diff --git a/auth-api/src/main/java/edu/unc/lib/boxc/auth/api/services/DatastreamPermissionUtil.java b/auth-api/src/main/java/edu/unc/lib/boxc/auth/api/services/DatastreamPermissionUtil.java
index ff69854f65..81a72d3da0 100644
--- a/auth-api/src/main/java/edu/unc/lib/boxc/auth/api/services/DatastreamPermissionUtil.java
+++ b/auth-api/src/main/java/edu/unc/lib/boxc/auth/api/services/DatastreamPermissionUtil.java
@@ -30,8 +30,8 @@ public class DatastreamPermissionUtil {
DS_PERMISSION_MAP.put(DatastreamType.ORIGINAL_FILE, Permission.viewOriginal);
DS_PERMISSION_MAP.put(DatastreamType.TECHNICAL_METADATA, Permission.viewHidden);
DS_PERMISSION_MAP.put(DatastreamType.TECHNICAL_METADATA_HISTORY, Permission.viewHidden);
- DS_PERMISSION_MAP.put(DatastreamType.THUMBNAIL_SMALL, Permission.viewMetadata);
- DS_PERMISSION_MAP.put(DatastreamType.THUMBNAIL_LARGE, Permission.viewMetadata);
+ DS_PERMISSION_MAP.put(DatastreamType.THUMBNAIL_SMALL, Permission.viewAccessCopies);
+ DS_PERMISSION_MAP.put(DatastreamType.THUMBNAIL_LARGE, Permission.viewAccessCopies);
}
private DatastreamPermissionUtil() {
diff --git a/static/js/vue-cdr-access/src/components/full_record/fileList.vue b/static/js/vue-cdr-access/src/components/full_record/fileList.vue
index d9ee7435f5..7cdfc09f17 100644
--- a/static/js/vue-cdr-access/src/components/full_record/fileList.vue
+++ b/static/js/vue-cdr-access/src/components/full_record/fileList.vue
@@ -135,7 +135,7 @@ export default {
render: (data, type, row) => {
let img;
- if ('thumbnail_url' in row) {
+ if ('thumbnail_url' in row && this.hasPermission(row,'viewAccessCopies')) {
const thumbnail_title = this.$t('full_record.thumbnail_title', { title: row.title })
img = ``;
diff --git a/static/js/vue-cdr-access/src/components/full_record/thumbnail.vue b/static/js/vue-cdr-access/src/components/full_record/thumbnail.vue
index 27c8718719..8ec1150b82 100644
--- a/static/js/vue-cdr-access/src/components/full_record/thumbnail.vue
+++ b/static/js/vue-cdr-access/src/components/full_record/thumbnail.vue
@@ -105,7 +105,7 @@ export default {
},
src() {
- if (this.objectData.thumbnail_url !== undefined) {
+ if (this.objectData.thumbnail_url !== undefined && this.hasPermission(this.objectData, 'viewAccessCopies')) {
return this.objectData.thumbnail_url;
}
diff --git a/static/js/vue-cdr-access/tests/unit/thumbnail.spec.js b/static/js/vue-cdr-access/tests/unit/thumbnail.spec.js
index 0d1f4f0f24..313c46f57f 100644
--- a/static/js/vue-cdr-access/tests/unit/thumbnail.spec.js
+++ b/static/js/vue-cdr-access/tests/unit/thumbnail.spec.js
@@ -128,12 +128,21 @@ describe('thumbnail.vue', () => {
});
});
- it('displays a thumbnail, if present', () => {
+ it('displays a thumbnail, if present and user has viewAccessCopies permissions', () => {
expect(wrapper.find('.thumbnail .thumbnail-viewer').exists()).toBe(true);
+ expect(wrapper.find('i.placeholder').exists()).toBe(false);
expect(wrapper.find('a').attributes('class'))
.toEqual('thumbnail thumbnail-size-large has_tooltip')
});
+ it('does not display a thumbnail if user does not have viewAccessCopies permissions', async () => {
+ let updatedRecordData = cloneDeep(recordData);
+ updatedRecordData.briefObject.permissions = ['viewMetadata'];
+ await wrapper.setProps({ thumbnailData: updatedRecordData });
+ expect(wrapper.find('i.placeholder').exists()).toBe(true);
+ expect(wrapper.find('.thumbnail .thumbnail-viewer').exists()).toBe(false);
+ });
+
it('displays a placeholder, if no thumbnail', async () => {
let updatedRecordData = cloneDeep(recordData);
updatedRecordData.briefObject.thumbnail_url = undefined;
diff --git a/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/AccessCopiesService.java b/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/AccessCopiesService.java
index 235ee9504c..488d337db8 100644
--- a/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/AccessCopiesService.java
+++ b/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/AccessCopiesService.java
@@ -136,6 +136,7 @@ public String getThumbnailId(ContentObjectRecord contentObjectRecord, AccessGrou
log.debug("Found thumbnail object directly assigned to object {}", thumbId);
return thumbId;
}
+
// Don't need to check any further if object isn't a work or doesn't contain files with thumbnails
if (!ResourceType.Work.name().equals(contentObjectRecord.getResourceType())
|| contentObjectRecord.getFileFormatCategory() == null
diff --git a/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/PermissionsHelper.java b/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/PermissionsHelper.java
index 29218f80b4..bbfe17aea7 100644
--- a/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/PermissionsHelper.java
+++ b/web-common/src/main/java/edu/unc/lib/boxc/web/common/services/PermissionsHelper.java
@@ -48,18 +48,6 @@ public boolean hasOriginalAccess(AccessGroupSet principals, ContentObjectRecord
return hasDatastreamAccess(principals, ORIGINAL_FILE, metadata);
}
- /**
- * Returns true if the principals can access thumbnails belonging to
- * the requested object, if present.
- *
- * @param principals
- * @param metadata
- * @return
- */
- public boolean hasThumbnailAccess(AccessGroupSet principals, ContentObjectRecord metadata) {
- return hasDatastreamAccess(principals, THUMBNAIL_SMALL, metadata);
- }
-
/**
* Returns true if the principals can access the image preview belonging to
* the requested object, if present.
@@ -75,7 +63,7 @@ public boolean hasImagePreviewAccess(AccessGroupSet principals, ContentObjectRec
/**
* Returns true if the principals can access the MODS description belonging to
* the requested object, if present.
- *
+ *
* @param metadata
* @return
*/
@@ -93,7 +81,7 @@ public boolean hasDescriptionAccess(AccessGroupSet principals, ContentObjectReco
* @return
*/
public boolean hasDatastreamAccess(AccessGroupSet principals, DatastreamType datastream,
- ContentObjectRecord metadata) {
+ ContentObjectRecord metadata) {
notNull(principals, "Requires agent principals");
notNull(datastream, "Requires datastream type");
notNull(metadata, "Requires metadata object");
@@ -168,4 +156,4 @@ public AccessControlService getAccessControlService() {
public void setAccessControlService(AccessControlService accessControlService) {
this.accessControlService = accessControlService;
}
-}
+}
\ No newline at end of file
diff --git a/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/AccessCopiesServiceTest.java b/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/AccessCopiesServiceTest.java
index fc17173f61..950af5449f 100644
--- a/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/AccessCopiesServiceTest.java
+++ b/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/AccessCopiesServiceTest.java
@@ -371,4 +371,4 @@ private void hasPermissions(ContentObjectSolrRecord contentObject, boolean hasAc
private void populateResultList(ContentObjectRecord... objects) {
when(searchResultResponse.getResultList()).thenReturn(Arrays.asList(objects));
}
-}
+}
\ No newline at end of file
diff --git a/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/PermissionsHelperTest.java b/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/PermissionsHelperTest.java
index 68ec7c9622..fe7a2589f3 100644
--- a/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/PermissionsHelperTest.java
+++ b/web-common/src/test/java/edu/unc/lib/boxc/web/common/services/PermissionsHelperTest.java
@@ -162,4 +162,4 @@ public void testDoesNotHaveEnhancedIfLoggedIn() {
private void assignPermission(Permission permission, boolean value) {
when(accessControlService.hasAccess(any(PID.class), eq(principals), eq(permission))).thenReturn(value);
}
-}
+}
\ No newline at end of file
diff --git a/web-services-app/src/test/java/edu/unc/lib/boxc/web/services/rest/DatastreamRestControllerIT.java b/web-services-app/src/test/java/edu/unc/lib/boxc/web/services/rest/DatastreamRestControllerIT.java
index f8e91b690b..84c21b10be 100644
--- a/web-services-app/src/test/java/edu/unc/lib/boxc/web/services/rest/DatastreamRestControllerIT.java
+++ b/web-services-app/src/test/java/edu/unc/lib/boxc/web/services/rest/DatastreamRestControllerIT.java
@@ -1,7 +1,7 @@
package edu.unc.lib.boxc.web.services.rest;
+import static edu.unc.lib.boxc.auth.api.Permission.viewAccessCopies;
import static edu.unc.lib.boxc.auth.api.Permission.viewHidden;
-import static edu.unc.lib.boxc.auth.api.Permission.viewMetadata;
import static edu.unc.lib.boxc.model.api.DatastreamType.MD_EVENTS;
import static edu.unc.lib.boxc.model.api.DatastreamType.TECHNICAL_METADATA;
import static edu.unc.lib.boxc.model.api.DatastreamType.THUMBNAIL_SMALL;
@@ -66,10 +66,10 @@
@ExtendWith(SpringExtension.class)
@WebAppConfiguration
@ContextHierarchy({
- @ContextConfiguration("/spring-test/test-fedora-container.xml"),
- @ContextConfiguration("/spring-test/cdr-client-container.xml"),
- @ContextConfiguration("/spring-test/solr-indexing-context.xml"),
- @ContextConfiguration("/datastream-content-it-servlet.xml")
+ @ContextConfiguration("/spring-test/test-fedora-container.xml"),
+ @ContextConfiguration("/spring-test/cdr-client-container.xml"),
+ @ContextConfiguration("/spring-test/solr-indexing-context.xml"),
+ @ContextConfiguration("/datastream-content-it-servlet.xml")
})
public class DatastreamRestControllerIT extends AbstractAPIIT {
@@ -225,7 +225,7 @@ public void testGetThumbnailNoPermission() throws Exception {
createDerivative(id, THUMBNAIL_SMALL, BINARY_CONTENT.getBytes());
doThrow(new AccessRestrictionException()).when(accessControlService)
- .assertHasAccess(anyString(), eq(filePid), any(AccessGroupSetImpl.class), eq(viewMetadata));
+ .assertHasAccess(anyString(), eq(filePid), any(AccessGroupSetImpl.class), eq(viewAccessCopies));
MvcResult result = mvc.perform(get("/thumb/" + filePid.getId()))
.andExpect(status().isForbidden())
@@ -277,9 +277,9 @@ public void testGetEventLog() throws Exception {
FolderObject folderObj = repositoryObjectFactory.createFolderObject(folderPid, null);
premisLoggerFactory.createPremisLogger(folderObj)
- .buildEvent(Premis.Creation)
- .addAuthorizingAgent(AgentPids.forPerson("some_user"))
- .writeAndClose();
+ .buildEvent(Premis.Creation)
+ .addAuthorizingAgent(AgentPids.forPerson("some_user"))
+ .writeAndClose();
MvcResult result = mvc.perform(get("/file/" + id + "/" + MD_EVENTS.getId()))
.andExpect(status().is2xxSuccessful())
@@ -321,9 +321,9 @@ public void testGetEventLogNoPermissions() throws Exception {
FolderObject folderObj = repositoryObjectFactory.createFolderObject(folderPid, null);
premisLoggerFactory.createPremisLogger(folderObj)
- .buildEvent(Premis.Creation)
- .addAuthorizingAgent(AgentPids.forPerson("some_user"))
- .writeAndClose();
+ .buildEvent(Premis.Creation)
+ .addAuthorizingAgent(AgentPids.forPerson("some_user"))
+ .writeAndClose();
doThrow(new AccessRestrictionException()).when(accessControlService)
.assertHasAccess(anyString(), eq(folderPid), any(AccessGroupSetImpl.class), eq(viewHidden));
@@ -347,4 +347,4 @@ private File createDerivative(String id, DatastreamType dsType, byte[] content)
return derivFile;
}
-}
+}
\ No newline at end of file
diff --git a/web-services-app/src/test/resources/datastream-content-it-servlet.xml b/web-services-app/src/test/resources/datastream-content-it-servlet.xml
index 0b50961d24..0ba2e6c93a 100644
--- a/web-services-app/src/test/resources/datastream-content-it-servlet.xml
+++ b/web-services-app/src/test/resources/datastream-content-it-servlet.xml
@@ -1,34 +1,34 @@
-
+
-
+
-
+
-
+
-
+
@@ -41,4 +41,4 @@
-
+
\ No newline at end of file