fix(admin): privilege exception not thrown on member detail

kofzera · HejdaJakub · commit b561227da20c · 2023-11-06T10:26:05.000+01:00
Sponsors for member on member detail page are now fetched only
when user accessing the page can read sponsors in the VO.
diff --git a/apps/admin-gui/src/app/vos/pages/member-detail-page/member-overview/member-overview.component.html b/apps/admin-gui/src/app/vos/pages/member-detail-page/member-overview/member-overview.component.html
@@ -79,7 +79,7 @@ <h1 class="page-subtitle">{{'MEMBER_DETAIL.OVERVIEW.SPONSORSHIP' | translate}}</
           </mat-card-subtitle>
         </mat-card-header>
         <mat-card-content class="column-center">
-          <div *ngIf="member.sponsored" class="mt-3">
+          <div *ngIf="member.sponsored && this.canReadSponsors" class="mt-3">
             <h6 class="d-flex align-items-center">
               {{'MEMBER_DETAIL.OVERVIEW.SPONSORS' | translate}}:
               <button
diff --git a/apps/admin-gui/src/app/vos/pages/member-detail-page/member-overview/member-overview.component.ts b/apps/admin-gui/src/app/vos/pages/member-detail-page/member-overview/member-overview.component.ts
@@ -48,6 +48,7 @@ export class MemberOverviewComponent implements OnInit {
   loading = false;
   pwdResetAuth: boolean;
   isSponsor = false;
+  canReadSponsors = false;
   isPerunAdmin = false;
   sponsorButtonEnabled = false;
 
@@ -96,12 +97,11 @@ export class MemberOverviewComponent implements OnInit {
             );
             this.isPerunAdmin = this.authResolver.isPerunAdmin();
             this.isSponsor = this.authResolver.principalHasRole(Role.SPONSOR, 'Vo', this.vo.id);
-            if (
-              this.member.sponsored &&
-              this.authResolver.isAuthorized('getSponsorsForMember_Member_List<String>_policy', [
-                this.member,
-              ])
-            ) {
+            this.canReadSponsors = this.authResolver.isAuthorized(
+              'getSponsorsForMember_Member_List<String>_policy',
+              [this.member],
+            );
+            if (this.member.sponsored && this.canReadSponsors) {
               this.usersManager.getSponsorsForMember(this.member.id, null).subscribe((sponsors) => {
                 this.sponsors = sponsors;
                 this.sponsorsDataSource = new MatTableDataSource<Sponsor>(this.sponsors);
@@ -255,10 +255,10 @@ export class MemberOverviewComponent implements OnInit {
     this.membersService.getRichMemberWithAttributes(this.member.id).subscribe({
       next: (member) => {
         this.member = member;
-        this.findSponsors.getSponsors(member.voId).subscribe((sponsors) => {
-          this.voSponsors = sponsors;
-        });
-        if (member.sponsored) {
+        if (member.sponsored && this.canReadSponsors) {
+          this.findSponsors.getSponsors(member.voId).subscribe((sponsors) => {
+            this.voSponsors = sponsors;
+          });
           this.usersManager.getSponsorsForMember(this.member.id, null).subscribe((sponsors) => {
             this.sponsors = sponsors;
             this.sponsorsDataSource.data = this.sponsors;
