Change restrictor for Orgaadmin

client/src/app/domain/models/meetings/meeting.ts

@@ -209,7 +209,7 @@ export class Settings {
 
 export class Meeting extends BaseModel<Meeting> {
     public static COLLECTION = `meeting`;
-    public static ACCESSIBILITY_FIELD: keyof Meeting = `projector_countdown_default_time`;
+    public static ACCESSIBILITY_FIELD: keyof Meeting = `language`;
 
     public imported_at!: number;
 

client/src/app/site/pages/meetings/pages/history/components/history-list/history-list.component.ts

@@ -5,7 +5,6 @@ import { ActivatedRoute } from '@angular/router';
 import { TranslateService } from '@ngx-translate/core';
 import { Observable, Subject } from 'rxjs';
 import { Collection, Fqid, Id } from 'src/app/domain/definitions/key-types';
-import { OML } from 'src/app/domain/definitions/organization-permission';
 import { Selectable } from 'src/app/domain/interfaces';
 import { BaseModel } from 'src/app/domain/models/base/base-model';
 import { HistoryPosition, HistoryPresenterService } from 'src/app/gateways/presenter/history-presenter.service';
@@ -93,10 +92,6 @@ export class HistoryListComponent extends BaseMeetingComponent implements OnInit
         }
     }
 
-    public get isSuperadmin(): boolean {
-        return this.operator.hasOrganizationPermissions(OML.superadmin);
-    }
-
     public constructor(
         protected override translate: TranslateService,
         private viewModelStore: ViewModelStoreService,

client/src/app/site/pages/meetings/pages/participants/modules/groups/components/group-list/group-list.component.ts

@@ -297,6 +297,6 @@ export class GroupListComponent extends BaseMeetingComponent implements OnInit,
      * Function to allow to edit the external_id
      */
     public get allowExternalId(): boolean {
-        return this.operator.isMeetingAdmin || this.operator.isSuperAdmin;
+        return this.operator.isMeetingAdmin || this.operator.canSkipPermissionCheck;
     }
 }

client/src/app/site/pages/meetings/view-models/view-meeting.ts

@@ -139,6 +139,10 @@ export class ViewMeeting extends BaseHasMeetingUsersViewModel<Meeting> {
     public canBeEnteredBy(user: ViewUser): boolean {
         return !this.locked_from_inside || user.group_ids(this.id).length > 0;
     }
+
+    public canEditMeetingSetting(user: ViewUser): boolean {
+        return user.getMeetingUser(this.id)?.group_ids.includes(this.meeting.admin_group_id);
+    }
 }
 interface IMeetingRelations {
     motions_default_workflow: ViewMotionWorkflow;

client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-add-to-meetings/account-add-to-meetings.component.ts

@@ -109,7 +109,7 @@ export class AccountAddToMeetingsComponent extends BaseUiComponent implements On
                 .getViewModelListObservable()
                 .pipe(
                     map(meetings =>
-                        this.operator.isSuperAdmin
+                        this.operator.canSkipPermissionCheck
                             ? meetings.filter(meeting => !meeting.locked_from_inside)
                             : meetings.filter(
                                   meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside

client/src/app/site/pages/organization/pages/accounts/pages/account-detail/components/account-detail/account-detail.component.ts

@@ -57,7 +57,10 @@ export class AccountDetailComponent extends BaseComponent implements OnInit {
     }
 
     public get orgaManagementLevelChangeDisabled(): boolean {
-        return this.user?.id === this.operator.operatorId && this.operator.isSuperAdmin;
+        return (
+            this.user?.id === this.operator.operatorId &&
+            (this.operator.isSuperAdmin || this.operator.isOrgaManager || this.operator.isAccountAdmin)
+        );
     }
 
     @ViewChild(UserDetailViewComponent, { static: false })
@@ -253,7 +256,7 @@ export class AccountDetailComponent extends BaseComponent implements OnInit {
                 is_public: meeting.publicAccessPossible(),
                 is_accessible:
                     (meeting.canAccess() && this.operator.isInMeeting(meeting.id)) ||
-                    (!meeting.locked_from_inside && this.operator.isSuperAdmin)
+                    (!meeting.locked_from_inside && this.operator.canSkipPermissionCheck)
             };
         });
         this._tableData = tableData;

client/src/app/site/pages/organization/pages/accounts/pages/account-list/components/account-list/account-list.component.ts

@@ -113,7 +113,7 @@ export class AccountListComponent extends BaseListViewComponent<ViewUser> {
         const meetings = this.meetingRepo.getViewModelList();
         const result = await this.choiceService.open<ViewMeeting>({
             title,
-            choices: this.operator.isSuperAdmin
+            choices: this.operator.canSkipPermissionCheck
                 ? meetings.filter(meeting => !meeting.locked_from_inside)
                 : meetings.filter(meeting => this.operator.isInMeeting(meeting.id) && !meeting.locked_from_inside),
             multiSelect: true,

client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.html

@@ -21,7 +21,7 @@
             @if (meeting.isArchived) {
                 <mat-label class="archived-label">{{ 'Archived' | translate }}</mat-label>
             }
-            <ng-container *osCmlPerms="CML.can_manage; committeeId: committee.id; nonAdminCheck: true">
+            <ng-container *osCmlPerms="CML.can_manage; committeeId: committee.id">
                 @if (isTemplateMeeting) {
                     <div class="template-indicator">
                         <mat-icon [matTooltip]="'Public template' | translate">star</mat-icon>
@@ -131,7 +131,7 @@
 
 <mat-menu #meetingMenu="matMenu">
     <ng-template matMenuContent>
-        @if (!meeting.isArchived && (meeting?.canBeEnteredBy(operator.user) || operator.isSuperAdmin)) {
+        @if (!meeting.isArchived && (meeting?.canBeEnteredBy(operator.user) || operator.canSkipPermissionCheck)) {
             <a mat-menu-item [routerLink]="['meeting', 'edit', meeting.id]">
                 <mat-icon>edit</mat-icon>
                 <span>{{ 'Edit' | translate }}</span>
@@ -145,7 +145,7 @@
                 <span>{{ 'Public template' | translate }}</span>
             </button>
         }
-        @if (!isLockedFromInside) {
+        @if (canEditMeetingSetting) {
             <button mat-menu-item (click)="onDuplicate()">
                 <mat-icon>file_copy</mat-icon>
                 <span>{{ 'Duplicate' | translate }}</span>
@@ -167,10 +167,12 @@
                 <span>{{ 'Export' | translate }}</span>
             </button>
         }
-        <mat-divider></mat-divider>
-        <button class="red-warning-text" mat-menu-item (click)="onDeleteMeeting()">
-            <mat-icon>delete</mat-icon>
-            <span>{{ 'Delete' | translate }}</span>
-        </button>
+        @if (canEditMeetingSetting) {
+            <mat-divider></mat-divider>
+            <button class="red-warning-text" mat-menu-item (click)="onDeleteMeeting()">
+                <mat-icon>delete</mat-icon>
+                <span>{{ 'Delete' | translate }}</span>
+            </button>
+        }
     </ng-template>
 </mat-menu>

client/src/app/site/pages/organization/pages/committees/modules/committee-meeting-preview/committee-meeting-preview.component.ts

@@ -1,5 +1,6 @@
-import { Component, Input, ViewEncapsulation } from '@angular/core';
+import { ChangeDetectorRef, Component, Input, OnDestroy, OnInit, ViewEncapsulation } from '@angular/core';
 import { TranslateService } from '@ngx-translate/core';
+import { Subscription } from 'rxjs';
 import { CML, OML } from 'src/app/domain/definitions/organization-permission';
 import { MeetingControllerService } from 'src/app/site/pages/meetings/services/meeting-controller.service';
 import { ViewMeeting } from 'src/app/site/pages/meetings/view-models/view-meeting';
@@ -16,7 +17,7 @@ import { MeetingService } from '../services/meeting.service';
     styleUrls: [`./committee-meeting-preview.component.scss`],
     encapsulation: ViewEncapsulation.None
 })
-export class CommitteeMeetingPreviewComponent {
+export class CommitteeMeetingPreviewComponent implements OnDestroy, OnInit {
     @Input() public meeting!: ViewMeeting;
     @Input() public committee!: ViewCommittee;
     @Input() public isCMAndRequireDuplicateFrom!: boolean;
@@ -64,14 +65,46 @@ export class CommitteeMeetingPreviewComponent {
         return this.meeting?.locked_from_inside;
     }
 
+    public get canEditMeetingSetting(): boolean {
+        return this._canEditMeetingSetting;
+    }
+
+    private _canEditMeetingSetting = true;
+    private _canEditMeetingSubscription: Subscription;
+
     public constructor(
+        private cd: ChangeDetectorRef,
         private translate: TranslateService,
         private meetingRepo: MeetingControllerService,
         private meetingService: MeetingService,
         private promptService: PromptService,
         public operator: OperatorService
     ) {}
 
+    /**
+     * Get the subject
+     */
+    public ngOnInit(): void {
+        this._canEditMeetingSubscription = this.operator.operatorUpdated.subscribe(() => {
+            if (this.isLockedFromInside && !this.operator.isSuperAdmin) {
+                this._canEditMeetingSetting = this.meeting.canEditMeetingSetting(this.operator.user);
+            } else {
+                this._canEditMeetingSetting = true;
+            }
+        });
+    }
+
+    /**
+     * clear the Subscriptions
+     */
+    public ngOnDestroy(): void {
+        if (this._canEditMeetingSubscription) {
+            this._canEditMeetingSubscription.unsubscribe();
+            this._canEditMeetingSubscription = null;
+        }
+        this.cd.detach();
+    }
+
     public async onArchive(): Promise<void> {
         const title = this.translate.instant(`Are you sure you want to archive this meeting?`);
         const content = this.translate.instant(`Attention: This action cannot be undone!`);

client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-meeting/components/meeting-edit/meeting-edit.component.ts

@@ -277,7 +277,7 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private onAfterCreateForm(): void {
         this.enableFormControls();
-        if (!this.operator.isSuperAdmin && !this.isMeetingAdmin && !this.isCreateView) {
+        if (!this.operator.canSkipPermissionCheck && !this.isMeetingAdmin && !this.isCreateView) {
             Object.keys(this.meetingForm.controls).forEach(controlName => {
                 if (!ORGA_ADMIN_ALLOWED_CONTROLNAMES.includes(controlName)) {
                     this.meetingForm.get(controlName)!.disable();
@@ -347,7 +347,7 @@ export class MeetingEditComponent extends BaseComponent implements OnInit {
 
     private async doUpdateMeeting(): Promise<void> {
         const options =
-            this.operator.isSuperAdmin && !this.isMeetingAdmin && this.editMeeting?.locked_from_inside
+            this.operator.canSkipPermissionCheck && !this.isMeetingAdmin && this.editMeeting?.locked_from_inside
                 ? {}
                 : this.getUsersToUpdateForMeetingObject();
         await this.meetingRepo.update(this.sanitizePayload(this.getPayload()), {

client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.html

@@ -1,6 +1,6 @@
 <os-head-bar
     [customMenu]="true"
-    [hasMainButton]="canManageMeetingsInCommittee"
+    [hasMainButton]="canManageCommittee"
     [mainActionTooltip]="'New meeting' | translate"
     [nav]="false"
     (mainEvent)="onCreateMeeting()"

client/src/app/site/pages/organization/pages/committees/pages/committee-detail/modules/committee-detail-view/components/committee-detail-view/committee-detail-view.component.ts

@@ -30,10 +30,6 @@ export class CommitteeDetailViewComponent extends BaseUiComponent {
     public forwardingExpanded = false;
     public requireDuplicateFrom = false;
 
-    public get canManageMeetingsInCommittee(): boolean {
-        return this.operator.hasCommitteePermissionsNonAdminCheck(this.committeeId, CML.can_manage);
-    }
-
     public get canManageCommittee(): boolean {
         return this.operator.hasCommitteePermissions(this.committeeId, CML.can_manage);
     }

client/src/app/site/pages/organization/pages/dashboard/pages/dashboard-detail/components/dashboard/dashboard.component.ts

@@ -85,7 +85,7 @@ export class DashboardComponent extends BaseComponent {
                 const filteredMeetings = meetings.filter(
                     meeting =>
                         this.operator.isInMeeting(meeting.id) ||
-                        this.operator.isSuperAdmin ||
+                        this.operator.canSkipPermissionCheck ||
                         (meeting.publicAccessPossible() && this.operator.isAnonymous)
                 );
                 const currentDate = new Date();

client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/components/meeting-list/meeting-list.component.html

@@ -70,12 +70,7 @@ <h2>{{ 'Meetings' | translate }}</h2>
 
                     <!-- Is Template -->
                     <span
-                        *osCmlPerms="
-                            CML.can_manage;
-                            committeeId: meeting.committee_id;
-                            nonAdminCheck: true;
-                            and: meeting.isTemplate
-                        "
+                        *osCmlPerms="CML.can_manage; committeeId: meeting.committee_id; and: meeting.isTemplate"
                         class="icon-prefix"
                     >
                         <mat-icon [matTooltip]="'Public template' | translate">star</mat-icon>
@@ -181,7 +176,7 @@ <h2>{{ 'Meetings' | translate }}</h2>
 
     <div *osScrollingTableCell="'menu'; row as meeting; config: { width: 40 }">
         <button
-            *osCmlPerms="CML.can_manage; committeeId: meeting.committee?.id; nonAdminCheck: true"
+            *osCmlPerms="CML.can_manage; committeeId: meeting.committee?.id"
             data-cy="meetingListSingleMenuTrigger"
             mat-icon-button
             [disabled]="isMultiSelect"

client/src/app/site/pages/organization/pages/orga-meetings/pages/meeting-list/services/meeting-list-filter/meeting-list-filter.service.ts

@@ -81,7 +81,7 @@ export class MeetingListFilterService extends BaseFilterListService<ViewMeeting>
     }
 
     protected override preFilter(rawInputData: ViewMeeting[]): ViewMeeting[] {
-        return this.operator.isSuperAdmin
+        return this.operator.canSkipPermissionCheck
             ? rawInputData
             : rawInputData.filter(meeting => this.operator.isInMeeting(meeting.id));
     }

client/src/app/site/services/auth-check.service.ts

@@ -103,7 +103,7 @@ export class AuthCheckService {
         await this.fetchMeetingIfNotExists(+meetingIdString);
 
         await this.operator.ready;
-        return this.operator.isInMeeting(Number(meetingIdString)) || this.operator.isSuperAdmin;
+        return this.operator.isInMeeting(Number(meetingIdString)) || this.operator.canSkipPermissionCheck;
     }
 
     private async fetchMeetingIfNotExists(meetingId: Id): Promise<void> {