New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Features support part 2 #822
Conversation
…tureGuard and add implementations for WithdrawItem / ReinstateItem guards
This pull request introduces 2 alerts when merging 23354b4 into 8b639bc - view on LGTM.com new alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Atmire-Kristof : I gave this a quick test today (haven't done a full code review yet), and found that it almost seems to work too well.
Essentially, with this PR installed, I'm no longer able to access many Admin Tools. More specifically, when logged in as an Admin, these Admin menus are no longer available/accessible:
- Access Control
- Admin Search
- Registries
- Administer Workflow
- Import (menu exists but all submenus are grayed out)
- Export (menu exists but all submenus are grayed out)
If I attempt to access one of those Admin tools by typing in the URL in my browser (e.g. http://localhost:4000/admin/search) I am sent to a 401 Unauthorized page.
So, I think this PR has tightened access rights significantly and it no longer allows full Site Administrators to have access to Admin tools. I'm not exactly sure why that is, but obviously we'd need that resolved before we can look to merge this.
Conflicts: src/app/core/core.module.ts
This pull request introduces 2 alerts when merging 4297893 into eb98098 - view on LGTM.com new alerts:
|
@tdonohue I don't think this PR is the direct cause of any of those issues. It looks like the rest demo branch was hasn't been updated in quite some time, and both DSpace/DSpace#2867 and DSpace/DSpace#2910 are necessary for this PR to function. That seems to be at least part of the reason why so many things are not authorized for you. However even with those PRs in place this PR is still affected by DSpace/DSpace#2912 and #635 as mentioned in the description. So e.g. the edit item page can still be unaccessible. We probably won't be able to merge this PR until at least DSpace/DSpace#2912 has a solution. |
Conflicts: src/app/+collection-page/collection-page-routing.module.ts src/app/+community-page/community-page-routing.module.ts src/app/+item-page/edit-item-page/edit-item-page.routing.module.ts src/app/+item-page/edit-item-page/item-status/item-status.component.ts src/app/+item-page/item-page-routing.module.ts src/app/app-routing.module.ts src/app/core/core.module.ts src/app/shared/log-in/log-in.component.html src/app/shared/log-in/log-in.component.spec.ts src/app/shared/log-in/log-in.component.ts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Finally got around to re-testing this PR. It all works well now. Code looks good as well. Thanks @Atmire-Kristof !
Merging immediately as this was previously flagged for |
References
This PR expands on #717
and fixes #738
Description
This PR hides / protects certain components and routes behind feature authorization checks. Support for this was added in #717, this PR aims to cover more features using these changes.
Instructions for Reviewers
Changes made:
DsoPageFeatureGuard
, accepting a resolver (resolving the route's ID to a remote-data object).getObjectUrl
returns the self-link of the object resolved from the URL, which will be used for checking the Feature's authorization--
CollectionPageAdministratorGuard
: checks admin authorization for collection pages. Configured for/collection/${uuid}/edit
routes.--
CommunityPageAdministratorGuard
: same, but for communities--
ItemPageAdministratorGuard
: same, but for items--
ItemPageReinstateGuard
: checks "reinstateitem" feature authorization for item pages. Configured for/items/${uuid}/edit/reinstate
routes.--
ItemPageWithdrawGuard
: checks "withdrawitem" feature authorization for item pages. Configured for/items/${uuid}/edit/withdraw
routes.SiteRegisterGuard
checking "epersonRegistration" feature authorization for the Site. Configured for/register
route.How to test:
/unauthorized
page.Warnings
Checklist
This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome). If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!
yarn run lint
package.json
), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.