Commit a564e2a9 authored by Hannah Stepanek's avatar Hannah Stepanek

Add 404 & oos direct-linked-group handling

parent 95884580
......@@ -68,6 +68,19 @@ function groups(
directLinkedAnnotationId,
directLinkedGroupId
) {
// Filter the directLinkedGroup out if it is out of scope and scope is enforced.
if (directLinkedGroupId) {
const directLinkedGroup = groups.find(g => g.id === directLinkedGroupId);
if (
directLinkedGroup &&
!directLinkedGroup.isScopedToUri &&
directLinkedGroup.scopes.enforced
) {
groups = groups.filter(g => g.id !== directLinkedGroupId);
directLinkedGroupId = undefined;
}
}
// If service groups are specified only return those.
// If a service group doesn't exist in the list of groups don't return it.
if (svc && svc.groups) {
......@@ -186,9 +199,15 @@ function groups(
// particular group as well since it may not be in the results returned
// by group.list or profile.groups.
if (directLinkedGroup) {
const selectedGroupApi = api.group.read({
const selectedGroupApi = api.group
.read({
id: directLinkedGroup,
expand: params.expand,
})
.catch(() => {
// If the group does not exist or the user doesn't have permission,
// return undefined.
return undefined;
});
groupApiRequests = groupApiRequests.concat(selectedGroupApi);
}
......
......@@ -181,6 +181,39 @@ describe('groups', function() {
});
describe('#load', function() {
it('filters out direct-linked groups that are out of scope and scope enforced', () => {
const svc = service();
fakeLocalStorage.getItem.returns(dummyGroups[0].id);
const outOfScopeEnforcedGroup = {
id: 'oos',
scopes: { enforced: true, uri_patterns: ['http://foo.com'] },
};
fakeSettings.group = outOfScopeEnforcedGroup.id;
fakeApi.group.read.returns(Promise.resolve(outOfScopeEnforcedGroup));
return svc.load().then(groups => {
// The focus group is not set to the direct-linked group.
assert.calledWith(fakeStore.focusGroup, dummyGroups[0].id);
// The direct-linked group is not in the list of groups.
assert.isFalse(groups.some(g => g.id === fakeSettings.group));
});
});
it('catches 404 error from api.group.read request', () => {
const svc = service();
fakeLocalStorage.getItem.returns(dummyGroups[0].id);
fakeSettings.group = 'does-not-exist';
fakeApi.group.read.returns(
Promise.reject(
"404 Not Found: Either the resource you requested doesn't exist, \
or you are not currently authorized to see it."
)
);
return svc.load().then(() => {
// The focus group is not set to the direct-linked group.
assert.calledWith(fakeStore.focusGroup, dummyGroups[0].id);
});
});
it('combines groups from both endpoints', function() {
const svc = service();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment