yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Share Permissions (#761)

Browse Source 
* Share restrictions

* Tweak language, add spec
This commit is contained in:
Tom Moor
2018-08-19 16:06:39 -07:00
committed by GitHub
parent e704a86e36
commit 328f731541
21 changed files with 224 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/api/shares.js
View File

@@ -4,7 +4,7 @@ import Sequelize from 'sequelize';
import auth from '../middlewares/authentication';
import pagination from './middlewares/pagination';
import { presentShare } from '../presenters';
import { Document, User, Share } from '../models';
import { Document, User, Share, Team } from '../models';
import policy from '../policies';
const Op = Sequelize.Op;
@@ -57,7 +57,9 @@ router.post('shares.create', auth(), async ctx => {
const user = ctx.state.user;
const document = await Document.findById(documentId);
const team = await Team.findById(user.teamId);
authorize(user, 'share', document);
authorize(user, 'share', team);
const [share] = await Share.findOrCreate({
where: {

9
server/api/shares.test.js
View File

@@ -122,6 +122,15 @@ describe('#shares.create', async () => {
expect(body.data.id).toBe(share.id);
});
it('should not allow creating a share record if disabled', async () => {
const { user, document, team } = await seed();
await team.update({ sharing: false });
const res = await server.post('/api/shares.create', {
body: { token: user.getJwtToken(), documentId: document.id },
});
expect(res.status).toEqual(403);
});
it('should require authentication', async () => {
const { document } = await seed();
const res = await server.post('/api/shares.create', {

3
server/api/team.js
View File

@@ -12,7 +12,7 @@ const { authorize } = policy;
const router = new Router();
router.post('team.update', auth(), async ctx => {
const { name, avatarUrl } = ctx.body;
const { name, avatarUrl, sharing } = ctx.body;
const endpoint = publicS3Endpoint();
const user = ctx.state.user;
@@ -20,6 +20,7 @@ router.post('team.update', auth(), async ctx => {
authorize(user, 'update', team);
if (name) team.name = name;
if (sharing !== undefined) team.sharing = sharing;
if (avatarUrl && avatarUrl.startsWith(`${endpoint}/uploads/${user.id}`)) {
team.avatarUrl = avatarUrl;
}