From 0504e91aa6a9fc02723c7711bcec543cf8822e46 Mon Sep 17 00:00:00 2001 From: Tom Moor Date: Thu, 4 May 2023 21:04:43 -0400 Subject: [PATCH] fix: Restore edit permission for workspace admins in non-private collections, closes #5300 --- server/policies/collection.test.ts | 17 +++++++++++++++++ server/policies/collection.ts | 7 +++++++ 2 files changed, 24 insertions(+) diff --git a/server/policies/collection.test.ts b/server/policies/collection.test.ts index dc658014f..03b9e352c 100644 --- a/server/policies/collection.test.ts +++ b/server/policies/collection.test.ts @@ -32,6 +32,23 @@ describe("admin", () => { expect(abilities.read).toEqual(true); expect(abilities.update).toEqual(true); }); + + it("should allow updating documents in view only collection", async () => { + const team = await buildTeam(); + const user = await buildAdmin({ + teamId: team.id, + }); + const collection = await buildCollection({ + teamId: team.id, + permission: CollectionPermission.Read, + }); + const abilities = serialize(user, collection); + expect(abilities.readDocument).toEqual(true); + expect(abilities.createDocument).toEqual(true); + expect(abilities.share).toEqual(true); + expect(abilities.read).toEqual(true); + expect(abilities.update).toEqual(true); + }); }); describe("member", () => { diff --git a/server/policies/collection.ts b/server/policies/collection.ts index c2c092d72..e7f56e866 100644 --- a/server/policies/collection.ts +++ b/server/policies/collection.ts @@ -75,6 +75,9 @@ allow(User, "share", Collection, (user, collection) => { if (!collection.sharing) { return false; } + if (!collection.isPrivate && user.isAdmin) { + return true; + } if ( collection.permission !== CollectionPermission.ReadWrite || @@ -110,6 +113,10 @@ allow( return false; } + if (!collection.isPrivate && user.isAdmin) { + return true; + } + if ( collection.permission !== CollectionPermission.ReadWrite || user.isViewer