Skip to content

Commit

Permalink
Fix: Disable annotations if user has neither annotate nor view permis…
Browse files Browse the repository at this point in the history
…sions (box#598)
  • Loading branch information
pramodsum authored and DanDeMicco committed Jan 26, 2018
1 parent 08bd421 commit a28e806
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 2 deletions.
20 changes: 20 additions & 0 deletions src/lib/viewers/BaseViewer.js
Original file line number Diff line number Diff line change
Expand Up @@ -763,12 +763,32 @@ class BaseViewer extends EventEmitter {
this.annotator.addListener('annotatorevent', this.handleAnnotatorEvents);
}

/**
* Returns whether or not user has permissions to load annotations on the current file
*
* @param {Object} permissions Permissions on the current file
* @return {boolean} Whether or not user has the correct permissions
*/
hasAnnotationPermissions(permissions) {
if (!permissions) {
return false;
}

const canViewAnnotations = !!(permissions.can_view_annotations_all || permissions.can_view_annotations_self);
return !permissions.can_annotate && !canViewAnnotations;
}

/**
* Returns whether or not annotations are enabled for this viewer.
*
* @return {boolean} Whether or not viewer is annotatable
*/
areAnnotationsEnabled() {
// Do not attempt to fetch annotations if the user cannot create or view annotations
if (!this.hasAnnotationPermissions(this.options.file)) {
return false;
}

// Respect viewer-specific annotation option if it is set
if (
window.BoxAnnotations &&
Expand Down
44 changes: 42 additions & 2 deletions src/lib/viewers/__tests__/BaseViewer-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,10 @@ describe('lib/viewers/BaseViewer', () => {
base = new BaseViewer({
container: containerEl,
file: {
id: '0'
id: '0',
permissions: {
can_annotate: false
}
}
});
});
Expand All @@ -62,7 +65,10 @@ describe('lib/viewers/BaseViewer', () => {
expect(base.options).to.deep.equal({
container: containerEl,
file: {
id: '0'
id: '0',
permissions: {
can_annotate: false
}
},
showAnnotations: true
});
Expand Down Expand Up @@ -292,6 +298,7 @@ describe('lib/viewers/BaseViewer', () => {
stubs.fullscreenAddListener = sandbox.stub(fullscreen, 'addListener');
stubs.baseAddListener = sandbox.spy(base, 'addListener');
stubs.documentAddEventListener = sandbox.stub(document.defaultView, 'addEventListener');
base.containerEl = document;
});

it('should append common event listeners', () => {
Expand Down Expand Up @@ -517,6 +524,7 @@ describe('lib/viewers/BaseViewer', () => {
}
});
sandbox.stub(base, 'loadAssets').returns(Promise.resolve());
sandbox.stub(base, 'areAnnotationsEnabled').returns(false);
sandbox.stub(base, 'loadAnnotator');
sandbox.stub(base, 'finishLoadingSetup');
base.setup();
Expand Down Expand Up @@ -902,9 +910,41 @@ describe('lib/viewers/BaseViewer', () => {
})
});

describe('hasAnnotationPermissions()', () => {
const permissions = {
can_annotate: false,
can_view_annotations_all: false,
can_view_annotations_self: false
};

it('does nothing if file permissions are undefined', () => {
expect(base.hasAnnotationPermissions()).to.be.falsy;
});

it('should return false if the user can neither annotate nor view all or their own annotations', () => {
expect(base.hasAnnotationPermissions(permissions)).to.be.falsy;
});

it('should return true if the user can at least view all annotations', () => {
permissions.can_view_annotations_all = true;
expect(base.hasAnnotationPermissions(permissions)).to.be.truthy;
});

it('should return true if the user can at least view their own annotations', () => {
permissions.can_view_annotations_all = false;
permissions.can_view_annotations_self = true;
expect(base.hasAnnotationPermissions(permissions)).to.be.truthy;
});
});

describe('areAnnotationsEnabled()', () => {
beforeEach(() => {
stubs.getViewerOption = sandbox.stub(base, 'getViewerOption').withArgs('annotations').returns(false);
base.options.file = {
permissions: {
can_annotate: true
}
};
});

it('should return true if viewer option is set to true', () => {
Expand Down

0 comments on commit a28e806

Please sign in to comment.