From 50584edba3cf6223f74735428ce61b270523e38a Mon Sep 17 00:00:00 2001 From: Elblinator Date: Thu, 21 Nov 2024 17:20:29 +0100 Subject: [PATCH] Add Check for Orgaadmin --- .../history-list/history-list.component.ts | 5 ---- .../group-list/group-list.component.ts | 2 +- .../account-add-to-meetings.component.ts | 2 +- .../account-detail.component.ts | 5 +++- .../account-list/account-list.component.ts | 7 +++--- .../meeting-edit/meeting-edit.component.ts | 10 ++++++-- .../dashboard/dashboard.component.ts | 1 + .../meeting-list-filter.service.ts | 2 +- .../app/site/services/auth-check.service.ts | 6 ++++- .../src/app/site/services/operator.service.ts | 24 +++++++++---------- 10 files changed, 37 insertions(+), 27 deletions(-) diff --git a/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts b/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts index b7fd879c78..0a23f9cf8e 100644 --- a/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts +++ b/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts @@ -5,7 +5,6 @@ import { ActivatedRoute } from '@angular/router'; import { TranslateService } from '@ngx-translate/core'; import { Observable, Subject } from 'rxjs'; import { Collection, Fqid, Id } from 'src/app/domain/definitions/key-types'; -import { OML } from 'src/app/domain/definitions/organization-permission'; import { Selectable } from 'src/app/domain/interfaces'; import { BaseModel } from 'src/app/domain/models/base/base-model'; import { HistoryPosition, HistoryPresenterService } from 'src/app/gateways/presenter/history-presenter.service'; @@ -94,10 +93,6 @@ export class HistoryListComponent extends BaseMeetingComponent implements OnInit } } - public get isSuperadmin(): boolean { - return this.operator.hasOrganizationPermissions(OML.superadmin); - } - public constructor( protected override translate: TranslateService, private viewModelStore: ViewModelStoreService, diff --git a/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts b/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts index a3dc30e7a1..1f272eec2a 100644 --- a/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts +++ b/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts @@ -294,6 +294,6 @@ export class GroupListComponent extends BaseMeetingComponent implements OnInit, * Function to allow to edit the external_id */ public get allowExternalId(): boolean { - return this.operator.isMeetingAdmin || this.operator.isSuperAdmin; + return this.operator.isMeetingAdmin || this.operator.isSuperAdmin || this.operator.isOrgaManager; } } diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts index 09c19168e1..8aef0d4437 100644 --- a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts +++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts @@ -109,7 +109,7 @@ export class AccountAddToMeetingsComponent extends BaseUiComponent implements On .getViewModelListObservable() .pipe( map(meetings => - this.operator.isSuperAdmin + this.operator.isSuperAdmin || this.operator.isOrgaManager ? meetings.filter(meeting => !meeting.locked_from_inside) : meetings.filter( meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts index 214053e07f..9a6b3ed387 100644 --- a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts +++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts @@ -50,7 +50,10 @@ export class AccountDetailComponent extends BaseComponent implements OnInit { } public get orgaManagementLevelChangeDisabled(): boolean { - return this.user?.id === this.operator.operatorId && this.operator.isSuperAdmin; + return ( + this.user?.id === this.operator.operatorId && + (this.operator.isSuperAdmin || this.operator.isOrgaManager || this.operator.isAccountAdmin) + ); } @ViewChild(UserDetailViewComponent, { static: false }) diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts index 214eec4379..85ab9b60d0 100644 --- a/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts +++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts @@ -113,9 +113,10 @@ export class AccountListComponent extends BaseListViewComponent { const meetings = this.meetingRepo.getViewModelList(); const result = await this.choiceService.open({ title, - choices: this.operator.isSuperAdmin - ? meetings.filter(meeting => !meeting.locked_from_inside) - : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside), + choices: + this.operator.isSuperAdmin || this.operator.isOrgaManager + ? meetings.filter(meeting => !meeting.locked_from_inside) + : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside), multiSelect: true, actions, content: this.translate.instant( diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts index 8b3aba6e45..8f5afa22aa 100644 --- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts +++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts @@ -277,7 +277,11 @@ export class MeetingEditComponent extends BaseComponent implements OnInit { private onAfterCreateForm(): void { this.enableFormControls(); - if (!this.operator.isSuperAdmin && !this.isMeetingAdmin && !this.isCreateView) { + if ( + !(this.operator.isSuperAdmin || this.operator.isOrgaManager) && + !this.isMeetingAdmin && + !this.isCreateView + ) { Object.keys(this.meetingForm.controls).forEach(controlName => { if (!ORGA_ADMIN_ALLOWED_CONTROLNAMES.includes(controlName)) { this.meetingForm.get(controlName)!.disable(); @@ -347,7 +351,9 @@ export class MeetingEditComponent extends BaseComponent implements OnInit { private async doUpdateMeeting(): Promise { const options = - this.operator.isSuperAdmin && !this.isMeetingAdmin && this.editMeeting?.locked_from_inside + (this.operator.isSuperAdmin || this.operator.isOrgaManager) && + !this.isMeetingAdmin && + this.editMeeting?.locked_from_inside ? {} : this.getUsersToUpdateForMeetingObject(); await this.meetingRepo.update(this.sanitizePayload(this.getPayload()), { diff --git a/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts b/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts index 73fac9dcf4..bb1e3ede48 100644 --- a/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts +++ b/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts @@ -86,6 +86,7 @@ export class DashboardComponent extends BaseComponent { meeting => this.operator.isInMeeting(meeting.id) || this.operator.isSuperAdmin || + this.operator.isOrgaManager || (meeting.publicAccessPossible() && this.operator.isAnonymous) ); const currentDate = new Date(); diff --git a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts index 6b7de10b94..c4b09c5ac7 100644 --- a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts +++ b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts @@ -81,7 +81,7 @@ export class MeetingListFilterService extends BaseFilterListService } protected override preFilter(rawInputData: ViewMeeting[]): ViewMeeting[] { - return this.operator.isSuperAdmin + return this.operator.isSuperAdmin || this.operator.isOrgaManager ? rawInputData : rawInputData.filter(meeting => this.operator.isInMeeting(meeting.id)); } diff --git a/client/src/app/site/services/auth-check.service.ts b/client/src/app/site/services/auth-check.service.ts index 8514bd9ff6..ed66515c9f 100644 --- a/client/src/app/site/services/auth-check.service.ts +++ b/client/src/app/site/services/auth-check.service.ts @@ -103,7 +103,11 @@ export class AuthCheckService { await this.fetchMeetingIfNotExists(+meetingIdString); await this.operator.ready; - return this.operator.isInMeeting(Number(meetingIdString)) || this.operator.isSuperAdmin; + return ( + this.operator.isInMeeting(Number(meetingIdString)) || + this.operator.isSuperAdmin || + this.operator.isOrgaManager + ); } private async fetchMeetingIfNotExists(meetingId: Id): Promise { diff --git a/client/src/app/site/services/operator.service.ts b/client/src/app/site/services/operator.service.ts index 63b3eab782..db8162f0e1 100644 --- a/client/src/app/site/services/operator.service.ts +++ b/client/src/app/site/services/operator.service.ts @@ -588,7 +588,7 @@ export class OperatorService { // console.warn(`has perms: Usage outside of meeting!`); return false; } - if (this.isSuperAdmin && !this.activeMeeting.locked_from_inside) { + if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) { return true; } @@ -612,7 +612,7 @@ export class OperatorService { // console.warn(`has perms: Operator is not ready!`); return false; } - if (this.isSuperAdmin && !this.activeMeeting.locked_from_inside) { + if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) { return true; } const groups = this.user.groups(meetingId); @@ -669,8 +669,8 @@ export class OperatorService { } public hasCommitteePermissionsNonAdminCheck(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean { - // A superadmin can still do everything - if (this.isSuperAdmin) { + // A superadmin and orgaadmin can do everything + if (this.isSuperAdmin || this.isOrgaManager) { return true; } // A user can have a CML for any committee but they could be not present in some of them. @@ -694,7 +694,7 @@ export class OperatorService { * @returns `true`, if the current operator is included in at least one of the given committees. */ public isInCommittees(...committees: Committee[]): boolean { - if (this.isSuperAdmin) { + if (this.isSuperAdmin || this.isOrgaManager) { return true; } return this.isInCommitteesNonAdminCheck(...committees); @@ -714,7 +714,7 @@ export class OperatorService { /** * This function checks if the operator is in one of the given groups. It is also a permission check. - * That means, if the operator is an admin or a superadmin, this function will return `true`, too. + * That means, if the operator is an admin a superadmin or an orgaadmin, this function will return `true`, too. * * TODO: what if no active meeting?? * @@ -728,19 +728,19 @@ export class OperatorService { /** * This checks if an operator is in at least one of the given groups. It is also a permission check. - * That means, if the operator is an admin or a superadmin, this function returns `true`, too. + * That means, if the operator is an admin, a superadmin or an orgaadmin, this function returns `true`, too. * * TODO: what if no active meeting?? * * @param groups The group ids to check * - * @returns `true`, if the operator is in at least one group or they are an admin or a superadmin. + * @returns `true`, if the operator is in at least one group or they are an admin. a superadmin or a orgaadmin. */ public isInGroupIds(...groupIds: Id[]): boolean { if (!this._groupIds) { return false; } - if (this.isSuperAdmin) { + if (this.isSuperAdmin || this.isOrgaManager) { return true; } if (!this.isInGroupIdsNonAdminCheck(...groupIds)) { @@ -751,7 +751,7 @@ export class OperatorService { } public isInMeetingIds(...meetingIds: Id[]): boolean { - if (this.isSuperAdmin) { + if (this.isSuperAdmin || this.isOrgaManager) { return true; } if (!this._meetingIds) { @@ -762,8 +762,8 @@ export class OperatorService { /** * Function to clear check if an operator is in at least of the given groups. - * This check is not a check for permissions and does neither include a check for an admin - * nor include a check for a superadmin. + * This check is not a check for permissions and does + * neither include a check for an admin, a superadmin, nor an orgaadmin * * @param groups The group ids to check *