yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Add read-only collections (#1991)

Browse Source 
closes #1017
This commit is contained in:
Tom Moor
2021-03-30 21:02:08 -07:00
committed by GitHub
parent d7acf616cf
commit 7e1b07ef98
50 changed files with 940 additions and 558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/policies/collection.js
View File

@@ -28,7 +28,7 @@ allow(User, "move", Collection, (user, collection) => {
allow(User, ["read", "export"], Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (collection.private) {
if (!collection.permission) {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
@@ -51,7 +51,7 @@ allow(User, "share", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (!collection.sharing) return false;
if (collection.private) {
if (collection.permission !== "read_write") {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
@@ -73,7 +73,7 @@ allow(User, "share", Collection, (user, collection) => {
allow(User, ["publish", "update"], Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (collection.private) {
if (collection.permission !== "read_write") {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"
@@ -95,7 +95,7 @@ allow(User, ["publish", "update"], Collection, (user, collection) => {
allow(User, "delete", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (collection.private) {
if (collection.permission !== "read_write") {
invariant(
collection.memberships,
"membership should be preloaded, did you forget withMembership scope?"

136
server/policies/collection.test.js Normal file
View File

@@ -0,0 +1,136 @@
// @flow
import { CollectionUser, Collection } from "../models";
import { buildUser, buildTeam, buildCollection } from "../test/factories";
import { flushdb } from "../test/support";
import { serialize } from "./index";
beforeEach(() => flushdb());
describe("read_write permission", () => {
it("should allow read write permissions for team member", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const collection = await buildCollection({
teamId: team.id,
permission: "read_write",
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.export).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.share).toEqual(true);
});
it("should override read membership permission", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
let collection = await buildCollection({
teamId: team.id,
permission: "read_write",
});
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: "read",
});
// reload to get membership
collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.export).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.share).toEqual(true);
});
});
describe("read permission", () => {
it("should allow read permissions for team member", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const collection = await buildCollection({
teamId: team.id,
permission: "read",
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.export).toEqual(true);
expect(abilities.update).toEqual(false);
expect(abilities.share).toEqual(false);
});
it("should allow override with read_write membership permission", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
let collection = await buildCollection({
teamId: team.id,
permission: "read",
});
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: "read_write",
});
// reload to get membership
collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.export).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.share).toEqual(true);
});
});
describe("no permission", () => {
it("should allow no permissions for team member", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const collection = await buildCollection({
teamId: team.id,
permission: null,
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(false);
expect(abilities.export).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.share).toEqual(false);
});
it("should allow override with team member membership permission", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
let collection = await buildCollection({
teamId: team.id,
permission: null,
});
await CollectionUser.create({
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: "read_write",
});
// reload to get membership
collection = await Collection.scope({
method: ["withMembership", user.id],
}).findByPk(collection.id);
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.export).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.share).toEqual(true);
});
});

83
server/policies/document.test.js Normal file
View File

@@ -0,0 +1,83 @@
// @flow
import {
buildUser,
buildTeam,
buildDocument,
buildCollection,
} from "../test/factories";
import { flushdb } from "../test/support";
import { serialize } from "./index";
beforeEach(() => flushdb());
describe("read_write collection", () => {
it("should allow read write permissions for team member", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const collection = await buildCollection({
teamId: team.id,
permission: "read_write",
});
const document = await buildDocument({
teamId: team.id,
collectionId: collection.id,
});
const abilities = serialize(user, document);
expect(abilities.read).toEqual(true);
expect(abilities.download).toEqual(true);
expect(abilities.update).toEqual(true);
expect(abilities.createChildDocument).toEqual(true);
expect(abilities.archive).toEqual(true);
expect(abilities.delete).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.move).toEqual(true);
});
});
describe("read collection", () => {
it("should allow read only permissions permissions for team member", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const collection = await buildCollection({
teamId: team.id,
permission: "read",
});
const document = await buildDocument({
teamId: team.id,
collectionId: collection.id,
});
const abilities = serialize(user, document);
expect(abilities.read).toEqual(true);
expect(abilities.download).toEqual(true);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
});
});
describe("private collection", () => {
it("should allow no permissions for team member", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const collection = await buildCollection({
teamId: team.id,
permission: null,
});
const document = await buildDocument({
teamId: team.id,
collectionId: collection.id,
});
const abilities = serialize(user, document);
expect(abilities.read).toEqual(false);
expect(abilities.download).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
});
});