Don't show download button to users without download access (#1626)

Author: lfarrell

static/js/vue-cdr-access/package-lock.json

@@ -43,7 +43,7 @@
     "@vue/test-utils": "2.3.2",
     "@vue/vue3-jest": "^29.2.3",
     "babel-jest": "^29.5.0",
-    "caniuse-lite": "^1.0.30001474",
+    "caniuse-lite": "^1.0.30001564",
     "jest-environment-jsdom": "^29.5.0",
     "jest-localstorage-mock": "^2.4.26",
     "moxios": "^0.4.0",

static/js/vue-cdr-access/package.json

@@ -75,6 +75,7 @@
             <file-list v-if="childCount > 0"
                        :child-count="childCount"
                        :work-id="recordData.briefObject.id"
+                       :download-access="hasPermission(recordData,'viewOriginal')"
                        :edit-access="hasPermission(recordData,'editDescription')">
             </file-list>
             <metadata-display :uuid="recordData.briefObject.id"

static/js/vue-cdr-access/src/components/full_record/aggregateRecord.vue

@@ -19,7 +19,7 @@ force it to reload
                 <th>{{ $t('full_record.file_type') }}</th>
                 <th>{{ $t('full_record.filesize') }}</th>
                 <th><span class="sr-only">{{ $t('full_record.view_file') }}</span></th>
-                <th><span class="sr-only">{{ $t('full_record.download_file') }}</span></th>
+                <th v-if="downloadAccess"><span class="sr-only">{{ $t('full_record.download_file') }}</span></th>
                 <th v-if="editAccess"><span class="sr-only">{{ $t('full_record.mods') }}</span></th>
             </tr>
             </thead>
@@ -45,6 +45,10 @@ export default {
 
     props: {
         childCount: Number,
+        downloadAccess: {
+            default: false,
+            type: Boolean
+        },
         editAccess: {
             default: false,
             type: Boolean
@@ -63,8 +67,7 @@ export default {
                 { data: this.$t('full_record.title') },
                 { data: this.$t('full_record.file_type') },
                 { data: this.$t('full_record.filesize') },
-                { data: this.$t('full_record.view_file') },
-                { data: this.$t('full_record.download_file') }
+                { data: this.$t('full_record.view_file') }
             ]
         }
     },
@@ -122,7 +125,7 @@ export default {
         },
 
         columnDefs() {
-            const excluded_columns = [0, 4, 5];
+            const excluded_columns = [0, 4];
 
             let column_defs = [
                 { orderable: false, targets: excluded_columns },
@@ -187,18 +190,29 @@ export default {
                             ` <i class="fa fa-search-plus is-icon" title="${view}"></i></a>`;
                     },
                     targets: 4
-                },
-                {
+                }
+            ];
+
+            if (this.downloadAccess)  {
+                this.columns.push({ data: this.$t('full_record.download_file') });
+                excluded_columns.push(5); // download button
+
+                // Add to orderable, searchable exclusions
+                [0, 1].forEach((d) => column_defs[d].targets = excluded_columns);
+
+                column_defs.push({
                     render: (data, type, row) => {
                         return this.downloadButtonHtml(row);
                     },
                     targets: 5
-                }
-            ];
+                });
+            }
 
             if (this.editAccess) {
+                // Check for the correct column number, in the unlikely event a user has edit access, but not download access
+                const column_number = (this.downloadAccess) ? 6 : 5;
                 this.columns.push({ data: this.$t('full_record.mods') });
-                excluded_columns.push(6); // edit button
+                excluded_columns.push(column_number); // edit button
 
                 // Add to orderable, searchable exclusions
                 [0, 1].forEach((d) => column_defs[d].targets = excluded_columns);
@@ -209,7 +223,7 @@ export default {
                             return `<a href="/admin/describe/${row.id}" aria-label="${this.ariaLabelText(row)}">` +
                                 '<i class="fa fa-edit is-icon" title="Edit"></i></a>'
                         },
-                        targets: 6
+                        targets: column_number
                     }
                 );
             }

static/js/vue-cdr-access/src/components/full_record/fileList.vue

@@ -72,11 +72,7 @@ export default {
 
                 return html;
             } else {
-                return `<div class="dropdown actionlink image-download-options">
-                            <button class="button download-images" title="${this.$t('full_record.download_unavailable')}" disabled>
-                                <i class="fa fa-download"></i> ${this.$t('full_record.download')}
-                            </button>
-                        </div>`;
+                return '';
             }
         },
 

static/js/vue-cdr-access/src/mixins/fileDownloadUtils.js

@@ -95,18 +95,6 @@ describe('fileList.vue', () => {
         expect(wrapper.vm.showBadge({ status: [''] })).toEqual({ markDeleted: false, restricted: true });
     });
 
-    // @TODO TDB whether viewAccessCopies allows a user to download anything
-   /* it("sets download button html for image files with canViewAccess permission", () => {
-        const download = wrapper.vm.downloadButtonHtml(briefObject);
-        // Download button
-        expect(download).toEqual(expect.stringContaining('button id="dcr-download-4db695c0-5fd5-4abf-9248-2e115d43f57d"'));
-        // Options
-        expect(download).toEqual(expect.stringContaining('Small JPG (800px)'));
-        expect(download).toEqual(expect.stringContaining('Medium JPG (1600px)'));
-        expect(download).toEqual(expect.not.stringContaining('Full Size JPG'));
-        expect(download).toEqual(expect.not.stringContaining('Original File'));
-    });*/
-
     it("sets download button html for image files with canViewOriginal permission", async () => {
         let updatedBriefObj = cloneDeep(briefObject);
         updatedBriefObj.permissions = [
@@ -149,25 +137,21 @@ describe('fileList.vue', () => {
         expect(download).toEqual(expect.stringContaining('<a class="download button action"'));
     });
 
-    it("sets a disabled button for non-image files without showImageDownload permission", () => {
+    it("does not show a button for non-image files without viewOriginal permission", () => {
         let updatedBriefObj = cloneDeep(briefObject);
         updatedBriefObj.fileType = ['application/pdf']
         updatedBriefObj.format = ['Text']
         updatedBriefObj.datastream = ['original_file|application/pdf|pdf file||416330|urn:sha1:4945153c9f5ce152ef8eda495deba043f536f388||'];
 
-        const download = wrapper.vm.downloadButtonHtml(updatedBriefObj);
-        // Disabled download button
-        expect(download).toEqual(expect.stringContaining('button class="button download-images" title="Download Unavailable" disabled'));
+        expect(wrapper.find('div.download').exists()).toBe(false);
     });
 
-    it("sets a disabled download button for image files without viewAccessCopies permission", () => {
+    it("does not show a button for image files without viewOriginal permission", () => {
         let updatedBriefObj = cloneDeep(briefObject);
         updatedBriefObj.permissions = [
             "viewMetadata"
         ];
 
-        const download = wrapper.vm.downloadButtonHtml(updatedBriefObj);
-        // Disabled download button
-        expect(download).toEqual(expect.stringContaining('button class="button download-images" title="Download Unavailable" disabled'));
+        expect(wrapper.find('div.image-download-options').exists()).toBe(false);
     });
 });