TechnologyEnhancedLearning · binon · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024 · Jan 18, 2024
diff --git a/.gitguardian.yaml b/.gitguardian.yaml
@@ -0,0 +1,5 @@
+secret:
+  ignored-matches:
+  - match: 26841b2b92a38ec6d2dd87ccc2d4f6d3613486c21f4cf5cb4d98b4527dfc0061
+    name: Generic High Entropy Secret - LearningHub.Nhs.WebUI/Program.cs
+version: 2
diff --git a/LearningHub.Nhs.WebUI/Controllers/Api/UserController.cs b/LearningHub.Nhs.WebUI/Controllers/Api/UserController.cs
@@ -90,6 +90,18 @@ public async Task<ActionResult> GetUserAccessType()
             return this.Ok(isGeneralUser);
         }
 
+        /// <summary>
+        /// to get user role.
+        /// </summary>
+        /// <returns>The <see cref="Task{ActionResult}"/>.</returns>
+        [HttpGet]
+        [Route("CheckUserRole")]
+        public async Task<ActionResult> CheckUserRole()
+        {
+            var isSystemAdmin = this.User.IsInRole("Administrator");
+            return this.Ok(isSystemAdmin);
+        }
+
         /// <summary>
         /// The GetCurrentUserPersonalDetails.
         /// </summary>

diff --git a/LearningHub.Nhs.WebUI/Controllers/ResourceController.cs b/LearningHub.Nhs.WebUI/Controllers/ResourceController.cs
@@ -136,7 +136,7 @@ public async Task<IActionResult> Index(int resourceReferenceId, bool? acceptSens
                 var userGroups = await this.userGroupService.GetRoleUserGroupDetailForUserAsync(this.CurrentUserId);
 
                 hasCatalogueAccess = userGroups.Any(x => x.CatalogueNodeId == resource.Catalogue.NodeId &&
-                    (x.RoleEnum == RoleEnum.LocalAdmin || x.RoleEnum == RoleEnum.Editor || x.RoleEnum == RoleEnum.Reader));
+                    (x.RoleEnum == RoleEnum.LocalAdmin || x.RoleEnum == RoleEnum.Editor || x.RoleEnum == RoleEnum.Reader)) || this.User.IsInRole("Administrator");
             }
             else if (!resource.Catalogue.RestrictedAccess)
             {

diff --git a/LearningHub.Nhs.WebUI/Scripts/vuesrc/data/user.ts b/LearningHub.Nhs.WebUI/Scripts/vuesrc/data/user.ts
@@ -54,6 +54,18 @@ const isGeneralUser = async function (): Promise<boolean[]> {
         });
 };
 
+const IsSystemAdmin = async function (): Promise<boolean[]> {
+    var IsSystemAdmin = `/api/User/CheckUserRole`;
+    return await AxiosWrapper.axios.get<boolean[]>(IsSystemAdmin)
+        .then(response => {
+            return response.data;
+        })
+        .catch(e => {
+            console.log('IsSystemAdmin:' + e);
+            throw e;
+        });
+};
+
 const getCurrentUserBasicDetails = async function (): Promise<UserBasicModel> {
     return await AxiosWrapper.axios.get<UserBasicModel>('/api/User/GetCurrentUserBasicDetails')
         .then(response => {
@@ -160,5 +172,6 @@ export const userData = {
     updateSecurityQuestionAnswers,
     keepUserSessionAlive,
     getkeepUserSessionAliveInterval,
-    isGeneralUser
+    isGeneralUser,
+    IsSystemAdmin
 }
diff --git a/LearningHub.Nhs.WebUI/Scripts/vuesrc/resource/ResourceContent.vue b/LearningHub.Nhs.WebUI/Scripts/vuesrc/resource/ResourceContent.vue
@@ -8,7 +8,7 @@
 
                     <!--Video-->
                     <div id="mediacontainer" class="resource-item nhsuk-u-margin-bottom-7" v-if="hasMediaAccess && (resourceItem.resourceTypeEnum === ResourceType.VIDEO)">
-                        
+
                         <video id="resourceAzureMediaPlayer" data-setup='{"logo": { "enabled": false }, "techOrder": ["azureHtml5JS", "flashSS",  "silverlightSS", "html5"], "nativeControlsForTouch": false}' controls class="azuremediaplayer amp-default-skin amp-big-play-centered resource-video nhsuk-u-margin-bottom-4">
                             <source :src="resourceItem.videoDetails.resourceAzureMediaAsset.locatorUri" type="application/vnd.ms-sstr+xml" :data-setup='getAESProtection(resourceItem.videoDetails.resourceAzureMediaAsset.authenticationToken)' />
                             <source :src="getMediaAssetProxyUrl(resourceItem.videoDetails.resourceAzureMediaAsset)" type="application/vnd.apple.mpegurl" disableUrlRewriter="true" />
@@ -73,7 +73,7 @@
     import '../filters';
     import { resourceData } from '../data/resource';
     import { userData } from '../data/user';
-    import { VersionStatus, ResourceType, ResourceAccessibility,ActivityStatus, MediaResourceActivityType, AzureMediaPlayerOptions, RoleEnum } from '../constants';
+    import { VersionStatus, ResourceType, ResourceAccessibility, ActivityStatus, MediaResourceActivityType, AzureMediaPlayerOptions, RoleEnum } from '../constants';
     import { ResourceItemModel } from '../models/resourceItemModel';
     import { ScormContentDetailsModel } from '../models/scormModel';
     import { RoleUserGroupModel } from '../models/roleUserGroupModel';
@@ -119,19 +119,20 @@
                 interactionQueue: new Array<InteractionQueueModel>(),
                 scormContentDetailsModel: new ScormContentDetailsModel(),
                 assessmentProgress: null as AssessmentProgressModel,
-                isGeneralUser: false
+                isGeneralUser: false,
+                isSystemAdmin: false
             }
         },
         computed: {
             hasCatalogueAccess(): boolean {
-                return (!this.resourceItem.catalogue.restrictedAccess
+                return (!this.resourceItem.catalogue.restrictedAccess || this.IsSystemAdmin
                     ||
                     (this.roleUserGroups.filter((rug: any) => rug.catalogueNodeId == this.resourceItem.catalogue.nodeId
                         && (rug.roleEnum == RoleEnum.LocalAdmin || rug.roleEnum == RoleEnum.Editor || rug.roleEnum == RoleEnum.Reader)).length > 0)
                 );
             },
             hasMediaAccess(): boolean {
-                return this.userAuthenticated && (this.resourceItem.resourceTypeEnum == this.ResourceType.AUDIO || this.resourceItem.resourceTypeEnum == this.ResourceType.VIDEO ) && (!(this.isGeneralUser && this.resourceItem.resourceAccessibilityEnum == this.ResourceAccessibility.FullAccess))
+                return this.userAuthenticated && (this.resourceItem.resourceTypeEnum == this.ResourceType.AUDIO || this.resourceItem.resourceTypeEnum == this.ResourceType.VIDEO) && (!(this.isGeneralUser && this.resourceItem.resourceAccessibilityEnum == this.ResourceAccessibility.FullAccess))
             },
             hasScormAccess(): boolean {
                 return this.userAuthenticated && this.resourceItem.resourceTypeEnum == this.ResourceType.SCORM && (!(this.isGeneralUser && this.resourceItem.resourceAccessibilityEnum == this.ResourceAccessibility.FullAccess))
@@ -146,12 +147,13 @@
                 this.mediaStartTime = parseInt(this.$route.query.mediaStartTime as string);
             }
             await this.getGeneralUser();
+            await this.getUserRole();
             await this.loadResourceItem(Number(this.$route.params.resId));
 
             if (this.userAuthenticated && this.resourceItem.catalogue.restrictedAccess) {
                 await this.loadRoleUserGroups();
             }
-            
+
 
             if (this.userAuthenticated && (this.resourceItem.resourceTypeEnum == ResourceType.VIDEO || this.resourceItem.resourceTypeEnum == ResourceType.AUDIO) && this.hasResourceAccess()) {
                 this.addMediaEventListeners();
@@ -165,8 +167,7 @@
 
             // call complete activity if resource type is media or scorm.
             if (this.userAuthenticated && (this.resourceItem.resourceTypeEnum === ResourceType.VIDEO || this.resourceItem.resourceTypeEnum === ResourceType.AUDIO) && this.hasResourceAccess()) {
-                //var isIE11 = (!!window.MSInputMethodContext && !!((<any>document).documentMode));
-                var isIE11 = (!!((window as any).MSInputMethodContext) && !!((document as any).documentMode));
+                var isIE11 = (!!window.MSInputMethodContext && !!((<any>document).documentMode));
                 var self = this;
 
                 if (isIE11) {
@@ -236,6 +237,9 @@
             async getGeneralUser(): Promise<void> {
                 this.isGeneralUser = await userData.isGeneralUser();
             },
+            async getUserRole(): Promise<void> {
+                this.IsSystemAdmin = await userData.IsSystemAdmin();
+            },
 
             hasResourceAccess(): boolean {
                 return this.userAuthenticated && (!(this.isGeneralUser && this.resourceItem.resourceAccessibilityEnum == this.ResourceAccessibility.FullAccess))
@@ -550,7 +554,7 @@
     .resource-item-row {
         margin-top: 32px;
     }
-    
+
     .border-bottom {
         border-bottom: 1px solid $nhsuk-grey-lighter;
         padding-bottom: 20px;
@@ -628,7 +632,6 @@
         color: #ffffff;
         background-color: transparent;
     }
-
 </style>
 
 <style lang="scss">

diff --git a/LearningHub.Nhs.WebUI/Scripts/vuesrc/resource/blocks/ImageCarouselViewer.vue b/LearningHub.Nhs.WebUI/Scripts/vuesrc/resource/blocks/ImageCarouselViewer.vue
@@ -38,7 +38,6 @@
     import ImagePublishedView from "../../contribute-resource/components/published-view/ImagePublishedView.vue";
     import { Carousel3d, Slide } from 'vue-carousel-3d';
     import ImageCarouselImageView from "./ImageCarouselImageView.vue";
-    let counterInterval: undefined | ReturnType<typeof setTimeout>;
 
     export default Vue.extend({
         components: {
@@ -50,7 +49,7 @@
         },
         data() {
             return {
-                counterInterval,  
+                counterInterval: 0,  
             }
         },
         created() {

diff --git a/LearningHub.Nhs.WebUI/Services/SearchService.cs b/LearningHub.Nhs.WebUI/Services/SearchService.cs
@@ -145,12 +145,9 @@ public async Task<SearchResultViewModel> PerformSearch(IPrincipal user, SearchRe
 
                         var generalAccessValue = (int)ResourceAccessibilityEnum.GeneralAccess;
                         var basicUserAudienceFilterItem = accessLevelFilters.Where(x => x.DisplayName == generalAccessValue.ToString()).FirstOrDefault();
-
-                        if (basicUserAudienceFilterItem != null)
-                        {
-                            var basicUserAudienceFilter = new SearchFilterModel() { DisplayName = ResourceAccessLevelHelper.GetPrettifiedResourceAccessLevelOptionDisplayName(ResourceAccessibilityEnum.GeneralAccess), Count = basicUserAudienceFilterItem.Count, Value = generalAccessValue.ToString(), Selected = (searchRequest.ResourceAccessLevelId ?? 0) == generalAccessValue };
-                            resourceAccessLevelFilters.Add(basicUserAudienceFilter);
-                        }
+                        var basicResourceAccesslevelCount = basicUserAudienceFilterItem?.Count ?? 0;
+                        var basicUserAudienceFilter = new SearchFilterModel() { DisplayName = ResourceAccessLevelHelper.GetPrettifiedResourceAccessLevelOptionDisplayName(ResourceAccessibilityEnum.GeneralAccess), Count = basicResourceAccesslevelCount, Value = generalAccessValue.ToString(), Selected = (searchRequest.ResourceAccessLevelId ?? 0) == generalAccessValue };
+                        resourceAccessLevelFilters.Add(basicUserAudienceFilter);
                     }
 
                     filters = resourceResult.Facets.Where(x => x.Id == "provider_ids").First().Filters;