Skip to content

Commit

Permalink
chore(permissions): item and holdings
Browse files Browse the repository at this point in the history
Access to the resource was limited to the current organisation.
This protects sensitive data.

Co-Authored-by: Bertrand Zuchuat <[email protected]>
  • Loading branch information
Garfield-fr committed Apr 10, 2024
1 parent c4e3726 commit bcfed0d
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 0 deletions.
15 changes: 15 additions & 0 deletions projects/admin/src/app/routes/base-route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,20 @@ export class BaseRoute {
};
}

/**
* Can read record
* @param record - the record
* @returns Observable boolean
*/
protected canRead(record: any) {
const organisationPid = this._routeToolService.userService.user
.currentOrganisation;
const recordOrganisationPid = ('organisation' in record.metadata)
? record.metadata.organisation.pid
: false;
return of({ can: organisationPid === recordOrganisationPid, message: '' });
}

/**
* Expert search link
* @return string, link of help page
Expand All @@ -153,3 +167,4 @@ export class BaseRoute {
: defaultPath;
}
}

1 change: 1 addition & 0 deletions projects/admin/src/app/routes/holdings-route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ export class HoldingsRoute extends BaseRoute implements RouteInterface {
}
},
detailComponent: HoldingDetailViewComponent,
canRead: (record: any) => this.canRead(record),
canAdd: () => of({ can: this._routeToolService.permissionsService.canAccess(PERMISSIONS.HOLD_CREATE) }),
permissions: (record: any) => this._routeToolService.permissions(record, this.recordType, true),
preCreateRecord: (data: any) => {
Expand Down
1 change: 1 addition & 0 deletions projects/admin/src/app/routes/items-route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ export class ItemsRoute extends BaseRoute implements RouteInterface {
preFilters: {
organisation: null
},
canRead: (record: any) => this.canRead(record),
canAdd: () => of({can: false}),
permissions: (record: any) => this._routeToolService.permissions(record, this.recordType, false),
preprocessRecordEditor: (record: any) => {
Expand Down

0 comments on commit bcfed0d

Please sign in to comment.