Fix: Dont attempt to retrieve objects for which user doesnt have global permissions (#5612)

2025-07-30 18:27:45 -05:00 · 2024-02-01 01:20:14 -08:00
parent 97c05c60b7
commit b719a2a673
14 changed files with 375 additions and 143 deletions
--- a/src-ui/src/app/components/document-list/bulk-editor/bulk-editor.component.html
+++ b/src-ui/src/app/components/document-list/bulk-editor/bulk-editor.component.html
@@ -17,51 +17,59 @@
        </div>
        <div class="d-flex align-items-center gap-2" *pngxIfPermissions="{ action: PermissionAction.Change, type: PermissionType.Document }">
          <label class="me-2" i18n>Edit:</label>
-          <pngx-filterable-dropdown title="Tags" icon="tag-fill" i18n-title
-            filterPlaceholder="Filter tags" i18n-filterPlaceholder
-            [items]="tags"
-            [disabled]="!userCanEditAll"
-            [editing]="true"
-            [manyToOne]="true"
-            [applyOnClose]="applyOnClose"
-            (opened)="openTagsDropdown()"
-            [(selectionModel)]="tagSelectionModel"
-            [documentCounts]="tagDocumentCounts"
-            (apply)="setTags($event)">
-          </pngx-filterable-dropdown>
-          <pngx-filterable-dropdown title="Correspondent" icon="person-fill" i18n-title
-            filterPlaceholder="Filter correspondents" i18n-filterPlaceholder
-            [items]="correspondents"
-            [disabled]="!userCanEditAll"
-            [editing]="true"
-            [applyOnClose]="applyOnClose"
-            (opened)="openCorrespondentDropdown()"
-            [(selectionModel)]="correspondentSelectionModel"
-            [documentCounts]="correspondentDocumentCounts"
-            (apply)="setCorrespondents($event)">
-          </pngx-filterable-dropdown>
-          <pngx-filterable-dropdown title="Document type" icon="file-earmark-fill" i18n-title
-            filterPlaceholder="Filter document types" i18n-filterPlaceholder
-            [items]="documentTypes"
-            [disabled]="!userCanEditAll"
-            [editing]="true"
-            [applyOnClose]="applyOnClose"
-            (opened)="openDocumentTypeDropdown()"
-            [(selectionModel)]="documentTypeSelectionModel"
-            [documentCounts]="documentTypeDocumentCounts"
-            (apply)="setDocumentTypes($event)">
-          </pngx-filterable-dropdown>
-          <pngx-filterable-dropdown title="Storage path" icon="folder-fill" i18n-title
-            filterPlaceholder="Filter storage paths" i18n-filterPlaceholder
-            [items]="storagePaths"
-            [disabled]="!userCanEditAll"
-            [editing]="true"
-            [applyOnClose]="applyOnClose"
-            (opened)="openStoragePathDropdown()"
-            [(selectionModel)]="storagePathsSelectionModel"
-            [documentCounts]="storagePathDocumentCounts"
-            (apply)="setStoragePaths($event)">
-          </pngx-filterable-dropdown>
+          @if (permissionService.currentUserCan(PermissionAction.View, PermissionType.Tag)) {
+            <pngx-filterable-dropdown title="Tags" icon="tag-fill" i18n-title
+              filterPlaceholder="Filter tags" i18n-filterPlaceholder
+              [items]="tags"
+              [disabled]="!userCanEditAll"
+              [editing]="true"
+              [manyToOne]="true"
+              [applyOnClose]="applyOnClose"
+              (opened)="openTagsDropdown()"
+              [(selectionModel)]="tagSelectionModel"
+              [documentCounts]="tagDocumentCounts"
+              (apply)="setTags($event)">
+            </pngx-filterable-dropdown>
+          }
+          @if (permissionService.currentUserCan(PermissionAction.View, PermissionType.Correspondent)) {
+            <pngx-filterable-dropdown title="Correspondent" icon="person-fill" i18n-title
+              filterPlaceholder="Filter correspondents" i18n-filterPlaceholder
+              [items]="correspondents"
+              [disabled]="!userCanEditAll"
+              [editing]="true"
+              [applyOnClose]="applyOnClose"
+              (opened)="openCorrespondentDropdown()"
+              [(selectionModel)]="correspondentSelectionModel"
+              [documentCounts]="correspondentDocumentCounts"
+              (apply)="setCorrespondents($event)">
+            </pngx-filterable-dropdown>
+          }
+          @if (permissionService.currentUserCan(PermissionAction.View, PermissionType.DocumentType)) {
+            <pngx-filterable-dropdown title="Document type" icon="file-earmark-fill" i18n-title
+              filterPlaceholder="Filter document types" i18n-filterPlaceholder
+              [items]="documentTypes"
+              [disabled]="!userCanEditAll"
+              [editing]="true"
+              [applyOnClose]="applyOnClose"
+              (opened)="openDocumentTypeDropdown()"
+              [(selectionModel)]="documentTypeSelectionModel"
+              [documentCounts]="documentTypeDocumentCounts"
+              (apply)="setDocumentTypes($event)">
+            </pngx-filterable-dropdown>
+          }
+          @if (permissionService.currentUserCan(PermissionAction.View, PermissionType.StoragePath)) {
+            <pngx-filterable-dropdown title="Storage path" icon="folder-fill" i18n-title
+              filterPlaceholder="Filter storage paths" i18n-filterPlaceholder
+              [items]="storagePaths"
+              [disabled]="!userCanEditAll"
+              [editing]="true"
+              [applyOnClose]="applyOnClose"
+              (opened)="openStoragePathDropdown()"
+              [(selectionModel)]="storagePathsSelectionModel"
+              [documentCounts]="storagePathDocumentCounts"
+              (apply)="setStoragePaths($event)">
+            </pngx-filterable-dropdown>
+          }
        </div>
        <div class="d-flex align-items-center gap-2 ms-auto">
          <div class="btn-toolbar">
--- a/src-ui/src/app/components/document-list/bulk-editor/bulk-editor.component.spec.ts
+++ b/src-ui/src/app/components/document-list/bulk-editor/bulk-editor.component.spec.ts
@@ -868,4 +868,22 @@ describe('BulkEditorComponent', () => {
      `${environment.apiBaseUrl}documents/?page=1&page_size=100000&fields=id`
    ) // listAllFilteredIds
  })
+
+  it('should not attempt to retrieve objects if user does not have permissions', () => {
+    jest.spyOn(permissionsService, 'currentUserCan').mockReturnValue(true)
+    expect(component.tags).toBeUndefined()
+    expect(component.correspondents).toBeUndefined()
+    expect(component.documentTypes).toBeUndefined()
+    expect(component.storagePaths).toBeUndefined()
+    httpTestingController.expectNone(`${environment.apiBaseUrl}documents/tags/`)
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/correspondents/`
+    )
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/document_types/`
+    )
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/storage_paths/`
+    )
+  })
 })
--- a/src-ui/src/app/components/document-list/bulk-editor/bulk-editor.component.ts
+++ b/src-ui/src/app/components/document-list/bulk-editor/bulk-editor.component.ts
@@ -115,22 +115,50 @@ export class BulkEditorComponent
  }

  ngOnInit() {
-    this.tagService
-      .listAll()
-      .pipe(first())
-      .subscribe((result) => (this.tags = result.results))
-    this.correspondentService
-      .listAll()
-      .pipe(first())
-      .subscribe((result) => (this.correspondents = result.results))
-    this.documentTypeService
-      .listAll()
-      .pipe(first())
-      .subscribe((result) => (this.documentTypes = result.results))
-    this.storagePathService
-      .listAll()
-      .pipe(first())
-      .subscribe((result) => (this.storagePaths = result.results))
+    if (
+      this.permissionService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.Tag
+      )
+    ) {
+      this.tagService
+        .listAll()
+        .pipe(first())
+        .subscribe((result) => (this.tags = result.results))
+    }
+    if (
+      this.permissionService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.Correspondent
+      )
+    ) {
+      this.correspondentService
+        .listAll()
+        .pipe(first())
+        .subscribe((result) => (this.correspondents = result.results))
+    }
+    if (
+      this.permissionService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.DocumentType
+      )
+    ) {
+      this.documentTypeService
+        .listAll()
+        .pipe(first())
+        .subscribe((result) => (this.documentTypes = result.results))
+    }
+    if (
+      this.permissionService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.StoragePath
+      )
+    ) {
+      this.storagePathService
+        .listAll()
+        .pipe(first())
+        .subscribe((result) => (this.storagePaths = result.results))
+    }

    this.downloadForm
      .get('downloadFileTypeArchive')
--- a/src-ui/src/app/components/document-list/document-card-small/document-card-small.component.ts
+++ b/src-ui/src/app/components/document-list/document-card-small/document-card-small.component.ts
@@ -79,7 +79,7 @@ export class DocumentCardSmallComponent extends ComponentWithPermissions {

  getTagsLimited$() {
    const limit = this.document.notes.length > 0 ? 6 : 7
-    return this.document.tags$.pipe(
+    return this.document.tags$?.pipe(
      map((tags) => {
        if (tags.length > limit) {
          this.moreTags = tags.length - (limit - 1)
--- a/src-ui/src/app/components/document-list/filter-editor/filter-editor.component.html
+++ b/src-ui/src/app/components/document-list/filter-editor/filter-editor.component.html
@@ -29,7 +29,8 @@
  <div class="col-auto">
    <div class="d-flex flex-wrap gap-3">
      <div class="d-flex flex-wrap gap-2">
-        <pngx-filterable-dropdown class="flex-fill" title="Tags" icon="tag-fill" i18n-title
+        @if (permissionsService.currentUserCan(PermissionAction.View, PermissionType.Tag)) {
+          <pngx-filterable-dropdown class="flex-fill" title="Tags" icon="tag-fill" i18n-title
          filterPlaceholder="Filter tags" i18n-filterPlaceholder
          [items]="tags"
          [manyToOne]="true"
@@ -37,31 +38,38 @@
          (selectionModelChange)="updateRules()"
          (opened)="onTagsDropdownOpen()"
          [documentCounts]="tagDocumentCounts"
-        [allowSelectNone]="true"></pngx-filterable-dropdown>
-        <pngx-filterable-dropdown class="flex-fill" title="Correspondent" icon="person-fill" i18n-title
+          [allowSelectNone]="true"></pngx-filterable-dropdown>
+        }
+        @if (permissionsService.currentUserCan(PermissionAction.View, PermissionType.Correspondent)) {
+          <pngx-filterable-dropdown class="flex-fill" title="Correspondent" icon="person-fill" i18n-title
          filterPlaceholder="Filter correspondents" i18n-filterPlaceholder
          [items]="correspondents"
          [(selectionModel)]="correspondentSelectionModel"
          (selectionModelChange)="updateRules()"
          (opened)="onCorrespondentDropdownOpen()"
          [documentCounts]="correspondentDocumentCounts"
-        [allowSelectNone]="true"></pngx-filterable-dropdown>
-        <pngx-filterable-dropdown class="flex-fill" title="Document type" icon="file-earmark-fill" i18n-title
-          filterPlaceholder="Filter document types" i18n-filterPlaceholder
-          [items]="documentTypes"
-          [(selectionModel)]="documentTypeSelectionModel"
-          (selectionModelChange)="updateRules()"
-          (opened)="onDocumentTypeDropdownOpen()"
-          [documentCounts]="documentTypeDocumentCounts"
-        [allowSelectNone]="true"></pngx-filterable-dropdown>
-        <pngx-filterable-dropdown class="flex-fill" title="Storage path" icon="folder-fill" i18n-title
+          [allowSelectNone]="true"></pngx-filterable-dropdown>
+        }
+        @if (permissionsService.currentUserCan(PermissionAction.View, PermissionType.DocumentType)) {
+            <pngx-filterable-dropdown class="flex-fill" title="Document type" icon="file-earmark-fill" i18n-title
+            filterPlaceholder="Filter document types" i18n-filterPlaceholder
+            [items]="documentTypes"
+            [(selectionModel)]="documentTypeSelectionModel"
+            (selectionModelChange)="updateRules()"
+            (opened)="onDocumentTypeDropdownOpen()"
+            [documentCounts]="documentTypeDocumentCounts"
+            [allowSelectNone]="true"></pngx-filterable-dropdown>
+        }
+        @if (permissionsService.currentUserCan(PermissionAction.View, PermissionType.StoragePath)) {
+          <pngx-filterable-dropdown class="flex-fill" title="Storage path" icon="folder-fill" i18n-title
          filterPlaceholder="Filter storage paths" i18n-filterPlaceholder
          [items]="storagePaths"
          [(selectionModel)]="storagePathSelectionModel"
          (selectionModelChange)="updateRules()"
          (opened)="onStoragePathDropdownOpen()"
          [documentCounts]="storagePathDocumentCounts"
-        [allowSelectNone]="true"></pngx-filterable-dropdown>
+          [allowSelectNone]="true"></pngx-filterable-dropdown>
+        }
      </div>
      <div class="d-flex flex-wrap gap-2">
        <pngx-date-dropdown
--- a/src-ui/src/app/components/document-list/filter-editor/filter-editor.component.spec.ts
+++ b/src-ui/src/app/components/document-list/filter-editor/filter-editor.component.spec.ts
@@ -1,5 +1,8 @@
 import { DatePipe } from '@angular/common'
-import { HttpClientTestingModule } from '@angular/common/http/testing'
+import {
+  HttpClientTestingModule,
+  HttpTestingController,
+} from '@angular/common/http/testing'
 import {
  ComponentFixture,
  fakeAsync,
@@ -78,6 +81,11 @@ import {
 } from '../../common/permissions-filter-dropdown/permissions-filter-dropdown.component'
 import { FilterEditorComponent } from './filter-editor.component'
 import { NgxBootstrapIconsModule, allIcons } from 'ngx-bootstrap-icons'
+import {
+  PermissionType,
+  PermissionsService,
+} from 'src/app/services/permissions.service'
+import { environment } from 'src/environments/environment'

 const tags: Tag[] = [
  {
@@ -135,6 +143,8 @@ describe('FilterEditorComponent', () => {
  let fixture: ComponentFixture<FilterEditorComponent>
  let documentService: DocumentService
  let settingsService: SettingsService
+  let permissionsService: PermissionsService
+  let httpTestingController: HttpTestingController

  beforeEach(fakeAsync(() => {
    TestBed.configureTestingModule({
@@ -199,6 +209,15 @@ describe('FilterEditorComponent', () => {
    documentService = TestBed.inject(DocumentService)
    settingsService = TestBed.inject(SettingsService)
    settingsService.currentUser = users[0]
+    permissionsService = TestBed.inject(PermissionsService)
+    jest
+      .spyOn(permissionsService, 'currentUserCan')
+      .mockImplementation((action, type) => {
+        // a little hack-ish, permissions filter dropdown causes reactive forms issue due to ng-select
+        // trying to apply formControlName
+        return type !== PermissionType.User
+      })
+    httpTestingController = TestBed.inject(HttpTestingController)
    fixture = TestBed.createComponent(FilterEditorComponent)
    component = fixture.componentInstance
    component.filterRules = []
@@ -206,6 +225,24 @@ describe('FilterEditorComponent', () => {
    tick()
  }))

+  it('should not attempt to retrieve objects if user does not have permissions', () => {
+    jest.spyOn(permissionsService, 'currentUserCan').mockReset()
+    jest
+      .spyOn(permissionsService, 'currentUserCan')
+      .mockImplementation((action, type) => false)
+    component.ngOnInit()
+    httpTestingController.expectNone(`${environment.apiBaseUrl}documents/tags/`)
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/correspondents/`
+    )
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/document_types/`
+    )
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/storage_paths/`
+    )
+  })
+
  // SET filterRules

  it('should ingest text filter rules for doc title', fakeAsync(() => {
--- a/src-ui/src/app/components/document-list/filter-editor/filter-editor.component.ts
+++ b/src-ui/src/app/components/document-list/filter-editor/filter-editor.component.ts
@@ -70,6 +70,12 @@ import {
  OwnerFilterType,
  PermissionsSelectionModel,
 } from '../../common/permissions-filter-dropdown/permissions-filter-dropdown.component'
+import {
+  PermissionAction,
+  PermissionType,
+  PermissionsService,
+} from 'src/app/services/permissions.service'
+import { ComponentWithPermissions } from '../../with-permissions/with-permissions.component'

 const TEXT_FILTER_TARGET_TITLE = 'title'
 const TEXT_FILTER_TARGET_TITLE_CONTENT = 'title-content'
@@ -155,7 +161,10 @@ const DEFAULT_TEXT_FILTER_MODIFIER_OPTIONS = [
  templateUrl: './filter-editor.component.html',
  styleUrls: ['./filter-editor.component.scss'],
 })
-export class FilterEditorComponent implements OnInit, OnDestroy {
+export class FilterEditorComponent
+  extends ComponentWithPermissions
+  implements OnInit, OnDestroy
+{
  generateFilterName() {
    if (this.filterRules.length == 1) {
      let rule = this.filterRules[0]
@@ -224,8 +233,11 @@ export class FilterEditorComponent implements OnInit, OnDestroy {
    private tagService: TagService,
    private correspondentService: CorrespondentService,
    private documentService: DocumentService,
-    private storagePathService: StoragePathService
-  ) {}
+    private storagePathService: StoragePathService,
+    public permissionsService: PermissionsService
+  ) {
+    super()
+  }

  @ViewChild('textFilterInput')
  textFilterInput: ElementRef
@@ -872,18 +884,46 @@ export class FilterEditorComponent implements OnInit, OnDestroy {
  subscription: Subscription

  ngOnInit() {
-    this.tagService
-      .listAll()
-      .subscribe((result) => (this.tags = result.results))
-    this.correspondentService
-      .listAll()
-      .subscribe((result) => (this.correspondents = result.results))
-    this.documentTypeService
-      .listAll()
-      .subscribe((result) => (this.documentTypes = result.results))
-    this.storagePathService
-      .listAll()
-      .subscribe((result) => (this.storagePaths = result.results))
+    if (
+      this.permissionsService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.Tag
+      )
+    ) {
+      this.tagService
+        .listAll()
+        .subscribe((result) => (this.tags = result.results))
+    }
+    if (
+      this.permissionsService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.Correspondent
+      )
+    ) {
+      this.correspondentService
+        .listAll()
+        .subscribe((result) => (this.correspondents = result.results))
+    }
+    if (
+      this.permissionsService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.DocumentType
+      )
+    ) {
+      this.documentTypeService
+        .listAll()
+        .subscribe((result) => (this.documentTypes = result.results))
+    }
+    if (
+      this.permissionsService.currentUserCan(
+        PermissionAction.View,
+        PermissionType.StoragePath
+      )
+    ) {
+      this.storagePathService
+        .listAll()
+        .subscribe((result) => (this.storagePaths = result.results))
+    }

    this.textFilterDebounce = new Subject<string>()