Restructure the org-permissions guard to be Angular 17+ compliant (#9631)

* Document the `org-permissions` guard in code

* Restructure the `org-permissions` guard to be Angular 17+ compliant

* Update the `org-permissions` guard to use `ToastService`

* Simplify callback function sigantures

* Remove unused test object

* Fix updated route from merge

apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.spec.ts

@@ -1,3 +1,4 @@
+import { TestBed } from "@angular/core/testing";
 import {
   ActivatedRouteSnapshot,
   convertToParamMap,
@@ -10,10 +11,10 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction
 import { OrganizationUserType } from "@bitwarden/common/admin-console/enums";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { ToastService } from "@bitwarden/components";
 
-import { OrganizationPermissionsGuard } from "./org-permissions.guard";
+import { organizationPermissionsGuard } from "./org-permissions.guard";
 
 const orgFactory = (props: Partial<Organization> = {}) =>
   Object.assign(
@@ -32,8 +33,6 @@ describe("Organization Permissions Guard", () => {
   let state: MockProxy<RouterStateSnapshot>;
   let route: MockProxy<ActivatedRouteSnapshot>;
 
-  let organizationPermissionsGuard: OrganizationPermissionsGuard;
-
   beforeEach(() => {
     router = mock<Router>();
     organizationService = mock<OrganizationService>();
@@ -42,24 +41,25 @@ describe("Organization Permissions Guard", () => {
       params: {
         organizationId: orgFactory().id,
       },
-      data: {
-        organizationPermissions: null,
-      },
     });
 
-    organizationPermissionsGuard = new OrganizationPermissionsGuard(
+    TestBed.configureTestingModule({
-      router,
+      providers: [
-      organizationService,
+        { provide: Router, useValue: router },
-      mock<PlatformUtilsService>(),
+        { provide: OrganizationService, useValue: organizationService },
-      mock<I18nService>(),
+        { provide: ToastService, useValue: mock<ToastService>() },
-      mock<SyncService>(),
+        { provide: I18nService, useValue: mock<I18nService>() },
-    );
+        { provide: SyncService, useValue: mock<SyncService>() },
+      ],
+    });
   });
 
   it("blocks navigation if organization does not exist", async () => {
     organizationService.get.mockReturnValue(null);
 
-    const actual = await organizationPermissionsGuard.canActivate(route, state);
+    const actual = await TestBed.runInInjectionContext(
+      async () => await organizationPermissionsGuard()(route, state),
+    );
 
     expect(actual).not.toBe(true);
   });
@@ -68,22 +68,22 @@ describe("Organization Permissions Guard", () => {
     const org = orgFactory();
     organizationService.get.calledWith(org.id).mockResolvedValue(org);
 
-    const actual = await organizationPermissionsGuard.canActivate(route, state);
+    const actual = await TestBed.runInInjectionContext(async () =>
+      organizationPermissionsGuard()(route, state),
+    );
 
     expect(actual).toBe(true);
   });
 
   it("permits navigation if the user has permissions", async () => {
     const permissionsCallback = jest.fn();
-    permissionsCallback.mockImplementation((org) => true);
+    permissionsCallback.mockImplementation((_org) => true);
-    route.data = {
-      organizationPermissions: permissionsCallback,
-    };
-
     const org = orgFactory();
     organizationService.get.calledWith(org.id).mockResolvedValue(org);
 
-    const actual = await organizationPermissionsGuard.canActivate(route, state);
+    const actual = await TestBed.runInInjectionContext(
+      async () => await organizationPermissionsGuard(permissionsCallback)(route, state),
+    );
 
     expect(permissionsCallback).toHaveBeenCalled();
     expect(actual).toBe(true);
@@ -92,10 +92,7 @@ describe("Organization Permissions Guard", () => {
   describe("if the user does not have permissions", () => {
     it("and there is no Item ID, block navigation", async () => {
       const permissionsCallback = jest.fn();
-      permissionsCallback.mockImplementation((org) => false);
+      permissionsCallback.mockImplementation((_org) => false);
-      route.data = {
-        organizationPermissions: permissionsCallback,
-      };
 
       state = mock<RouterStateSnapshot>({
         root: mock<ActivatedRouteSnapshot>({
@@ -106,16 +103,15 @@ describe("Organization Permissions Guard", () => {
       const org = orgFactory();
       organizationService.get.calledWith(org.id).mockResolvedValue(org);
 
-      const actual = await organizationPermissionsGuard.canActivate(route, state);
+      const actual = await TestBed.runInInjectionContext(
+        async () => await organizationPermissionsGuard(permissionsCallback)(route, state),
+      );
 
       expect(permissionsCallback).toHaveBeenCalled();
       expect(actual).not.toBe(true);
     });
 
     it("and there is an Item ID, redirect to the item in the individual vault", async () => {
-      route.data = {
-        organizationPermissions: (org: Organization) => false,
-      };
       state = mock<RouterStateSnapshot>({
         root: mock<ActivatedRouteSnapshot>({
           queryParamMap: convertToParamMap({
@@ -126,7 +122,9 @@ describe("Organization Permissions Guard", () => {
       const org = orgFactory();
       organizationService.get.calledWith(org.id).mockResolvedValue(org);
 
-      const actual = await organizationPermissionsGuard.canActivate(route, state);
+      const actual = await TestBed.runInInjectionContext(
+        async () => await organizationPermissionsGuard((_org: Organization) => false)(route, state),
+      );
 
       expect(router.createUrlTree).toHaveBeenCalledWith(["/vault"], {
         queryParams: { itemId: "myItemId" },
@@ -143,7 +141,9 @@ describe("Organization Permissions Guard", () => {
       });
       organizationService.get.calledWith(org.id).mockResolvedValue(org);
 
-      const actual = await organizationPermissionsGuard.canActivate(route, state);
+      const actual = await TestBed.runInInjectionContext(
+        async () => await organizationPermissionsGuard()(route, state),
+      );
 
       expect(actual).not.toBe(true);
     });
@@ -155,7 +155,9 @@ describe("Organization Permissions Guard", () => {
       });
       organizationService.get.calledWith(org.id).mockResolvedValue(org);
 
-      const actual = await organizationPermissionsGuard.canActivate(route, state);
+      const actual = await TestBed.runInInjectionContext(
+        async () => await organizationPermissionsGuard()(route, state),
+      );
 
       expect(actual).toBe(true);
     });

apps/web/src/app/admin-console/organizations/guards/org-permissions.guard.ts

@@ -1,5 +1,10 @@
-import { Injectable } from "@angular/core";
+import { inject } from "@angular/core";
-import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from "@angular/router";
+import {
+  ActivatedRouteSnapshot,
+  CanActivateFn,
+  Router,
+  RouterStateSnapshot,
+} from "@angular/router";
 
 import {
   canAccessOrgAdmin,
@@ -7,43 +12,58 @@ import {
 } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { ToastService } from "@bitwarden/components";
 
-@Injectable({
+/**
-  providedIn: "root",
+ * `CanActivateFn` that asserts the logged in user has permission to access
-})
+ * the page being navigated to. Two high-level checks are performed:
-export class OrganizationPermissionsGuard implements CanActivate {
+ *
-  constructor(
+ * 1. If the user is not a member of the organization in the URL parameters, they
-    private router: Router,
+ *    are redirected to the home screen.
-    private organizationService: OrganizationService,
+ * 2. If the organization in the URL parameters is disabled and the user is not
-    private platformUtilsService: PlatformUtilsService,
+ *    an admin, they are redirected to the home screen.
-    private i18nService: I18nService,
+ *
-    private syncService: SyncService,
+ * In addition to these high level checks the guard accepts a callback
-  ) {}
+ * function as an argument that will be called to check for more granular
+ * permissions. Based on the return from callback one of the following
+ * will happen:
+ *
+ * 1. If the logged in user does not have the required permissions they are
+ *    redirected to `/organizations/{id}` or `/` based on admin console access
+ *    permissions.
+ * 2. If the logged in user does have the required permissions navigation
+ *    proceeds as expected.
+ */
+export function organizationPermissionsGuard(
+  permissionsCallback?: (organization: Organization) => boolean,
+): CanActivateFn {
+  return async (route: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
+    const router = inject(Router);
+    const organizationService = inject(OrganizationService);
+    const toastService = inject(ToastService);
+    const i18nService = inject(I18nService);
+    const syncService = inject(SyncService);
 
-  async canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
+    // TODO: We need to fix issue once and for all.
-    // TODO: We need to fix this issue once and for all.
+    if ((await syncService.getLastSync()) == null) {
-    if ((await this.syncService.getLastSync()) == null) {
+      await syncService.fullSync(false);
-      await this.syncService.fullSync(false);
     }
 
-    const org = await this.organizationService.get(route.params.organizationId);
+    const org = await organizationService.get(route.params.organizationId);
     if (org == null) {
-      return this.router.createUrlTree(["/"]);
+      return router.createUrlTree(["/"]);
     }
 
     if (!org.isOwner && !org.enabled) {
-      this.platformUtilsService.showToast(
+      toastService.showToast({
-        "error",
+        variant: "error",
-        null,
+        title: null,
-        this.i18nService.t("organizationIsDisabled"),
+        message: i18nService.t("organizationIsDisabled"),
-      );
+      });
-      return this.router.createUrlTree(["/"]);
+      return router.createUrlTree(["/"]);
     }
 
-    const permissionsCallback: (organization: Organization) => boolean =
-      route.data?.organizationPermissions;
     const hasPermissions = permissionsCallback == null || permissionsCallback(org);
 
     if (!hasPermissions) {
@@ -52,19 +72,23 @@ export class OrganizationPermissionsGuard implements CanActivate {
       const cipherId =
         state.root.queryParamMap.get("itemId") || state.root.queryParamMap.get("cipherId");
       if (cipherId) {
-        return this.router.createUrlTree(["/vault"], {
+        return router.createUrlTree(["/vault"], {
           queryParams: {
             itemId: cipherId,
           },
         });
       }
 
-      this.platformUtilsService.showToast("error", null, this.i18nService.t("accessDenied"));
+      toastService.showToast({
+        variant: "error",
+        title: null,
+        message: i18nService.t("accessDenied"),
+      });
       return canAccessOrgAdmin(org)
-        ? this.router.createUrlTree(["/organizations", org.id])
+        ? router.createUrlTree(["/organizations", org.id])
-        : this.router.createUrlTree(["/"]);
+        : router.createUrlTree(["/"]);
     }
 
     return true;
-  }
+  };
 }

apps/web/src/app/admin-console/organizations/members/members-routing.module.ts

@@ -3,7 +3,7 @@ import { RouterModule, Routes } from "@angular/router";
 
 import { canAccessMembersTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 
-import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard";
+import { organizationPermissionsGuard } from "../guards/org-permissions.guard";
 
 import { MembersComponent } from "./members.component";
 
@@ -11,10 +11,9 @@ const routes: Routes = [
   {
     path: "",
     component: MembersComponent,
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard(canAccessMembersTab)],
     data: {
       titleId: "members",
-      organizationPermissions: canAccessMembersTab,
     },
   },
 ];

apps/web/src/app/admin-console/organizations/organization-routing.module.ts

@@ -12,7 +12,7 @@ import {
 } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 
-import { OrganizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard";
+import { organizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard";
 import { organizationRedirectGuard } from "../../admin-console/organizations/guards/org-redirect.guard";
 import { OrganizationLayoutComponent } from "../../admin-console/organizations/layouts/organization-layout.component";
 import { GroupsComponent } from "../../admin-console/organizations/manage/groups.component";
@@ -23,10 +23,7 @@ const routes: Routes = [
   {
     path: ":organizationId",
     component: OrganizationLayoutComponent,
-    canActivate: [deepLinkGuard(), AuthGuard, OrganizationPermissionsGuard],
+    canActivate: [deepLinkGuard(), AuthGuard, organizationPermissionsGuard(canAccessOrgAdmin)],
-    data: {
-      organizationPermissions: canAccessOrgAdmin,
-    },
     children: [
       {
         path: "",
@@ -52,10 +49,9 @@ const routes: Routes = [
       {
         path: "groups",
         component: GroupsComponent,
-        canActivate: [OrganizationPermissionsGuard],
+        canActivate: [organizationPermissionsGuard(canAccessGroupsTab)],
         data: {
           titleId: "groups",
-          organizationPermissions: canAccessGroupsTab,
         },
       },
       {

apps/web/src/app/admin-console/organizations/reporting/organization-reporting-routing.module.ts

@@ -10,7 +10,7 @@ import { ReusedPasswordsReportComponent } from "../../../admin-console/organizat
 import { UnsecuredWebsitesReportComponent } from "../../../admin-console/organizations/tools/unsecured-websites-report.component";
 import { WeakPasswordsReportComponent } from "../../../admin-console/organizations/tools/weak-passwords-report.component";
 import { isPaidOrgGuard } from "../guards/is-paid-org.guard";
-import { OrganizationPermissionsGuard } from "../guards/org-permissions.guard";
+import { organizationPermissionsGuard } from "../guards/org-permissions.guard";
 import { organizationRedirectGuard } from "../guards/org-redirect.guard";
 import { EventsComponent } from "../manage/events.component";
 
@@ -19,8 +19,7 @@ import { ReportsHomeComponent } from "./reports-home.component";
 const routes: Routes = [
   {
     path: "",
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard(canAccessReportingTab)],
-    data: { organizationPermissions: canAccessReportingTab },
     children: [
       {
         path: "",
@@ -31,7 +30,7 @@ const routes: Routes = [
       {
         path: "reports",
         component: ReportsHomeComponent,
-        canActivate: [OrganizationPermissionsGuard],
+        canActivate: [organizationPermissionsGuard()],
         data: {
           titleId: "reports",
         },
@@ -81,10 +80,9 @@ const routes: Routes = [
       {
         path: "events",
         component: EventsComponent,
-        canActivate: [OrganizationPermissionsGuard],
+        canActivate: [organizationPermissionsGuard((org) => org.canAccessEventLogs)],
         data: {
           titleId: "eventLogs",
-          organizationPermissions: (org: Organization) => org.canAccessEventLogs,
         },
       },
     ],

apps/web/src/app/admin-console/organizations/settings/organization-settings-routing.module.ts

@@ -4,7 +4,7 @@ import { RouterModule, Routes } from "@angular/router";
 import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 
-import { OrganizationPermissionsGuard } from "../../organizations/guards/org-permissions.guard";
+import { organizationPermissionsGuard } from "../../organizations/guards/org-permissions.guard";
 import { organizationRedirectGuard } from "../../organizations/guards/org-redirect.guard";
 import { PoliciesComponent } from "../../organizations/policies";
 
@@ -14,8 +14,7 @@ import { TwoFactorSetupComponent } from "./two-factor-setup.component";
 const routes: Routes = [
   {
     path: "",
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard(canAccessSettingsTab)],
-    data: { organizationPermissions: canAccessSettingsTab },
     children: [
       {
         path: "",
@@ -32,9 +31,8 @@ const routes: Routes = [
       {
         path: "policies",
         component: PoliciesComponent,
-        canActivate: [OrganizationPermissionsGuard],
+        canActivate: [organizationPermissionsGuard((org) => org.canManagePolicies)],
         data: {
-          organizationPermissions: (org: Organization) => org.canManagePolicies,
           titleId: "policies",
         },
       },
@@ -45,10 +43,9 @@ const routes: Routes = [
             path: "import",
             loadComponent: () =>
               import("./org-import.component").then((mod) => mod.OrgImportComponent),
-            canActivate: [OrganizationPermissionsGuard],
+            canActivate: [organizationPermissionsGuard((org) => org.canAccessImportExport)],
             data: {
               titleId: "importData",
-              organizationPermissions: (org: Organization) => org.canAccessImportExport,
             },
           },
           {
@@ -57,10 +54,9 @@ const routes: Routes = [
               import("../tools/vault-export/org-vault-export.component").then(
                 (mod) => mod.OrganizationVaultExportComponent,
               ),
-            canActivate: [OrganizationPermissionsGuard],
+            canActivate: [organizationPermissionsGuard((org) => org.canAccessImportExport)],
             data: {
               titleId: "exportVault",
-              organizationPermissions: (org: Organization) => org.canAccessImportExport,
             },
           },
         ],

apps/web/src/app/billing/organizations/organization-billing-routing.module.ts

@@ -2,9 +2,8 @@ import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
 import { canAccessBillingTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
-import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 
-import { OrganizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard";
+import { organizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard";
 import { organizationIsUnmanaged } from "../../billing/guards/organization-is-unmanaged.guard";
 import { WebPlatformUtilsService } from "../../core/web-platform-utils.service";
 import { PaymentMethodComponent } from "../shared";
@@ -16,8 +15,7 @@ import { OrganizationSubscriptionSelfhostComponent } from "./organization-subscr
 const routes: Routes = [
   {
     path: "",
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard(canAccessBillingTab)],
-    data: { organizationPermissions: canAccessBillingTab },
     children: [
       { path: "", pathMatch: "full", redirectTo: "subscription" },
       {
@@ -30,19 +28,23 @@ const routes: Routes = [
       {
         path: "payment-method",
         component: PaymentMethodComponent,
-        canActivate: [OrganizationPermissionsGuard, organizationIsUnmanaged],
+        canActivate: [
+          organizationPermissionsGuard((org) => org.canEditPaymentMethods),
+          organizationIsUnmanaged,
+        ],
         data: {
           titleId: "paymentMethod",
-          organizationPermissions: (org: Organization) => org.canEditPaymentMethods,
         },
       },
       {
         path: "history",
         component: OrgBillingHistoryViewComponent,
-        canActivate: [OrganizationPermissionsGuard, organizationIsUnmanaged],
+        canActivate: [
+          organizationPermissionsGuard((org) => org.canViewBillingHistory),
+          organizationIsUnmanaged,
+        ],
         data: {
           titleId: "billingHistory",
-          organizationPermissions: (org: Organization) => org.canViewBillingHistory,
         },
       },
     ],

apps/web/src/app/vault/org-vault/vault-routing.module.ts

@@ -3,15 +3,15 @@ import { RouterModule, Routes } from "@angular/router";
 
 import { canAccessVaultTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 
-import { OrganizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard";
+import { organizationPermissionsGuard } from "../../admin-console/organizations/guards/org-permissions.guard";
 
 import { VaultComponent } from "./vault.component";
 const routes: Routes = [
   {
     path: "",
     component: VaultComponent,
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard(canAccessVaultTab)],
-    data: { titleId: "vaults", organizationPermissions: canAccessVaultTab },
+    data: { titleId: "vaults" },
   },
 ];
 @NgModule({

bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts

@@ -3,8 +3,7 @@ import { RouterModule, Routes } from "@angular/router";
 
 import { AuthGuard } from "@bitwarden/angular/auth/guards";
 import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
-import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { organizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
-import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
 import { OrganizationLayoutComponent } from "@bitwarden/web-vault/app/admin-console/organizations/layouts/organization-layout.component";
 
 import { SsoComponent } from "../../auth/sso/sso.component";
@@ -16,40 +15,34 @@ const routes: Routes = [
   {
     path: "organizations/:organizationId",
     component: OrganizationLayoutComponent,
-    canActivate: [AuthGuard, OrganizationPermissionsGuard],
+    canActivate: [AuthGuard, organizationPermissionsGuard()],
     children: [
       {
         path: "settings",
-        canActivate: [OrganizationPermissionsGuard],
+        canActivate: [organizationPermissionsGuard(canAccessSettingsTab)],
-        data: {
-          organizationPermissions: canAccessSettingsTab,
-        },
         children: [
           {
             path: "domain-verification",
             component: DomainVerificationComponent,
-            canActivate: [OrganizationPermissionsGuard],
+            canActivate: [organizationPermissionsGuard((org) => org.canManageDomainVerification)],
             data: {
               titleId: "domainVerification",
-              organizationPermissions: (org: Organization) => org.canManageDomainVerification,
             },
           },
           {
             path: "sso",
             component: SsoComponent,
-            canActivate: [OrganizationPermissionsGuard],
+            canActivate: [organizationPermissionsGuard((org) => org.canManageSso)],
             data: {
               titleId: "singleSignOn",
-              organizationPermissions: (org: Organization) => org.canManageSso,
             },
           },
           {
             path: "scim",
             component: ScimComponent,
-            canActivate: [OrganizationPermissionsGuard],
+            canActivate: [organizationPermissionsGuard((org) => org.canManageScim)],
             data: {
               titleId: "scim",
-              organizationPermissions: (org: Organization) => org.canManageScim,
             },
           },
           {
@@ -58,9 +51,8 @@ const routes: Routes = [
               import("./manage/device-approvals/device-approvals.component").then(
                 (mod) => mod.DeviceApprovalsComponent,
               ),
-            canActivate: [OrganizationPermissionsGuard],
+            canActivate: [organizationPermissionsGuard((org) => org.canManageDeviceApprovals)],
             data: {
-              organizationPermissions: (org: Organization) => org.canManageDeviceApprovals,
               titleId: "deviceApprovals",
             },
           },

bitwarden_license/bit-web/src/app/secrets-manager/settings/settings-routing.module.ts

@@ -1,8 +1,7 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
-import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { organizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
-import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
 
 import { SecretsManagerExportComponent } from "./porting/sm-export.component";
 import { SecretsManagerImportComponent } from "./porting/sm-import.component";
@@ -11,19 +10,17 @@ const routes: Routes = [
   {
     path: "import",
     component: SecretsManagerImportComponent,
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard((org) => org.isAdmin)],
     data: {
       titleId: "importData",
-      organizationPermissions: (org: Organization) => org.isAdmin,
     },
   },
   {
     path: "export",
     component: SecretsManagerExportComponent,
-    canActivate: [OrganizationPermissionsGuard],
+    canActivate: [organizationPermissionsGuard((org) => org.isAdmin)],
     data: {
       titleId: "exportData",
-      organizationPermissions: (org: Organization) => org.isAdmin,
     },
   },
 ];