fix: Disallow adding self to collection (#4299)

* api * ui * update collection permissions
2022-10-15 22:11:09 -04:00
parent 97a50b20da
commit 1915a453db
6 changed files with 89 additions and 4 deletions
--- a/server/commands/userDemoter.test.ts
+++ b/server/commands/userDemoter.test.ts
@@ -0,0 +1,41 @@
+import { CollectionPermission } from "@shared/types";
+import { CollectionUser } from "@server/models";
+import { UserRole } from "@server/models/User";
+import { buildUser, buildAdmin, buildCollection } from "@server/test/factories";
+import { getTestDatabase } from "@server/test/support";
+import userDemoter from "./userDemoter";
+
+const db = getTestDatabase();
+
+afterAll(db.disconnect);
+
+beforeEach(db.flush);
+
+describe("userDemoter", () => {
+  const ip = "127.0.0.1";
+
+  it("should change role and associated collection permissions", async () => {
+    const admin = await buildAdmin();
+    const user = await buildUser({ teamId: admin.teamId });
+    const collection = await buildCollection({ teamId: admin.teamId });
+
+    const membership = await CollectionUser.create({
+      createdById: admin.id,
+      userId: user.id,
+      collectionId: collection.id,
+      permission: CollectionPermission.ReadWrite,
+    });
+
+    await userDemoter({
+      user,
+      actorId: admin.id,
+      to: UserRole.Viewer,
+      ip,
+    });
+
+    expect(user.isViewer).toEqual(true);
+
+    await membership.reload();
+    expect(membership.permission).toEqual(CollectionPermission.Read);
+  });
+});