yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Policies refactor, guest roles (#6732)

Browse Source
This commit is contained in:
Tom Moor
2024-03-31 18:28:35 -06:00
committed by GitHub
parent ceb7ae1514
commit c27cd945a7
46 changed files with 901 additions and 1032 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
server/policies/document.test.ts
View File

@@ -64,6 +64,36 @@ describe("read_write collection", () => {
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.comment).toEqual(true);
});
it("should allow no permissions for guest", async () => {
const team = await buildTeam();
const user = await buildUser({
teamId: team.id,
role: UserRole.Guest,
});
const collection = await buildCollection({
teamId: team.id,
permission: CollectionPermission.ReadWrite,
});
const doc = await buildDocument({
teamId: team.id,
collectionId: collection.id,
});
// reload to get membership
const document = await Document.findByPk(doc.id, { userId: user.id });
const abilities = serialize(user, document);
expect(abilities.read).toEqual(false);
expect(abilities.download).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.comment).toEqual(false);
});
});
describe("read collection", () => {
@@ -93,6 +123,36 @@ describe("read collection", () => {
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.comment).toEqual(true);
});
it("should allow no permissions for guest", async () => {
const team = await buildTeam();
const user = await buildUser({
teamId: team.id,
role: UserRole.Guest,
});
const collection = await buildCollection({
teamId: team.id,
permission: CollectionPermission.Read,
});
const doc = await buildDocument({
teamId: team.id,
collectionId: collection.id,
});
// reload to get membership
const document = await Document.findByPk(doc.id, { userId: user.id });
const abilities = serialize(user, document);
expect(abilities.read).toEqual(false);
expect(abilities.download).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.comment).toEqual(false);
});
});
describe("private collection", () => {
@@ -120,6 +180,34 @@ describe("private collection", () => {
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.comment).toEqual(false);
});
it("should allow no permissions for guest", async () => {
const team = await buildTeam();
const user = await buildUser({
teamId: team.id,
role: UserRole.Guest,
});
const collection = await buildCollection({
teamId: team.id,
permission: null,
});
const document = await buildDocument({
teamId: team.id,
collectionId: collection.id,
});
const abilities = serialize(user, document);
expect(abilities.read).toEqual(false);
expect(abilities.download).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.comment).toEqual(false);
});
});
describe("no collection", () => {
@@ -143,6 +231,29 @@ describe("no collection", () => {
expect(abilities.comment).toEqual(false);
});
it("should allow no permissions for guest", async () => {
const team = await buildTeam();
const user = await buildUser({
teamId: team.id,
role: UserRole.Guest,
});
const document = await buildDraftDocument({
teamId: team.id,
});
const abilities = serialize(user, document);
expect(abilities.read).toEqual(false);
expect(abilities.download).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.delete).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.comment).toEqual(false);
});
it("should allow edit permissions for creator", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
@@ -161,8 +272,8 @@ describe("no collection", () => {
expect(abilities.delete).toEqual(true);
expect(abilities.share).toEqual(true);
expect(abilities.move).toEqual(true);
expect(abilities.subscribe).toEqual(false);
expect(abilities.unsubscribe).toEqual(false);
expect(abilities.subscribe).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.comment).toEqual(true);
});
});