From 70e55b2094c1aafe6930b748a487379c695ae904 Mon Sep 17 00:00:00 2001
From: milanmajchrak <milan.majchrak@dataquest.sk>
Date: Mon, 14 Jul 2025 16:52:28 +0200
Subject: [PATCH 1/2] Updated retrieving the dso object - redirect to 403
 instead of login page. Check if the user is signed in.

---
 src/app/core/data/dso-redirect.service.ts | 25 ++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/app/core/data/dso-redirect.service.ts b/src/app/core/data/dso-redirect.service.ts
index 431f7fb4be4..62a162764f1 100644
--- a/src/app/core/data/dso-redirect.service.ts
+++ b/src/app/core/data/dso-redirect.service.ts
@@ -8,7 +8,7 @@
 /* eslint-disable max-classes-per-file */
 import { Injectable, Inject } from '@angular/core';
 import { Observable } from 'rxjs';
-import { tap } from 'rxjs/operators';
+import { take, tap } from 'rxjs/operators';
 import { hasValue } from '../../shared/empty.util';
 import { RemoteDataBuildService } from '../cache/builders/remote-data-build.service';
 import { ObjectCacheService } from '../cache/object-cache.service';
@@ -19,7 +19,7 @@ import { RequestService } from './request.service';
 import { getFirstCompletedRemoteData } from '../shared/operators';
 import { DSpaceObject } from '../shared/dspace-object.model';
 import { IdentifiableDataService } from './base/identifiable-data.service';
-import { getDSORoute } from '../../app-routing-paths';
+import { getDSORoute, getForbiddenRoute } from '../../app-routing-paths';
 import { HardRedirectService } from '../services/hard-redirect.service';
 import { APP_CONFIG, AppConfig } from '../../../config/app-config.interface';
 import { Router } from '@angular/router';
@@ -45,7 +45,7 @@ class DsoByIdOrUUIDDataService extends IdentifiableDataService<DSpaceObject> {
       // interpolate id/uuid as query parameter
       (endpoint: string, resourceID: string): string => {
         return endpoint.replace(/{\?id}/, `?id=${resourceID}`)
-                       .replace(/{\?uuid}/, `?uuid=${resourceID}`);
+          .replace(/{\?uuid}/, `?uuid=${resourceID}`);
       },
     );
   }
@@ -110,10 +110,21 @@ export class DsoRedirectService {
         }
         // Redirect to login page if the user is not authenticated to see the requested page
         if (response.hasFailed && (response.statusCode === 401 || response.statusCode === 403)) {
-          // Extract redirect URL - remove `https://.../namespace` from the current URL. Keep only `handle/...`
-          const redirectUrl = this.extractHandlePath(window.location.href);
-          this.authService.setRedirectUrl(redirectUrl);
-          this.router.navigateByUrl('login');
+          const isAuthenticated$ = this.authService.isAuthenticated();
+          isAuthenticated$
+            .pipe(take(1))
+            .subscribe((isAuthenticated) => {
+              if (!isAuthenticated) {
+                // If the user is not authenticated, redirect to login page
+                // Extract redirect URL - remove `https://.../namespace` from the current URL. Keep only `handle/...`
+                const redirectUrl = this.extractHandlePath(window.location.href);
+                this.authService.setRedirectUrl(redirectUrl);
+                this.router.navigateByUrl('login');
+              } else {
+                // If the user is authenticated but still has no access, redirect to forbidden page
+                this.router.navigateByUrl(getForbiddenRoute());
+              }
+            });
         }
       })
     );

From 4276ebc6fa51d80c6bde994cbb6baed31aad4fcd Mon Sep 17 00:00:00 2001
From: milanmajchrak <milan.majchrak@dataquest.sk>
Date: Tue, 15 Jul 2025 08:42:54 +0200
Subject: [PATCH 2/2] Updated commend and fixed eslint warning

---
 src/app/core/data/dso-redirect.service.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/app/core/data/dso-redirect.service.ts b/src/app/core/data/dso-redirect.service.ts
index 62a162764f1..2010b753d88 100644
--- a/src/app/core/data/dso-redirect.service.ts
+++ b/src/app/core/data/dso-redirect.service.ts
@@ -108,7 +108,7 @@ export class DsoRedirectService {
             }
           }
         }
-        // Redirect to login page if the user is not authenticated to see the requested page
+        // Handle authentication errors: redirect unauthenticated users to login, authenticated users to forbidden page
         if (response.hasFailed && (response.statusCode === 401 || response.statusCode === 403)) {
           const isAuthenticated$ = this.authService.isAuthenticated();
           isAuthenticated$
@@ -119,10 +119,10 @@ export class DsoRedirectService {
                 // Extract redirect URL - remove `https://.../namespace` from the current URL. Keep only `handle/...`
                 const redirectUrl = this.extractHandlePath(window.location.href);
                 this.authService.setRedirectUrl(redirectUrl);
-                this.router.navigateByUrl('login');
+                void this.router.navigateByUrl('login');
               } else {
                 // If the user is authenticated but still has no access, redirect to forbidden page
-                this.router.navigateByUrl(getForbiddenRoute());
+                void this.router.navigateByUrl(getForbiddenRoute());
               }
             });
         }