121534: Removed unauthorized metadata-export-search request on search page for non-admins

Author: alexandrevryghem

src/app/shared/search/search-export-csv/search-export-csv.component.spec.ts

@@ -6,7 +6,6 @@ import { AuthorizationDataService } from '../../../core/data/feature-authorizati
 import { SearchExportCsvComponent } from './search-export-csv.component';
 import { ScriptDataService } from '../../../core/data/processes/script-data.service';
 import { createFailedRemoteDataObject$, createSuccessfulRemoteDataObject$ } from '../../remote-data.utils';
-import { Script } from '../../../process-page/scripts/script.model';
 import { Process } from '../../../process-page/processes/process.model';
 import { NotificationsServiceStub } from '../../testing/notifications-service.stub';
 import { NotificationsService } from '../../notifications/notifications.service';
@@ -25,7 +24,6 @@ describe('SearchExportCsvComponent', () => {
   let notificationsService;
   let router;
 
-  const script = Object.assign(new Script(), {id: 'metadata-export-search', name: 'metadata-export-search'});
   const process = Object.assign(new Process(), {processId: 5, scriptName: 'metadata-export-search'});
 
   const searchConfig = new PaginatedSearchOptions({
@@ -41,7 +39,7 @@ describe('SearchExportCsvComponent', () => {
 
   function initBeforeEachAsync() {
     scriptDataService = jasmine.createSpyObj('scriptDataService', {
-      findById: createSuccessfulRemoteDataObject$(script),
+      scriptWithNameExistsAndCanExecute: observableOf(true),
       invoke: createSuccessfulRemoteDataObject$(process)
     });
     authorizationDataService = jasmine.createSpyObj('authorizationService', {
@@ -110,15 +108,22 @@ describe('SearchExportCsvComponent', () => {
     describe('when the metadata-export-search script is not present', () => {
       beforeEach(waitForAsync(() => {
         initBeforeEachAsync();
-        (scriptDataService.findById as jasmine.Spy).and.returnValue(createFailedRemoteDataObject$('Not found', 404));
+        (scriptDataService.scriptWithNameExistsAndCanExecute as jasmine.Spy).and.returnValue(observableOf(false));
       }));
-      beforeEach(() => {
-        initBeforeEach();
-      });
+
       it('should should not add the button', () => {
+        initBeforeEach();
+
         const debugElement = fixture.debugElement.query(By.css('button.export-button'));
         expect(debugElement).toBeNull();
       });
+
+      it('should not call scriptWithNameExistsAndCanExecute when unauthorized', () => {
+        (authorizationDataService.isAuthorized as jasmine.Spy).and.returnValue(observableOf(false));
+        initBeforeEach();
+
+        expect(scriptDataService.scriptWithNameExistsAndCanExecute).not.toHaveBeenCalled();
+      });
     });
   });
   describe('export', () => {

src/app/shared/search/search-export-csv/search-export-csv.component.ts

@@ -1,8 +1,8 @@
 import { Component, Input, OnInit } from '@angular/core';
-import { combineLatest as observableCombineLatest, Observable } from 'rxjs';
+import { Observable } from 'rxjs';
 import { ScriptDataService } from '../../../core/data/processes/script-data.service';
 import { getFirstCompletedRemoteData } from '../../../core/shared/operators';
-import { map } from 'rxjs/operators';
+import { map, switchMap, filter, startWith } from 'rxjs/operators';
 import { FeatureID } from '../../../core/data/feature-authorization/feature-id';
 import { AuthorizationDataService } from '../../../core/data/feature-authorization/authorization-data.service';
 import { hasValue, isNotEmpty } from '../../empty.util';
@@ -13,6 +13,7 @@ import { NotificationsService } from '../../notifications/notifications.service'
 import { TranslateService } from '@ngx-translate/core';
 import { Router } from '@angular/router';
 import { PaginatedSearchOptions } from '../models/paginated-search-options.model';
+import { SearchFilter } from '../models/search-filter.model';
 
 @Component({
   selector: 'ds-search-export-csv',
@@ -48,15 +49,11 @@ export class SearchExportCsvComponent implements OnInit {
   }
 
   ngOnInit(): void {
-    const scriptExists$ = this.scriptDataService.findById('metadata-export-search').pipe(
-      getFirstCompletedRemoteData(),
-      map((rd) => rd.isSuccess && hasValue(rd.payload))
-    );
-
-    const isAuthorized$ = this.authorizationDataService.isAuthorized(FeatureID.AdministratorOf);
-
-    this.shouldShowButton$ = observableCombineLatest([scriptExists$, isAuthorized$]).pipe(
-      map(([scriptExists, isAuthorized]: [boolean, boolean]) => scriptExists && isAuthorized)
+    this.shouldShowButton$ = this.authorizationDataService.isAuthorized(FeatureID.AdministratorOf).pipe(
+      filter((isAuthorized: boolean) => isAuthorized),
+      switchMap(() => this.scriptDataService.scriptWithNameExistsAndCanExecute('metadata-export-search')),
+      map((canExecute: boolean) => canExecute),
+      startWith(false),
     );
   }
 
@@ -76,19 +73,19 @@ export class SearchExportCsvComponent implements OnInit {
         parameters.push({name: '-c', value: this.searchConfig.configuration});
       }
       if (isNotEmpty(this.searchConfig.filters)) {
-        this.searchConfig.filters.forEach((filter) => {
-          if (hasValue(filter.values)) {
-            filter.values.forEach((value) => {
+        this.searchConfig.filters.forEach((searchFilter: SearchFilter) => {
+          if (hasValue(searchFilter.values)) {
+            searchFilter.values.forEach((value: string) => {
               let operator;
               let filterValue;
-              if (hasValue(filter.operator)) {
-                operator = filter.operator;
+              if (hasValue(searchFilter.operator)) {
+                operator = searchFilter.operator;
                 filterValue = value;
               } else {
                 operator = value.substring(value.lastIndexOf(',') + 1);
                 filterValue = value.substring(0, value.lastIndexOf(','));
               }
-              const valueToAdd = `${filter.key.substring(2)},${operator}=${filterValue}`;
+              const valueToAdd = `${searchFilter.key.substring(2)},${operator}=${filterValue}`;
               parameters.push({name: '-f', value: valueToAdd});
             });
           }