From 50584edba3cf6223f74735428ce61b270523e38a Mon Sep 17 00:00:00 2001
From: Elblinator <lelble@intevation.de>
Date: Thu, 21 Nov 2024 17:20:29 +0100
Subject: [PATCH 1/4] Add Check for Orgaadmin

---
 .../history-list/history-list.component.ts    |  5 ----
 .../group-list/group-list.component.ts        |  2 +-
 .../account-add-to-meetings.component.ts      |  2 +-
 .../account-detail.component.ts               |  5 +++-
 .../account-list/account-list.component.ts    |  7 +++---
 .../meeting-edit/meeting-edit.component.ts    | 10 ++++++--
 .../dashboard/dashboard.component.ts          |  1 +
 .../meeting-list-filter.service.ts            |  2 +-
 .../app/site/services/auth-check.service.ts   |  6 ++++-
 .../src/app/site/services/operator.service.ts | 24 +++++++++----------
 10 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts b/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts
index b7fd879c78..0a23f9cf8e 100644
--- a/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts
+++ b/client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts
@@ -5,7 +5,6 @@ import { ActivatedRoute } from '@angular/router';
 import { TranslateService } from '@ngx-translate/core';
 import { Observable, Subject } from 'rxjs';
 import { Collection, Fqid, Id } from 'src/app/domain/definitions/key-types';
-import { OML } from 'src/app/domain/definitions/organization-permission';
 import { Selectable } from 'src/app/domain/interfaces';
 import { BaseModel } from 'src/app/domain/models/base/base-model';
 import { HistoryPosition, HistoryPresenterService } from 'src/app/gateways/presenter/history-presenter.service';
@@ -94,10 +93,6 @@ export class HistoryListComponent extends BaseMeetingComponent implements OnInit
         }
     }
 
-    public get isSuperadmin(): boolean {
-        return this.operator.hasOrganizationPermissions(OML.superadmin);
-    }
-
     public constructor(
         protected override translate: TranslateService,
         private viewModelStore: ViewModelStoreService,
diff --git a/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts b/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
index a3dc30e7a1..1f272eec2a 100644
--- a/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
+++ b/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
@@ -294,6 +294,6 @@ export class GroupListComponent extends BaseMeetingComponent implements OnInit,
      * Function to allow to edit the external_id
      */
     public get allowExternalId(): boolean {
-        return this.operator.isMeetingAdmin || this.operator.isSuperAdmin;
+        return this.operator.isMeetingAdmin || this.operator.isSuperAdmin || this.operator.isOrgaManager;
     }
 }
diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
index 09c19168e1..8aef0d4437 100644
--- a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
+++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
@@ -109,7 +109,7 @@ export class AccountAddToMeetingsComponent extends BaseUiComponent implements On
                 .getViewModelListObservable()
                 .pipe(
                     map(meetings =>
-                        this.operator.isSuperAdmin
+                        this.operator.isSuperAdmin || this.operator.isOrgaManager
                             ? meetings.filter(meeting => !meeting.locked_from_inside)
                             : meetings.filter(
                                   meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside
diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts
index 214053e07f..9a6b3ed387 100644
--- a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts
+++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts
@@ -50,7 +50,10 @@ export class AccountDetailComponent extends BaseComponent implements OnInit {
     }
 
     public get orgaManagementLevelChangeDisabled(): boolean {
-        return this.user?.id === this.operator.operatorId && this.operator.isSuperAdmin;
+        return (
+            this.user?.id === this.operator.operatorId &&
+            (this.operator.isSuperAdmin || this.operator.isOrgaManager || this.operator.isAccountAdmin)
+        );
     }
 
     @ViewChild(UserDetailViewComponent, { static: false })
diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
index 214eec4379..85ab9b60d0 100644
--- a/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
+++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
@@ -113,9 +113,10 @@ export class AccountListComponent extends BaseListViewComponent<ViewUser> {
         const meetings = this.meetingRepo.getViewModelList();
         const result = await this.choiceService.open<ViewMeeting>({
             title,
-            choices: this.operator.isSuperAdmin
-                ? meetings.filter(meeting => !meeting.locked_from_inside)
-                : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
+            choices:
+                this.operator.isSuperAdmin || this.operator.isOrgaManager
+                    ? meetings.filter(meeting => !meeting.locked_from_inside)
+                    : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
             multiSelect: true,
             actions,
             content: this.translate.instant(
diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
index 8b3aba6e45..8f5afa22aa 100644
--- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
+++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
@@ -277,7 +277,11 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private onAfterCreateForm(): void {
         this.enableFormControls();
-        if (!this.operator.isSuperAdmin && !this.isMeetingAdmin && !this.isCreateView) {
+        if (
+            !(this.operator.isSuperAdmin || this.operator.isOrgaManager) &&
+            !this.isMeetingAdmin &&
+            !this.isCreateView
+        ) {
             Object.keys(this.meetingForm.controls).forEach(controlName => {
                 if (!ORGA_ADMIN_ALLOWED_CONTROLNAMES.includes(controlName)) {
                     this.meetingForm.get(controlName)!.disable();
@@ -347,7 +351,9 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private async doUpdateMeeting(): Promise<void> {
         const options =
-            this.operator.isSuperAdmin && !this.isMeetingAdmin && this.editMeeting?.locked_from_inside
+            (this.operator.isSuperAdmin || this.operator.isOrgaManager) &&
+            !this.isMeetingAdmin &&
+            this.editMeeting?.locked_from_inside
                 ? {}
                 : this.getUsersToUpdateForMeetingObject();
         await this.meetingRepo.update(this.sanitizePayload(this.getPayload()), {
diff --git a/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts b/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
index 73fac9dcf4..bb1e3ede48 100644
--- a/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
+++ b/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
@@ -86,6 +86,7 @@ export class DashboardComponent extends BaseComponent {
                     meeting =>
                         this.operator.isInMeeting(meeting.id) ||
                         this.operator.isSuperAdmin ||
+                        this.operator.isOrgaManager ||
                         (meeting.publicAccessPossible() && this.operator.isAnonymous)
                 );
                 const currentDate = new Date();
diff --git a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
index 6b7de10b94..c4b09c5ac7 100644
--- a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
+++ b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
@@ -81,7 +81,7 @@ export class MeetingListFilterService extends BaseFilterListService<ViewMeeting>
     }
 
     protected override preFilter(rawInputData: ViewMeeting[]): ViewMeeting[] {
-        return this.operator.isSuperAdmin
+        return this.operator.isSuperAdmin || this.operator.isOrgaManager
             ? rawInputData
             : rawInputData.filter(meeting => this.operator.isInMeeting(meeting.id));
     }
diff --git a/client/src/app/site/services/auth-check.service.ts b/client/src/app/site/services/auth-check.service.ts
index 8514bd9ff6..ed66515c9f 100644
--- a/client/src/app/site/services/auth-check.service.ts
+++ b/client/src/app/site/services/auth-check.service.ts
@@ -103,7 +103,11 @@ export class AuthCheckService {
         await this.fetchMeetingIfNotExists(+meetingIdString);
 
         await this.operator.ready;
-        return this.operator.isInMeeting(Number(meetingIdString)) || this.operator.isSuperAdmin;
+        return (
+            this.operator.isInMeeting(Number(meetingIdString)) ||
+            this.operator.isSuperAdmin ||
+            this.operator.isOrgaManager
+        );
     }
 
     private async fetchMeetingIfNotExists(meetingId: Id): Promise<void> {
diff --git a/client/src/app/site/services/operator.service.ts b/client/src/app/site/services/operator.service.ts
index 63b3eab782..db8162f0e1 100644
--- a/client/src/app/site/services/operator.service.ts
+++ b/client/src/app/site/services/operator.service.ts
@@ -588,7 +588,7 @@ export class OperatorService {
             // console.warn(`has perms: Usage outside of meeting!`);
             return false;
         }
-        if (this.isSuperAdmin && !this.activeMeeting.locked_from_inside) {
+        if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) {
             return true;
         }
 
@@ -612,7 +612,7 @@ export class OperatorService {
             // console.warn(`has perms: Operator is not ready!`);
             return false;
         }
-        if (this.isSuperAdmin && !this.activeMeeting.locked_from_inside) {
+        if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) {
             return true;
         }
         const groups = this.user.groups(meetingId);
@@ -669,8 +669,8 @@ export class OperatorService {
     }
 
     public hasCommitteePermissionsNonAdminCheck(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
-        // A superadmin can still do everything
-        if (this.isSuperAdmin) {
+        // A superadmin and orgaadmin can do everything
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         // A user can have a CML for any committee but they could be not present in some of them.
@@ -694,7 +694,7 @@ export class OperatorService {
      * @returns `true`, if the current operator is included in at least one of the given committees.
      */
     public isInCommittees(...committees: Committee[]): boolean {
-        if (this.isSuperAdmin) {
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         return this.isInCommitteesNonAdminCheck(...committees);
@@ -714,7 +714,7 @@ export class OperatorService {
 
     /**
      * This function checks if the operator is in one of the given groups. It is also a permission check.
-     * That means, if the operator is an admin or a superadmin, this function will return `true`, too.
+     * That means, if the operator is an admin a superadmin or an orgaadmin, this function will return `true`, too.
      *
      * TODO: what if no active meeting??
      *
@@ -728,19 +728,19 @@ export class OperatorService {
 
     /**
      * This checks if an operator is in at least one of the given groups. It is also a permission check.
-     * That means, if the operator is an admin or a superadmin, this function returns `true`, too.
+     * That means, if the operator is an admin, a superadmin or an orgaadmin, this function returns `true`, too.
      *
      * TODO: what if no active meeting??
      *
      * @param groups The group ids to check
      *
-     * @returns `true`, if the operator is in at least one group or they are an admin or a superadmin.
+     * @returns `true`, if the operator is in at least one group or they are an admin. a superadmin or a orgaadmin.
      */
     public isInGroupIds(...groupIds: Id[]): boolean {
         if (!this._groupIds) {
             return false;
         }
-        if (this.isSuperAdmin) {
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         if (!this.isInGroupIdsNonAdminCheck(...groupIds)) {
@@ -751,7 +751,7 @@ export class OperatorService {
     }
 
     public isInMeetingIds(...meetingIds: Id[]): boolean {
-        if (this.isSuperAdmin) {
+        if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
         }
         if (!this._meetingIds) {
@@ -762,8 +762,8 @@ export class OperatorService {
 
     /**
      * Function to clear check if an operator is in at least of the given groups.
-     * This check is not a check for permissions and does neither include a check for an admin
-     * nor include a check for a superadmin.
+     * This check is not a check for permissions and does
+     * neither include a check for an admin, a superadmin, nor an orgaadmin
      *
      * @param groups The group ids to check
      *

From 2ede1f45535b142a6fc74e59f877f107b7ddfe40 Mon Sep 17 00:00:00 2001
From: Elblinator <lelble@intevation.de>
Date: Thu, 21 Nov 2024 17:38:52 +0100
Subject: [PATCH 2/4] Remove and rename functions

---
 .../repositories/committee-repository.service.ts    |  2 +-
 .../committee-meeting-preview.component.html        |  7 +++++--
 .../committee-detail-view.component.html            |  4 ++--
 .../committee-detail-view.component.ts              | 10 +++-------
 .../meeting-list/meeting-list.component.html        |  9 ++-------
 client/src/app/site/services/operator.service.ts    | 11 +----------
 client/src/app/site/services/user.service.ts        |  7 +++++--
 .../ui/directives/perms/cml-perms.directive.spec.ts | 13 +++----------
 .../app/ui/directives/perms/cml-perms.directive.ts  | 13 +------------
 9 files changed, 23 insertions(+), 53 deletions(-)

diff --git a/client/src/app/gateways/repositories/committee-repository.service.ts b/client/src/app/gateways/repositories/committee-repository.service.ts
index 93c5f47da5..49e6cdd950 100644
--- a/client/src/app/gateways/repositories/committee-repository.service.ts
+++ b/client/src/app/gateways/repositories/committee-repository.service.ts
@@ -110,7 +110,7 @@ export class CommitteeRepositoryService extends BaseRepository<ViewCommittee, Co
         const viewModel = super.createViewModel(model);
         viewModel.getViewUser = (id: Id): ViewUser => this.userRepo.getViewModel(id);
         viewModel.canAccess = (): boolean =>
-            this.operator.hasCommitteePermissions(model.id, CML.can_manage) ||
+            this.operator.hasCommitteePermissionsOrOrgaPermissions(model.id, CML.can_manage) ||
             this.operator.hasOrganizationPermissions(OML.can_manage_users) ||
             this.operator.isInCommitteesNonAdminCheck(model);
         return viewModel;
diff --git a/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html b/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html
index e2adcf484c..5000685dc4 100644
--- a/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html
+++ b/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html
@@ -21,7 +21,7 @@
             @if (meeting.isArchived) {
                 <mat-label class="archived-label">{{ 'Archived' | translate }}</mat-label>
             }
-            <ng-container *osCmlPerms="CML.can_manage; committeeId: committee.id; nonAdminCheck: true">
+            <ng-container *osCmlPerms="CML.can_manage; committeeId: committee.id">
                 @if (isTemplateMeeting) {
                     <div class="template-indicator">
                         <mat-icon [matTooltip]="'Public template' | translate">star</mat-icon>
@@ -131,7 +131,10 @@
 
 <mat-menu #meetingMenu="matMenu">
     <ng-template matMenuContent>
-        @if (!meeting.isArchived && (meeting?.canBeEnteredBy(operator.user) || operator.isSuperAdmin)) {
+        @if (
+            !meeting.isArchived &&
+            (meeting?.canBeEnteredBy(operator.user) || operator.isSuperAdmin || operator.isOrgaManager)
+        ) {
             <a mat-menu-item [routerLink]="['meeting', 'edit', meeting.id]">
                 <mat-icon>edit</mat-icon>
                 <span>{{ 'Edit' | translate }}</span>
diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html
index 4008772147..0fd31dd978 100644
--- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html
+++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html
@@ -1,6 +1,6 @@
 <os-head-bar
     [customMenu]="true"
-    [hasMainButton]="canManageMeetingsInCommittee"
+    [hasMainButton]="canManageCommitteeOrMeetingsInCommittee"
     [mainActionTooltip]="'New meeting' | translate"
     [nav]="false"
     (mainEvent)="onCreateMeeting()"
@@ -105,7 +105,7 @@ <h1>
                 </os-committee-meta-info>
             }
             <!-- Member amount -->
-            @if (canManageCommittee) {
+            @if (canManageCommitteeOrMeetingsInCommittee) {
                 <os-committee-meta-info icon="engineering" title="{{ 'Committee admin' | translate }}">
                     @if (committee.getManagers(); as managers) {
                         <os-comma-separated-listing [list]="managers">
diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts
index 8a803dedd5..ae1ec67232 100644
--- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts
+++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts
@@ -30,12 +30,8 @@ export class CommitteeDetailViewComponent extends BaseUiComponent {
     public forwardingExpanded = false;
     public requireDuplicateFrom = false;
 
-    public get canManageMeetingsInCommittee(): boolean {
-        return this.operator.hasCommitteePermissionsNonAdminCheck(this.committeeId, CML.can_manage);
-    }
-
-    public get canManageCommittee(): boolean {
-        return this.operator.hasCommitteePermissions(this.committeeId, CML.can_manage);
+    public get canManageCommitteeOrMeetingsInCommittee(): boolean {
+        return this.operator.hasCommitteePermissionsOrOrgaPermissions(this.committeeId, CML.can_manage);
     }
 
     public constructor(
@@ -90,7 +86,7 @@ export class CommitteeDetailViewComponent extends BaseUiComponent {
 
     public canAccessCommittee(committee: Committee): boolean {
         return (
-            this.operator.hasCommitteePermissions(committee.id, CML.can_manage) ||
+            this.operator.hasCommitteePermissionsOrOrgaPermissions(committee.id, CML.can_manage) ||
             this.operator.isInCommittees(committee)
         );
     }
diff --git a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/components/meeting-list/meeting-list.component.html b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/components/meeting-list/meeting-list.component.html
index 1e67afe742..a1eb2990b7 100644
--- a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/components/meeting-list/meeting-list.component.html
+++ b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/components/meeting-list/meeting-list.component.html
@@ -70,12 +70,7 @@ <h2>{{ 'Meetings' | translate }}</h2>
 
                     <!-- Is Template -->
                     <span
-                        *osCmlPerms="
-                            CML.can_manage;
-                            committeeId: meeting.committee_id;
-                            nonAdminCheck: true;
-                            and: meeting.isTemplate
-                        "
+                        *osCmlPerms="CML.can_manage; committeeId: meeting.committee_id; and: meeting.isTemplate"
                         class="icon-prefix"
                     >
                         <mat-icon [matTooltip]="'Public template' | translate">star</mat-icon>
@@ -181,7 +176,7 @@ <h2>{{ 'Meetings' | translate }}</h2>
 
     <div *osScrollingTableCell="'menu'; row as meeting; config: { width: 40 }">
         <button
-            *osCmlPerms="CML.can_manage; committeeId: meeting.committee?.id; nonAdminCheck: true"
+            *osCmlPerms="CML.can_manage; committeeId: meeting.committee?.id"
             data-cy="meetingListSingleMenuTrigger"
             mat-icon-button
             [disabled]="isMultiSelect"
diff --git a/client/src/app/site/services/operator.service.ts b/client/src/app/site/services/operator.service.ts
index db8162f0e1..041f698096 100644
--- a/client/src/app/site/services/operator.service.ts
+++ b/client/src/app/site/services/operator.service.ts
@@ -659,16 +659,7 @@ export class OperatorService {
      *
      * @returns A boolean whether an operator's CML is high enough.
      */
-    public hasCommitteePermissions(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
-        // If a user can manage an entire organization, they can also manage every committee.
-        // Regardless, if they have no CML.
-        if (this.isOrgaManager) {
-            return true;
-        }
-        return this.hasCommitteePermissionsNonAdminCheck(committeeId, ...permissionsToCheck);
-    }
-
-    public hasCommitteePermissionsNonAdminCheck(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
+    public hasCommitteePermissionsOrOrgaPermissions(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
         // A superadmin and orgaadmin can do everything
         if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
diff --git a/client/src/app/site/services/user.service.ts b/client/src/app/site/services/user.service.ts
index 1586e08e98..b2d60b12d1 100644
--- a/client/src/app/site/services/user.service.ts
+++ b/client/src/app/site/services/user.service.ts
@@ -96,14 +96,17 @@ export class UserService {
                     hasPerms = true;
                 }
                 if (!hasPerms && toCompare.collection === UserScope.COMMITTEE) {
-                    hasPerms = hasPerms || this.operator.hasCommitteePermissions(toCompare.id, CML.can_manage);
+                    hasPerms =
+                        hasPerms ||
+                        this.operator.hasCommitteePermissionsOrOrgaPermissions(toCompare.id, CML.can_manage);
                 }
                 if (!hasPerms && toCompare.collection === UserScope.MEETING) {
                     const committee_id = this.meetingRepo.getViewModel(toCompare.id)?.committee_id;
                     hasPerms =
                         hasPerms ||
                         this.operator.hasPermsInMeeting(toCompare.id, Permission.userCanManage) ||
-                        (committee_id && this.operator.hasCommitteePermissions(committee_id, CML.can_manage));
+                        (committee_id &&
+                            this.operator.hasCommitteePermissionsOrOrgaPermissions(committee_id, CML.can_manage));
                 }
                 return hasPerms;
             });
diff --git a/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts b/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts
index 991ed6dc2e..54d8c82a10 100644
--- a/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts
+++ b/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts
@@ -20,10 +20,7 @@ type TestConditionalType = {
 
 @Component({
     template: `
-        <div
-            *osCmlPerms="permission; committeeId: conditionals.id; nonAdminCheck: conditionals.nonAdmin"
-            id="normal"
-        ></div>
+        <div *osCmlPerms="permission; committeeId: conditionals.id" id="normal"></div>
         <div *osCmlPerms="permission; committeeId: conditionals.id; or: conditionals.or" id="or"></div>
         <div *osCmlPerms="permission; committeeId: conditionals.id; and: conditionals.and" id="and"></div>
         <div
@@ -63,12 +60,8 @@ class MockOperatorService {
         return checkPerms.some(perm => perm === this._oml);
     }
 
-    public hasCommitteePermissions(committeeId: Id | null, ...checkPerms: CML[]): boolean {
-        return this._isAdmin || this.hasCommitteePermissionsNonAdminCheck(committeeId, ...checkPerms);
-    }
-
-    public hasCommitteePermissionsNonAdminCheck(committeeId: Id | null, ...checkPerms: CML[]): boolean {
-        return checkPerms.some(perm => this._permList.includes(perm));
+    public hasCommitteePermissionsOrOrgaPermissions(committeeId: Id | null, ...checkPerms: CML[]): boolean {
+        return this._isAdmin || checkPerms.some(perm => this._permList.includes(perm));
     }
 
     public changeOperatorPermsForTest(newPermList: CML[], oml?: OML | undefined): void {
diff --git a/client/src/app/ui/directives/perms/cml-perms.directive.ts b/client/src/app/ui/directives/perms/cml-perms.directive.ts
index a7e5a6fe9b..e6f3f2403d 100644
--- a/client/src/app/ui/directives/perms/cml-perms.directive.ts
+++ b/client/src/app/ui/directives/perms/cml-perms.directive.ts
@@ -34,12 +34,6 @@ export class CmlPermsDirective extends BasePermsDirective<CML> {
         this.setComplementCondition(value);
     }
 
-    @Input()
-    public set osCmlPermsNonAdminCheck(value: boolean) {
-        this._checkNonAdmin = value;
-        this.updatePermission();
-    }
-
     @Input()
     public set osCmlPermsThen(template: TemplateRef<any>) {
         this.setThenTemplate(template);
@@ -57,7 +51,6 @@ export class CmlPermsDirective extends BasePermsDirective<CML> {
     }
 
     private _committeeId: Id | undefined = undefined;
-    private _checkNonAdmin = false;
     private _orOML: OML | undefined = undefined;
 
     protected hasPermissions(): boolean {
@@ -67,10 +60,6 @@ export class CmlPermsDirective extends BasePermsDirective<CML> {
         if (!this._committeeId) {
             return false;
         }
-        if (this._checkNonAdmin) {
-            return this.operator.hasCommitteePermissionsNonAdminCheck(this._committeeId, ...this.permissions);
-        } else {
-            return this.operator.hasCommitteePermissions(this._committeeId, ...this.permissions);
-        }
+        return this.operator.hasCommitteePermissionsOrOrgaPermissions(this._committeeId, ...this.permissions);
     }
 }

From 186ffe16e24f652f011cdbabd593308ef920b6b5 Mon Sep 17 00:00:00 2001
From: Elblinator <lelble@intevation.de>
Date: Mon, 25 Nov 2024 11:04:18 +0100
Subject: [PATCH 3/4] Rename (and remove tests)

---
 .../committee-repository.service.ts            |  2 +-
 .../committee-detail-view.component.html       |  4 ++--
 .../committee-detail-view.component.ts         |  6 +++---
 .../src/app/site/services/operator.service.ts  |  2 +-
 client/src/app/site/services/user.service.ts   |  7 ++-----
 .../perms/cml-perms.directive.spec.ts          | 18 +-----------------
 .../ui/directives/perms/cml-perms.directive.ts |  2 +-
 7 files changed, 11 insertions(+), 30 deletions(-)

diff --git a/client/src/app/gateways/repositories/committee-repository.service.ts b/client/src/app/gateways/repositories/committee-repository.service.ts
index 49e6cdd950..93c5f47da5 100644
--- a/client/src/app/gateways/repositories/committee-repository.service.ts
+++ b/client/src/app/gateways/repositories/committee-repository.service.ts
@@ -110,7 +110,7 @@ export class CommitteeRepositoryService extends BaseRepository<ViewCommittee, Co
         const viewModel = super.createViewModel(model);
         viewModel.getViewUser = (id: Id): ViewUser => this.userRepo.getViewModel(id);
         viewModel.canAccess = (): boolean =>
-            this.operator.hasCommitteePermissionsOrOrgaPermissions(model.id, CML.can_manage) ||
+            this.operator.hasCommitteePermissions(model.id, CML.can_manage) ||
             this.operator.hasOrganizationPermissions(OML.can_manage_users) ||
             this.operator.isInCommitteesNonAdminCheck(model);
         return viewModel;
diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html
index 0fd31dd978..355793f539 100644
--- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html
+++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html
@@ -1,6 +1,6 @@
 <os-head-bar
     [customMenu]="true"
-    [hasMainButton]="canManageCommitteeOrMeetingsInCommittee"
+    [hasMainButton]="canManageCommittee"
     [mainActionTooltip]="'New meeting' | translate"
     [nav]="false"
     (mainEvent)="onCreateMeeting()"
@@ -105,7 +105,7 @@ <h1>
                 </os-committee-meta-info>
             }
             <!-- Member amount -->
-            @if (canManageCommitteeOrMeetingsInCommittee) {
+            @if (canManageCommittee) {
                 <os-committee-meta-info icon="engineering" title="{{ 'Committee admin' | translate }}">
                     @if (committee.getManagers(); as managers) {
                         <os-comma-separated-listing [list]="managers">
diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts
index ae1ec67232..58303164a7 100644
--- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts
+++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts
@@ -30,8 +30,8 @@ export class CommitteeDetailViewComponent extends BaseUiComponent {
     public forwardingExpanded = false;
     public requireDuplicateFrom = false;
 
-    public get canManageCommitteeOrMeetingsInCommittee(): boolean {
-        return this.operator.hasCommitteePermissionsOrOrgaPermissions(this.committeeId, CML.can_manage);
+    public get canManageCommittee(): boolean {
+        return this.operator.hasCommitteePermissions(this.committeeId, CML.can_manage);
     }
 
     public constructor(
@@ -86,7 +86,7 @@ export class CommitteeDetailViewComponent extends BaseUiComponent {
 
     public canAccessCommittee(committee: Committee): boolean {
         return (
-            this.operator.hasCommitteePermissionsOrOrgaPermissions(committee.id, CML.can_manage) ||
+            this.operator.hasCommitteePermissions(committee.id, CML.can_manage) ||
             this.operator.isInCommittees(committee)
         );
     }
diff --git a/client/src/app/site/services/operator.service.ts b/client/src/app/site/services/operator.service.ts
index 041f698096..ec6e1ca95b 100644
--- a/client/src/app/site/services/operator.service.ts
+++ b/client/src/app/site/services/operator.service.ts
@@ -659,7 +659,7 @@ export class OperatorService {
      *
      * @returns A boolean whether an operator's CML is high enough.
      */
-    public hasCommitteePermissionsOrOrgaPermissions(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
+    public hasCommitteePermissions(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
         // A superadmin and orgaadmin can do everything
         if (this.isSuperAdmin || this.isOrgaManager) {
             return true;
diff --git a/client/src/app/site/services/user.service.ts b/client/src/app/site/services/user.service.ts
index b2d60b12d1..1586e08e98 100644
--- a/client/src/app/site/services/user.service.ts
+++ b/client/src/app/site/services/user.service.ts
@@ -96,17 +96,14 @@ export class UserService {
                     hasPerms = true;
                 }
                 if (!hasPerms && toCompare.collection === UserScope.COMMITTEE) {
-                    hasPerms =
-                        hasPerms ||
-                        this.operator.hasCommitteePermissionsOrOrgaPermissions(toCompare.id, CML.can_manage);
+                    hasPerms = hasPerms || this.operator.hasCommitteePermissions(toCompare.id, CML.can_manage);
                 }
                 if (!hasPerms && toCompare.collection === UserScope.MEETING) {
                     const committee_id = this.meetingRepo.getViewModel(toCompare.id)?.committee_id;
                     hasPerms =
                         hasPerms ||
                         this.operator.hasPermsInMeeting(toCompare.id, Permission.userCanManage) ||
-                        (committee_id &&
-                            this.operator.hasCommitteePermissionsOrOrgaPermissions(committee_id, CML.can_manage));
+                        (committee_id && this.operator.hasCommitteePermissions(committee_id, CML.can_manage));
                 }
                 return hasPerms;
             });
diff --git a/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts b/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts
index 54d8c82a10..1b5d999ba0 100644
--- a/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts
+++ b/client/src/app/ui/directives/perms/cml-perms.directive.spec.ts
@@ -60,7 +60,7 @@ class MockOperatorService {
         return checkPerms.some(perm => perm === this._oml);
     }
 
-    public hasCommitteePermissionsOrOrgaPermissions(committeeId: Id | null, ...checkPerms: CML[]): boolean {
+    public hasCommitteePermissions(committeeId: Id | null, ...checkPerms: CML[]): boolean {
         return this._isAdmin || checkPerms.some(perm => this._permList.includes(perm));
     }
 
@@ -114,22 +114,6 @@ describe(`CmlPermsDirective`, () => {
         expect(getElement(`#normal`)).toBeTruthy();
     });
 
-    it(`check if element gets restricted with non-admin-check`, async () => {
-        fixture.componentInstance.setTestComponentData({ nonAdmin: true });
-        operatorService.changeOperatorPermsForTest([CML.can_manage]);
-        update();
-        expect(getElement(`#normal`)).toBeTruthy();
-        operatorService.changeOperatorPermsForTest([]);
-        update();
-        expect(getElement(`#normal`)).toBeFalsy();
-        operatorService.changeOperatorPermsForTest([CML.can_manage], OML.superadmin);
-        update();
-        expect(getElement(`#normal`)).toBeTruthy();
-        operatorService.changeOperatorPermsForTest([], OML.superadmin);
-        update();
-        expect(getElement(`#normal`)).toBeFalsy();
-    });
-
     it(`check if or condition works`, async () => {
         expect(getElement(`#or`)).toBeTruthy();
         fixture.componentInstance.setTestComponentData({ or: false });
diff --git a/client/src/app/ui/directives/perms/cml-perms.directive.ts b/client/src/app/ui/directives/perms/cml-perms.directive.ts
index e6f3f2403d..27e7772022 100644
--- a/client/src/app/ui/directives/perms/cml-perms.directive.ts
+++ b/client/src/app/ui/directives/perms/cml-perms.directive.ts
@@ -60,6 +60,6 @@ export class CmlPermsDirective extends BasePermsDirective<CML> {
         if (!this._committeeId) {
             return false;
         }
-        return this.operator.hasCommitteePermissionsOrOrgaPermissions(this._committeeId, ...this.permissions);
+        return this.operator.hasCommitteePermissions(this._committeeId, ...this.permissions);
     }
 }

From e996062b849b39653f13c02f69fd0d6ab3fc2c27 Mon Sep 17 00:00:00 2001
From: Elblinator <lelble@intevation.de>
Date: Mon, 25 Nov 2024 11:16:12 +0100
Subject: [PATCH 4/4] Add canSkipPermissionCheck

---
 .../group-list/group-list.component.ts        |  2 +-
 .../account-add-to-meetings.component.ts      |  2 +-
 .../account-list/account-list.component.ts    |  7 +++----
 .../committee-meeting-preview.component.html  |  5 +----
 .../meeting-edit/meeting-edit.component.ts    | 10 ++--------
 .../dashboard/dashboard.component.ts          |  3 +--
 .../meeting-list-filter.service.ts            |  2 +-
 .../app/site/services/auth-check.service.ts   |  6 +-----
 .../src/app/site/services/operator.service.ts | 20 ++++++++++---------
 9 files changed, 22 insertions(+), 35 deletions(-)

diff --git a/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts b/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
index 1f272eec2a..a86d568c12 100644
--- a/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
+++ b/client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts
@@ -294,6 +294,6 @@ export class GroupListComponent extends BaseMeetingComponent implements OnInit,
      * Function to allow to edit the external_id
      */
     public get allowExternalId(): boolean {
-        return this.operator.isMeetingAdmin || this.operator.isSuperAdmin || this.operator.isOrgaManager;
+        return this.operator.isMeetingAdmin || this.operator.canSkipPermissionCheck;
     }
 }
diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
index 8aef0d4437..9e5491add5 100644
--- a/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
+++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts
@@ -109,7 +109,7 @@ export class AccountAddToMeetingsComponent extends BaseUiComponent implements On
                 .getViewModelListObservable()
                 .pipe(
                     map(meetings =>
-                        this.operator.isSuperAdmin || this.operator.isOrgaManager
+                        this.operator.canSkipPermissionCheck
                             ? meetings.filter(meeting => !meeting.locked_from_inside)
                             : meetings.filter(
                                   meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside
diff --git a/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts b/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
index 85ab9b60d0..35ad952874 100644
--- a/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
+++ b/client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts
@@ -113,10 +113,9 @@ export class AccountListComponent extends BaseListViewComponent<ViewUser> {
         const meetings = this.meetingRepo.getViewModelList();
         const result = await this.choiceService.open<ViewMeeting>({
             title,
-            choices:
-                this.operator.isSuperAdmin || this.operator.isOrgaManager
-                    ? meetings.filter(meeting => !meeting.locked_from_inside)
-                    : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
+            choices: this.operator.canSkipPermissionCheck
+                ? meetings.filter(meeting => !meeting.locked_from_inside)
+                : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
             multiSelect: true,
             actions,
             content: this.translate.instant(
diff --git a/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html b/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html
index 5000685dc4..71a26f2cce 100644
--- a/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html
+++ b/client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html
@@ -131,10 +131,7 @@
 
 <mat-menu #meetingMenu="matMenu">
     <ng-template matMenuContent>
-        @if (
-            !meeting.isArchived &&
-            (meeting?.canBeEnteredBy(operator.user) || operator.isSuperAdmin || operator.isOrgaManager)
-        ) {
+        @if (!meeting.isArchived && (meeting?.canBeEnteredBy(operator.user) || operator.canSkipPermissionCheck)) {
             <a mat-menu-item [routerLink]="['meeting', 'edit', meeting.id]">
                 <mat-icon>edit</mat-icon>
                 <span>{{ 'Edit' | translate }}</span>
diff --git a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
index 8f5afa22aa..df05e7d6ea 100644
--- a/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
+++ b/client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts
@@ -277,11 +277,7 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private onAfterCreateForm(): void {
         this.enableFormControls();
-        if (
-            !(this.operator.isSuperAdmin || this.operator.isOrgaManager) &&
-            !this.isMeetingAdmin &&
-            !this.isCreateView
-        ) {
+        if (!this.operator.canSkipPermissionCheck && !this.isMeetingAdmin && !this.isCreateView) {
             Object.keys(this.meetingForm.controls).forEach(controlName => {
                 if (!ORGA_ADMIN_ALLOWED_CONTROLNAMES.includes(controlName)) {
                     this.meetingForm.get(controlName)!.disable();
@@ -351,9 +347,7 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private async doUpdateMeeting(): Promise<void> {
         const options =
-            (this.operator.isSuperAdmin || this.operator.isOrgaManager) &&
-            !this.isMeetingAdmin &&
-            this.editMeeting?.locked_from_inside
+            this.operator.canSkipPermissionCheck && !this.isMeetingAdmin && this.editMeeting?.locked_from_inside
                 ? {}
                 : this.getUsersToUpdateForMeetingObject();
         await this.meetingRepo.update(this.sanitizePayload(this.getPayload()), {
diff --git a/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts b/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
index bb1e3ede48..f0c8ffe977 100644
--- a/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
+++ b/client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts
@@ -85,8 +85,7 @@ export class DashboardComponent extends BaseComponent {
                 const filteredMeetings = meetings.filter(
                     meeting =>
                         this.operator.isInMeeting(meeting.id) ||
-                        this.operator.isSuperAdmin ||
-                        this.operator.isOrgaManager ||
+                        this.operator.canSkipPermissionCheck ||
                         (meeting.publicAccessPossible() && this.operator.isAnonymous)
                 );
                 const currentDate = new Date();
diff --git a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
index c4b09c5ac7..5bc6b7641c 100644
--- a/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
+++ b/client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts
@@ -81,7 +81,7 @@ export class MeetingListFilterService extends BaseFilterListService<ViewMeeting>
     }
 
     protected override preFilter(rawInputData: ViewMeeting[]): ViewMeeting[] {
-        return this.operator.isSuperAdmin || this.operator.isOrgaManager
+        return this.operator.canSkipPermissionCheck
             ? rawInputData
             : rawInputData.filter(meeting => this.operator.isInMeeting(meeting.id));
     }
diff --git a/client/src/app/site/services/auth-check.service.ts b/client/src/app/site/services/auth-check.service.ts
index ed66515c9f..7b13946a85 100644
--- a/client/src/app/site/services/auth-check.service.ts
+++ b/client/src/app/site/services/auth-check.service.ts
@@ -103,11 +103,7 @@ export class AuthCheckService {
         await this.fetchMeetingIfNotExists(+meetingIdString);
 
         await this.operator.ready;
-        return (
-            this.operator.isInMeeting(Number(meetingIdString)) ||
-            this.operator.isSuperAdmin ||
-            this.operator.isOrgaManager
-        );
+        return this.operator.isInMeeting(Number(meetingIdString)) || this.operator.canSkipPermissionCheck;
     }
 
     private async fetchMeetingIfNotExists(meetingId: Id): Promise<void> {
diff --git a/client/src/app/site/services/operator.service.ts b/client/src/app/site/services/operator.service.ts
index ec6e1ca95b..2c88487cce 100644
--- a/client/src/app/site/services/operator.service.ts
+++ b/client/src/app/site/services/operator.service.ts
@@ -91,6 +91,10 @@ export class OperatorService {
         return this.hasOrganizationPermissions(OML.can_manage_organization);
     }
 
+    public get canSkipPermissionCheck(): boolean {
+        return this.isSuperAdmin || this.isOrgaManager;
+    }
+
     public get isAccountAdmin(): boolean {
         return this.hasOrganizationPermissions(OML.can_manage_users);
     }
@@ -100,9 +104,7 @@ export class OperatorService {
     }
 
     public get isAnyManager(): boolean {
-        return this.isSuperAdmin || this.isOrgaManager || this.readyDeferred.wasResolved
-            ? this.isCommitteeManager
-            : false;
+        return this.canSkipPermissionCheck || this.readyDeferred.wasResolved ? this.isCommitteeManager : false;
     }
 
     public get knowsMultipleMeetings(): boolean {
@@ -588,7 +590,7 @@ export class OperatorService {
             // console.warn(`has perms: Usage outside of meeting!`);
             return false;
         }
-        if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) {
+        if (this.canSkipPermissionCheck && !this.activeMeeting.locked_from_inside) {
             return true;
         }
 
@@ -612,7 +614,7 @@ export class OperatorService {
             // console.warn(`has perms: Operator is not ready!`);
             return false;
         }
-        if ((this.isSuperAdmin || this.isOrgaManager) && !this.activeMeeting.locked_from_inside) {
+        if (this.canSkipPermissionCheck && !this.activeMeeting.locked_from_inside) {
             return true;
         }
         const groups = this.user.groups(meetingId);
@@ -661,7 +663,7 @@ export class OperatorService {
      */
     public hasCommitteePermissions(committeeId: Id | null, ...permissionsToCheck: CML[]): boolean {
         // A superadmin and orgaadmin can do everything
-        if (this.isSuperAdmin || this.isOrgaManager) {
+        if (this.canSkipPermissionCheck) {
             return true;
         }
         // A user can have a CML for any committee but they could be not present in some of them.
@@ -685,7 +687,7 @@ export class OperatorService {
      * @returns `true`, if the current operator is included in at least one of the given committees.
      */
     public isInCommittees(...committees: Committee[]): boolean {
-        if (this.isSuperAdmin || this.isOrgaManager) {
+        if (this.canSkipPermissionCheck) {
             return true;
         }
         return this.isInCommitteesNonAdminCheck(...committees);
@@ -731,7 +733,7 @@ export class OperatorService {
         if (!this._groupIds) {
             return false;
         }
-        if (this.isSuperAdmin || this.isOrgaManager) {
+        if (this.canSkipPermissionCheck) {
             return true;
         }
         if (!this.isInGroupIdsNonAdminCheck(...groupIds)) {
@@ -742,7 +744,7 @@ export class OperatorService {
     }
 
     public isInMeetingIds(...meetingIds: Id[]): boolean {
-        if (this.isSuperAdmin || this.isOrgaManager) {
+        if (this.canSkipPermissionCheck) {
             return true;
         }
         if (!this._meetingIds) {