Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removed unauthorized metadata-export-search request on search page #3693

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Removed unauthorized metadata-export-search request on search page #3693

wants to merge 4 commits into from
+31 −27

Conversation

alexandrevryghem
Copy link
Member

References

Description

Removed the unauthorized call to the metadata-export-search script on the search page. Also fixed a small issue in the SearchFacetFilterComponent where the searchOptions$ is converted into a plain JavaScript object. This causes issues when you try to access its methods.

Instructions for Reviewers

List of changes in this PR:

  • Updated the SearchExportCsvComponent to only check whether the user can execute the metadata-export-search script after confirming the user is an admin.
  • Changed the SearchFacetFilterComponent#searchOptions from a plain JavaScript object to SearchOptions.

Guidance for how to test/review this PR:

  • Verify that exporting search results as a CSV still functions correctly.
  • Verify that no /api/system/scripts/metadata-export-search request is sent as a non-admin user.
  • The second bug does not cause side effects in vanilla DSpace. However, if you try to access methods of searchOptions$ (like toRestUrl), this would fail when it is a plain JavaScript object, as it does not inherit the necessary methods from the SearchOptions class.

Checklist

  • My PR is created against the main branch of code (unless it is a backport or is fixing an issue specific to an older branch).
  • My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
  • My PR passes ESLint validation using npm run lint
  • My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
  • My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
  • My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
  • My PR aligns with Accessibility guidelines if it makes changes to the user interface.
  • My PR uses i18n (internationalization) keys instead of hardcoded English text, to allow for translations.
  • My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
  • If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
  • If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
  • If my PR fixes an issue ticket, I've linked them together.

@alexandrevryghem
120256: Ensure searchOptions$ is a SearchOptions and not a plain object
e4daf2b
@alexandrevryghem
121534: Removed unauthorized metadata-export-search request on search…
70b855e 
… page for non-admins
@alexandrevryghem
Merge remote-tracking branch 'alex/w2p-121534_removed-metadata-export…
2011aee 
…-search-request-for-non-admins-on-search_contribute-7.6' into w2p-121534_removed-metadata-export-search-request-for-non-admins-on-search_contribute-main

# Conflicts:
#	src/app/shared/search/search-export-csv/search-export-csv.component.spec.ts
#	src/app/shared/search/search-export-csv/search-export-csv.component.ts
@alexandrevryghem
Merge remote-tracking branch 'alex/fix-scope-issues-on-search-form_co…
feceb21 
…ntribute-7.6' into w2p-121534_removed-metadata-export-search-request-for-non-admins-on-search_contribute-main
@alexandrevryghem alexandrevryghem added bug component: Discovery related to discovery search or browse system claimed: Atmire Atmire team is working on this issue & will contribute back labels Nov 25, 2024
@alexandrevryghem alexandrevryghem added this to the 9.0 milestone Nov 25, 2024
@alexandrevryghem alexandrevryghem self-assigned this Nov 25, 2024
@alexandrevryghem alexandrevryghem added port to dspace-7_x This PR needs to be ported to `dspace-7_x` branch for next bug-fix release port to dspace-8_x This PR needs to be ported to `dspace-8_x` branch for next bug-fix release labels Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@alexandrevryghem alexandrevryghem

Labels
bug claimed: Atmire Atmire team is working on this issue & will contribute back component: Discovery related to discovery search or browse system port to dspace-7_x This PR needs to be ported to `dspace-7_x` branch for next bug-fix release port to dspace-8_x This PR needs to be ported to `dspace-8_x` branch for next bug-fix release
Projects
DSpace 9.0 Release
Status: 🙋 Needs Reviewers Assigned
Milestone
9.0
Development

Successfully merging this pull request may close these issues.

401 Unauthorized metadata-export-search request on search page requests
1 participant
@alexandrevryghem