yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Policies on archived documents disallow unarchive (#6862)

Browse Source
This commit is contained in:
Tom Moor
2024-05-01 21:02:01 -04:00
committed by GitHub
parent 3298a1cd7d
commit 8dc530a50f
4 changed files with 35 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/actions/definitions/documents.tsx
View File

@@ -616,7 +616,7 @@ export const searchInDocument = createAction({
return false; return false;
} }
const document = stores.documents.get(activeDocumentId); const document = stores.documents.get(activeDocumentId);
return !document?.isDeleted; return !!document?.isActive;
}, },
perform: ({ activeDocumentId }) => { perform: ({ activeDocumentId }) => {
history.push(searchPath(undefined, { documentId: activeDocumentId })); history.push(searchPath(undefined, { documentId: activeDocumentId }));
@@ -692,7 +692,7 @@ export const createTemplate = createAction({
!!activeCollectionId && !!activeCollectionId &&
stores.policies.abilities(activeCollectionId).update && stores.policies.abilities(activeCollectionId).update &&
!document?.isTemplate && !document?.isTemplate &&
!document?.isDeleted !!document?.isActive
); );
}, },
perform: ({ activeDocumentId, stores, t, event }) => { perform: ({ activeDocumentId, stores, t, event }) => {

26
server/policies/document.test.ts
View File

@@ -277,3 +277,29 @@ describe("no collection", () => {
expect(abilities.comment).toEqual(true); expect(abilities.comment).toEqual(true);
}); });
}); });
describe("archived document", () => {
it("should have correct permissions", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const doc = await buildDocument({
teamId: team.id,
userId: user.id,
archivedAt: new Date(),
});
// reload to get membership
const document = await Document.findByPk(doc.id, { userId: user.id });
const abilities = serialize(user, document);
expect(abilities.read).toEqual(true);
expect(abilities.download).toEqual(true);
expect(abilities.delete).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.unarchive).toEqual(true);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.comment).toEqual(false);
});
});

8
server/policies/document.ts
View File

@@ -147,7 +147,7 @@ allow(User, "pinToHome", Document, (actor, document) =>
isTeamMutable(actor), isTeamMutable(actor),
!document?.isDraft, !document?.isDraft,
!document?.template, !document?.template,
!document?.isDeleted !!document?.isActive
) )
); );
@@ -157,7 +157,11 @@ allow(User, "delete", Document, (actor, document) =>
isTeamMutable(actor), isTeamMutable(actor),
!actor.isGuest, !actor.isGuest,
!document?.isDeleted, !document?.isDeleted,
or(can(actor, "update", document), !document?.collection) or(
can(actor, "unarchive", document),
can(actor, "update", document),
!document?.collection
)
) )
); );

12
server/routes/api/documents/documents.ts
View File

@@ -210,17 +210,7 @@ router.post(
const { sort, direction } = ctx.input.body; const { sort, direction } = ctx.input.body;
const { user } = ctx.state.auth; const { user } = ctx.state.auth;
const collectionIds = await user.collectionIds(); const collectionIds = await user.collectionIds();
const collectionScope: Readonly<ScopeOptions> = { const documents = await Document.defaultScopeWithUser(user.id).findAll({
method: ["withCollectionPermissions", user.id],
};
const viewScope: Readonly<ScopeOptions> = {
method: ["withViews", user.id],
};
const documents = await Document.scope([
"defaultScope",
collectionScope,
viewScope,
]).findAll({
where: { where: {
teamId: user.teamId, teamId: user.teamId,
collectionId: collectionIds, collectionId: collectionIds,