feat: Add read-only collections (#1991)

closes #1017
2021-03-30 21:02:08 -07:00
parent d7acf616cf
commit 7e1b07ef98
50 changed files with 940 additions and 558 deletions
--- a/server/policies/collection.test.js
+++ b/server/policies/collection.test.js
@@ -0,0 +1,136 @@
+// @flow
+import { CollectionUser, Collection } from "../models";
+import { buildUser, buildTeam, buildCollection } from "../test/factories";
+import { flushdb } from "../test/support";
+import { serialize } from "./index";
+
+beforeEach(() => flushdb());
+
+describe("read_write permission", () => {
+  it("should allow read write permissions for team member", async () => {
+    const team = await buildTeam();
+    const user = await buildUser({ teamId: team.id });
+    const collection = await buildCollection({
+      teamId: team.id,
+      permission: "read_write",
+    });
+    const abilities = serialize(user, collection);
+    expect(abilities.read).toEqual(true);
+    expect(abilities.export).toEqual(true);
+    expect(abilities.update).toEqual(true);
+    expect(abilities.share).toEqual(true);
+  });
+
+  it("should override read membership permission", async () => {
+    const team = await buildTeam();
+    const user = await buildUser({ teamId: team.id });
+    let collection = await buildCollection({
+      teamId: team.id,
+      permission: "read_write",
+    });
+
+    await CollectionUser.create({
+      createdById: user.id,
+      collectionId: collection.id,
+      userId: user.id,
+      permission: "read",
+    });
+
+    // reload to get membership
+    collection = await Collection.scope({
+      method: ["withMembership", user.id],
+    }).findByPk(collection.id);
+
+    const abilities = serialize(user, collection);
+    expect(abilities.read).toEqual(true);
+    expect(abilities.export).toEqual(true);
+    expect(abilities.update).toEqual(true);
+    expect(abilities.share).toEqual(true);
+  });
+});
+
+describe("read permission", () => {
+  it("should allow read permissions for team member", async () => {
+    const team = await buildTeam();
+    const user = await buildUser({ teamId: team.id });
+    const collection = await buildCollection({
+      teamId: team.id,
+      permission: "read",
+    });
+    const abilities = serialize(user, collection);
+    expect(abilities.read).toEqual(true);
+    expect(abilities.export).toEqual(true);
+    expect(abilities.update).toEqual(false);
+    expect(abilities.share).toEqual(false);
+  });
+
+  it("should allow override with read_write membership permission", async () => {
+    const team = await buildTeam();
+    const user = await buildUser({ teamId: team.id });
+    let collection = await buildCollection({
+      teamId: team.id,
+      permission: "read",
+    });
+
+    await CollectionUser.create({
+      createdById: user.id,
+      collectionId: collection.id,
+      userId: user.id,
+      permission: "read_write",
+    });
+
+    // reload to get membership
+    collection = await Collection.scope({
+      method: ["withMembership", user.id],
+    }).findByPk(collection.id);
+
+    const abilities = serialize(user, collection);
+    expect(abilities.read).toEqual(true);
+    expect(abilities.export).toEqual(true);
+    expect(abilities.update).toEqual(true);
+    expect(abilities.share).toEqual(true);
+  });
+});
+
+describe("no permission", () => {
+  it("should allow no permissions for team member", async () => {
+    const team = await buildTeam();
+    const user = await buildUser({ teamId: team.id });
+    const collection = await buildCollection({
+      teamId: team.id,
+      permission: null,
+    });
+    const abilities = serialize(user, collection);
+    expect(abilities.read).toEqual(false);
+    expect(abilities.export).toEqual(false);
+    expect(abilities.update).toEqual(false);
+    expect(abilities.share).toEqual(false);
+  });
+
+  it("should allow override with team member membership permission", async () => {
+    const team = await buildTeam();
+    const user = await buildUser({ teamId: team.id });
+    let collection = await buildCollection({
+      teamId: team.id,
+      permission: null,
+    });
+
+    await CollectionUser.create({
+      createdById: user.id,
+      collectionId: collection.id,
+      userId: user.id,
+      permission: "read_write",
+    });
+
+    // reload to get membership
+    collection = await Collection.scope({
+      method: ["withMembership", user.id],
+    }).findByPk(collection.id);
+
+    const abilities = serialize(user, collection);
+    expect(abilities.read).toEqual(true);
+    expect(abilities.export).toEqual(true);
+    expect(abilities.update).toEqual(true);
+    expect(abilities.share).toEqual(true);
+  });
+});