yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Disallow adding self to collection (#4299)

Browse Source 
* api

* ui

* update collection permissions
This commit is contained in:
Tom Moor
2022-10-15 22:11:09 -04:00
committed by GitHub
parent 97a50b20da
commit 1915a453db
6 changed files with 89 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
server/routes/api/collections.test.ts
View File

@@ -422,6 +422,24 @@ describe("#collections.add_user", () => {
expect(users.length).toEqual(2);
});
it("should not allow add self", async () => {
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
permission: null,
});
const res = await server.post("/api/collections.add_user", {
body: {
token: user.getJwtToken(),
id: collection.id,
userId: user.id,
},
});
const body = await res.json();
expect(res.status).toEqual(403);
expect(body).toMatchSnapshot();
});
it("should require user in team", async () => {
const user = await buildUser();
const collection = await buildCollection({