Validate Download Claim (#971)

* Partially complete, got some code to validate your Role. Needs to be applied to all methods and made a filter. * Cleaned up the code on the backend to validate each call. The reason the RequireDownloadRole doesn't work is that the user still has the claim in their token so the simple validation isn't working. We need explicit checks. * Don't allow users to download files if they have lost the claim but not refreshed token. * Don't allow users to download files if they have lost the claim but not refreshed token.
2022-01-20 07:46:59 -08:00 · 2022-01-20 07:46:59 -08:00 · eb7e2781c1
commit eb7e2781c1
parent 7b9ac2faee
6 changed files with 35 additions and 21 deletions
--- a/UI/Web/src/app/_interceptors/error.interceptor.ts
+++ b/UI/Web/src/app/_interceptors/error.interceptor.ts
@ -83,6 +83,10 @@ export class ErrorInterceptor implements HttpInterceptor {
    } else {
      console.error('error:', error);
      if (error.statusText === 'Bad Request') {
+        if (error.error instanceof Blob) {
+          this.toastr.error('There was an issue downloading this file or you do not have permissions', error.status);         
+          return; 
+        }
        this.toastr.error(error.error, error.status);
      } else {
        this.toastr.error(error.statusText === 'OK' ? error.error : error.statusText, error.status);
@ -101,7 +105,13 @@ export class ErrorInterceptor implements HttpInterceptor {
        console.log('500 error: ', error);
      }
      this.toastr.error(err.message);
-    } else {
+    } else if (error.hasOwnProperty('message') && error.message.trim() !== '') {
+      if (error.message != 'User is not authenticated') {
+        console.log('500 error: ', error);
+      }
+      this.toastr.error(error.message);
+    }
+     else {
      this.toastr.error('There was an unknown critical error.');
      console.error('500 error:', error);
    }
--- a/UI/Web/src/app/shared/_services/download.service.ts
+++ b/UI/Web/src/app/shared/_services/download.service.ts
@ -1,4 +1,4 @@
-import { HttpClient } from '@angular/common/http';
+import { HttpClient, HttpErrorResponse } from '@angular/common/http';
 import { Inject, Injectable } from '@angular/core';
 import { Series } from 'src/app/_models/series';
 import { environment } from 'src/environments/environment';
@ -10,7 +10,7 @@ import { asyncScheduler, Observable } from 'rxjs';
 import { SAVER, Saver } from '../_providers/saver.provider';
 import { download, Download } from '../_models/download';
 import { PageBookmark } from 'src/app/_models/page-bookmark';
-import { throttleTime } from 'rxjs/operators';
+import { catchError, throttleTime } from 'rxjs/operators';

 const DEBOUNCE_TIME = 100;