From a799987d1c21d6a3cdb617e9496d5164833816d7 Mon Sep 17 00:00:00 2001
From: CD Cabrera <ccabrera@redhat.com>
Date: Tue, 9 Jun 2020 11:18:35 -0400
Subject: [PATCH] fix(userSelectors): issues/307 missing error check (#308)

* userSelectors, missing error check, check for global errors
---
 .../__snapshots__/userSelectors.test.js.snap  | 22 ++++++++++
 .../selectors/__tests__/userSelectors.test.js | 43 +++++++++++++++++++
 src/redux/selectors/userSelectors.js          |  7 +--
 3 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/src/redux/selectors/__tests__/__snapshots__/userSelectors.test.js.snap b/src/redux/selectors/__tests__/__snapshots__/userSelectors.test.js.snap
index e7506522c..d59117964 100644
--- a/src/redux/selectors/__tests__/__snapshots__/userSelectors.test.js.snap
+++ b/src/redux/selectors/__tests__/__snapshots__/userSelectors.test.js.snap
@@ -1,11 +1,29 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
+exports[`UserSelectors should not authorize a user when global errors exist: global errors, unauthorized 1`] = `
+Object {
+  "session": Object {
+    "admin": false,
+    "authorized": false,
+    "entitled": false,
+    "error": true,
+    "errorCodes": Array [
+      "loremIpsum",
+    ],
+    "errorMessage": "lorem ipsum",
+    "permissions": Array [],
+    "status": 403,
+  },
+}
+`;
+
 exports[`UserSelectors should pass data with administrator checks: administrator, and missing user data 1`] = `
 Object {
   "session": Object {
     "admin": true,
     "authorized": false,
     "entitled": false,
+    "error": false,
     "permissions": Array [],
   },
 }
@@ -17,6 +35,7 @@ Object {
     "admin": false,
     "authorized": false,
     "entitled": true,
+    "error": false,
     "permissions": Array [],
   },
 }
@@ -28,6 +47,7 @@ Object {
     "admin": false,
     "authorized": true,
     "entitled": false,
+    "error": false,
     "permissions": Array [
       Object {
         "definitions": undefined,
@@ -84,6 +104,7 @@ Object {
     "admin": false,
     "authorized": false,
     "entitled": false,
+    "error": false,
     "locale": "en-US",
     "permissions": Array [],
   },
@@ -96,6 +117,7 @@ Object {
     "admin": false,
     "authorized": false,
     "entitled": false,
+    "error": false,
     "permissions": Array [],
   },
 }
diff --git a/src/redux/selectors/__tests__/userSelectors.test.js b/src/redux/selectors/__tests__/userSelectors.test.js
index 0605fc4aa..38f1ea420 100644
--- a/src/redux/selectors/__tests__/userSelectors.test.js
+++ b/src/redux/selectors/__tests__/userSelectors.test.js
@@ -20,6 +20,7 @@ describe('UserSelectors', () => {
         }
       }
     };
+
     expect(userSelectors.userSession(state)).toMatchSnapshot('existing state data');
   });
 
@@ -34,6 +35,7 @@ describe('UserSelectors', () => {
         }
       }
     };
+
     expect(userSelectors.userSession(state)).toMatchSnapshot('error state data');
   });
 
@@ -103,4 +105,45 @@ describe('UserSelectors', () => {
 
     expect(userSelectors.userSession(state)).toMatchSnapshot('permissions, and missing user data');
   });
+
+  it('should not authorize a user when global errors exist', () => {
+    const state = {
+      user: {
+        session: {
+          error: true,
+          errorCodes: ['loremIpsum'],
+          errorMessage: 'lorem ipsum',
+          status: 403,
+          fulfilled: true,
+          data: {
+            user: {
+              [platformApiTypes.PLATFORM_API_RESPONSE_USER_ENTITLEMENTS]: {
+                [helpers.UI_NAME]: {
+                  [platformApiTypes.PLATFORM_API_RESPONSE_USER_ENTITLEMENTS_APP_TYPES.ENTITLED]: true
+                }
+              },
+              [platformApiTypes.PLATFORM_API_RESPONSE_USER_IDENTITY]: {
+                [platformApiTypes.PLATFORM_API_RESPONSE_USER_IDENTITY_TYPES.USER]: {
+                  [platformApiTypes.PLATFORM_API_RESPONSE_USER_IDENTITY_USER_TYPES.ORG_ADMIN]: true
+                }
+              }
+            },
+            permissions: [
+              {
+                [platformApiTypes.PLATFORM_API_RESPONSE_USER_PERMISSION_TYPES.PERMISSION]: `${helpers.UI_NAME}:*:*`
+              },
+              {
+                [platformApiTypes.PLATFORM_API_RESPONSE_USER_PERMISSION_TYPES.PERMISSION]: `${helpers.UI_NAME}:*:read`
+              },
+              {
+                [platformApiTypes.PLATFORM_API_RESPONSE_USER_PERMISSION_TYPES.PERMISSION]: `${helpers.UI_NAME}:*:write`
+              }
+            ]
+          }
+        }
+      }
+    };
+
+    expect(userSelectors.userSession(state)).toMatchSnapshot('global errors, unauthorized');
+  });
 });
diff --git a/src/redux/selectors/userSelectors.js b/src/redux/selectors/userSelectors.js
index ad7242eee..e6d085bdb 100644
--- a/src/redux/selectors/userSelectors.js
+++ b/src/redux/selectors/userSelectors.js
@@ -17,19 +17,20 @@ const userSession = state => ({
 /**
  * Create selector, transform combined state, props into a consumable graph/charting object.
  *
- * @type {{session: {entitled: boolean, permissions: Array, authorized: boolean, admin: boolean}}}
+ * @type {{session: {entitled: boolean, permissions: Array, authorized: boolean, admin: boolean, error: boolean}}}
  */
 const userSessionSelector = createSelector([userSession], response => {
-  const { fulfilled = false, data = {}, ...rest } = response || {};
+  const { error = false, fulfilled = false, data = {}, ...rest } = response || {};
   const updatedSession = {
     ...rest,
     admin: false,
     authorized: false,
     entitled: false,
+    error,
     permissions: []
   };
 
-  if (fulfilled) {
+  if (!error && fulfilled) {
     const { user = {}, permissions = [] } = data;
 
     const admin = _get(