feat: Memberships (#1032)

* WIP * feat: Add collection.memberships endpoint * feat: Add ability to filter collection.memberships with query * WIP * Merge stashed work * feat: Add ability to filter memberships by permission * continued refactoring * paginated list component * Collection member management * fix: Incorrect policy data sent down after collection.update * Reduce duplication, add empty state * cleanup * fix: Modal close should be a real button * fix: Allow opening edit from modal * fix: remove unused methods * test: fix * Passing test suite * Refactor * fix: Flow UI errors * test: Add collections.update tests * lint * test: moar tests * fix: Missing scopes, more missing tests * fix: Handle collection privacy change over socket * fix: More membership scopes * fix: view endpoint permissions * fix: respond to privacy change on socket event * policy driven menus * fix: share endpoint policies * chore: Use policies to drive documents UI * alignment * fix: Header height * fix: Correct behavior when collection becomes private * fix: Header height for read-only collection * send id's over socket instead of serialized objects * fix: Remote policy change * fix: reduce collection fetching * More websocket efficiencies * fix: Document collection pinning * fix: Restored ability to edit drafts fix: Removed ability to star drafts * fix: Require write permissions to pin doc to collection * fix: Header title overlaying document actions at small screen sizes * fix: Jank on load caused by previous commit * fix: Double collection fetch post-publish * fix: Hide publish button if draft is in no longer accessible collection * fix: Always allow deleting drafts fix: Improved handling of deleted documents * feat: Show collections in drafts view feat: Show more obvious 'draft' badge on documents * fix: incorrect policies after publish to private collection * fix: Duplicating a draft publishes it
2019-10-05 18:42:03 -07:00
parent 4164fc178c
commit b42e9737b6
72 changed files with 2360 additions and 765 deletions
--- a/server/api/documents.test.js
+++ b/server/api/documents.test.js
@@ -1,7 +1,14 @@
 /* eslint-disable flowtype/require-valid-file-annotation */
 import TestServer from 'fetch-test-server';
 import app from '../app';
-import { Document, View, Star, Revision, Backlink } from '../models';
+import {
+  Document,
+  View,
+  Star,
+  Revision,
+  Backlink,
+  CollectionUser,
+} from '../models';
 import { flushdb, seed } from '../test/support';
 import {
  buildShare,
@@ -274,6 +281,30 @@ describe('#documents.list', async () => {
    expect(body.data.length).toEqual(1);
  });

+  it('should allow filtering to private collection', async () => {
+    const { user, collection } = await seed();
+    collection.private = true;
+    await collection.save();
+
+    await CollectionUser.create({
+      createdById: user.id,
+      collectionId: collection.id,
+      userId: user.id,
+      permission: 'read',
+    });
+
+    const res = await server.post('/api/documents.list', {
+      body: {
+        token: user.getJwtToken(),
+        collection: collection.id,
+      },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(1);
+  });
+
  it('should return backlinks', async () => {
    const { user, document } = await seed();
    const anotherDoc = await buildDocument({
@@ -308,6 +339,64 @@ describe('#documents.list', async () => {
  });
 });

+describe('#documents.pinned', async () => {
+  it('should return pinned documents', async () => {
+    const { user, document } = await seed();
+    document.pinnedById = user.id;
+    await document.save();
+
+    const res = await server.post('/api/documents.pinned', {
+      body: { token: user.getJwtToken(), collectionId: document.collectionId },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(1);
+    expect(body.data[0].id).toEqual(document.id);
+  });
+
+  it('should return pinned documents in private collections member of', async () => {
+    const { user, collection, document } = await seed();
+    collection.private = true;
+    await collection.save();
+
+    document.pinnedById = user.id;
+    await document.save();
+
+    await CollectionUser.create({
+      collectionId: collection.id,
+      userId: user.id,
+      createdById: user.id,
+      permission: 'read_write',
+    });
+
+    const res = await server.post('/api/documents.pinned', {
+      body: { token: user.getJwtToken(), collectionId: document.collectionId },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(1);
+    expect(body.data[0].id).toEqual(document.id);
+  });
+
+  it('should not return pinned documents in private collections not a member of', async () => {
+    const { user, collection } = await seed();
+    collection.private = true;
+    await collection.save();
+
+    const res = await server.post('/api/documents.pinned', {
+      body: { token: user.getJwtToken(), collectionId: collection.id },
+    });
+    expect(res.status).toEqual(403);
+  });
+
+  it('should require authentication', async () => {
+    const res = await server.post('/api/documents.pinned');
+    expect(res.status).toEqual(401);
+  });
+});
+
 describe('#documents.drafts', async () => {
  it('should return unpublished documents', async () => {
    const { user, document } = await seed();
@@ -575,6 +664,39 @@ describe('#documents.search', async () => {
    expect(body.data[0].document.id).toEqual(document.id);
  });

+  it('should return documents for a specific private collection', async () => {
+    const { user, collection } = await seed();
+    collection.private = true;
+    await collection.save();
+
+    await CollectionUser.create({
+      createdById: user.id,
+      collectionId: collection.id,
+      userId: user.id,
+      permission: 'read',
+    });
+
+    const document = await buildDocument({
+      title: 'search term',
+      text: 'search term',
+      teamId: user.teamId,
+      collectionId: collection.id,
+    });
+
+    const res = await server.post('/api/documents.search', {
+      body: {
+        token: user.getJwtToken(),
+        query: 'search term',
+        collectionId: collection.id,
+      },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(1);
+    expect(body.data[0].document.id).toEqual(document.id);
+  });
+
  it('should return documents for a specific collection', async () => {
    const { user } = await seed();
    const collection = await buildCollection();
@@ -817,6 +939,7 @@ describe('#documents.pin', async () => {
      body: { token: user.getJwtToken(), id: document.id },
    });
    const body = await res.json();
+    expect(res.status).toEqual(200);
    expect(body.data.pinned).toEqual(true);
  });

@@ -935,6 +1058,7 @@ describe('#documents.unpin', async () => {
      body: { token: user.getJwtToken(), id: document.id },
    });
    const body = await res.json();
+    expect(res.status).toEqual(200);
    expect(body.data.pinned).toEqual(false);
  });

@@ -1036,7 +1160,7 @@ describe('#documents.create', async () => {
    const newDocument = await Document.findByPk(body.data.id);
    expect(res.status).toEqual(200);
    expect(newDocument.parentDocumentId).toBe(null);
-    expect(newDocument.collection.id).toBe(collection.id);
+    expect(newDocument.collectionId).toBe(collection.id);
  });

  it('should not allow very long titles', async () => {
@@ -1126,6 +1250,38 @@ describe('#documents.update', async () => {
    expect(body.data.text).toBe('Updated text');
  });

+  it('should allow publishing document in private collection', async () => {
+    const { user, collection, document } = await seed();
+    document.publishedAt = null;
+    await document.save();
+
+    collection.private = true;
+    await collection.save();
+
+    await CollectionUser.create({
+      createdById: user.id,
+      collectionId: collection.id,
+      userId: user.id,
+      permission: 'read_write',
+    });
+
+    const res = await server.post('/api/documents.update', {
+      body: {
+        token: user.getJwtToken(),
+        id: document.id,
+        title: 'Updated title',
+        text: 'Updated text',
+        lastRevision: document.revision,
+        publish: true,
+      },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.publishedAt).toBeTruthy();
+    expect(body.policies[0].abilities.update).toEqual(true);
+  });
+
  it('should not edit archived document', async () => {
    const { user, document } = await seed();
    await document.archive();
@@ -1217,23 +1373,54 @@ describe('#documents.update', async () => {
    expect(body.data.title).toBe('Updated title');
  });

-  it('should require authentication', async () => {
-    const { document } = await seed();
-    const res = await server.post('/api/documents.update', {
-      body: { id: document.id, text: 'Updated' },
+  it('allows editing by read-write collection user', async () => {
+    const { user, document, collection } = await seed();
+    collection.private = true;
+    await collection.save();
+
+    await CollectionUser.create({
+      collectionId: collection.id,
+      userId: user.id,
+      createdById: user.id,
+      permission: 'read_write',
    });
+
+    const res = await server.post('/api/documents.update', {
+      body: {
+        token: user.getJwtToken(),
+        id: document.id,
+        text: 'Changed text',
+        lastRevision: document.revision,
+      },
+    });
+
    const body = await res.json();

-    expect(res.status).toEqual(401);
-    expect(body).toMatchSnapshot();
+    expect(res.status).toEqual(200);
+    expect(body.data.text).toBe('Changed text');
  });

-  it('should require authorization', async () => {
-    const { document } = await seed();
-    const user = await buildUser();
-    const res = await server.post('/api/documents.update', {
-      body: { token: user.getJwtToken(), id: document.id, text: 'Updated' },
+  it('does not allow editing by read-only collection user', async () => {
+    const { user, document, collection } = await seed();
+    collection.private = true;
+    await collection.save();
+
+    await CollectionUser.create({
+      collectionId: collection.id,
+      userId: user.id,
+      createdById: user.id,
+      permission: 'read',
    });
+
+    const res = await server.post('/api/documents.update', {
+      body: {
+        token: user.getJwtToken(),
+        id: document.id,
+        text: 'Changed text',
+        lastRevision: document.revision,
+      },
+    });
+
    expect(res.status).toEqual(403);
  });

@@ -1272,6 +1459,26 @@ describe('#documents.update', async () => {
    expect(res.status).toEqual(400);
    expect(body).toMatchSnapshot();
  });
+
+  it('should require authentication', async () => {
+    const { document } = await seed();
+    const res = await server.post('/api/documents.update', {
+      body: { id: document.id, text: 'Updated' },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(401);
+    expect(body).toMatchSnapshot();
+  });
+
+  it('should require authorization', async () => {
+    const { document } = await seed();
+    const user = await buildUser();
+    const res = await server.post('/api/documents.update', {
+      body: { token: user.getJwtToken(), id: document.id, text: 'Updated' },
+    });
+    expect(res.status).toEqual(403);
+  });
 });

 describe('#documents.archive', async () => {