupIds: Id[]): boolean {
         if (!this._groupIds) {
             return false;
         }
-        if (this.isSuperAdmin) {
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         if (!this.isInGroupIdsNonAdminCheck(...groupIds)) {
@@ -751,7 +751,7 @@ export class OperatorService {
     }
 
     public isInMeetingIds(...meetingIds: Id[]): boolean {
-        if (this.isSuperAdmin) {
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         if (!this._meetingIds) {
@@ -762,8 +762,8 @@ export class OperatorService {
 
     /**
      * Function to clear check if an operator is in at least of the given groups.
-     * This check is not a check for permissions and does neither include a check for an admin
-     * nor include a check for a superadmin.
+     * This check is not a check for permissions and does
+     * neither include a check for an admin, a superadmin, nor an orgaadmin
      *
      * @param groups The group ids to check
      *