fix: visible groups (#2729)

* updated readme to give some light testing instructions
* updated tests to accept new behavior for group memberships
* use test factories in more places
* add debug logs for mailer events in development

server/mailer.js

@@ -204,12 +204,18 @@ export class Mailer {
   };
 
   signin = async (opts: { to: string, token: string, teamUrl: string }) => {
+    const signInLink = signinEmailText(opts);
+
+    if (process.env.NODE_ENV === "development") {
+      Logger.debug("email", `Sign-In link: ${signInLink}`);
+    }
+
     this.sendMail({
       to: opts.to,
       title: "Magic signin link",
       previewText: "Here’s your link to signin to Outline.",
       html: <SigninEmail {...opts} />,
-      text: signinEmailText(opts),
+      text: signInLink,
     });
   };
 

server/policies/group.js

@@ -12,12 +12,10 @@ allow(User, "createGroup", Team, (actor, team) => {
 });
 
 allow(User, "read", Group, (actor, group) => {
+  // for the time being, we're going to let everyone on the team see every group
+  // we may need to make this more granular in the future
   if (!group || actor.teamId !== group.teamId) return false;
-  if (actor.isAdmin) return true;
-  if (group.groupMemberships.filter((gm) => gm.userId === actor.id).length) {
-    return true;
-  }
-  return false;
+  return true;
 });
 
 allow(User, ["update", "delete"], Group, (actor, group) => {

server/routes/api/documents.test.js

@@ -1059,7 +1059,7 @@ describe("#documents.search", () => {
   });
 
   it("should strip junk from search term", async () => {
-    const { user } = await seed();
+    const user = await buildUser();
     const firstResult = await buildDocument({
       title: "search term",
       text: "this is some random text of the document body",
@@ -1137,7 +1137,7 @@ describe("#documents.search", () => {
   });
 
   it("should not return draft documents created by other users", async () => {
-    const { user } = await seed();
+    const user = await buildUser();
     await buildDocument({
       title: "search term",
       text: "search term",
@@ -1176,7 +1176,7 @@ describe("#documents.search", () => {
   });
 
   it("should return archived documents if chosen", async () => {
-    const { user } = await seed();
+    const user = await buildUser();
     const document = await buildDocument({
       title: "search term",
       text: "search term",
@@ -1230,7 +1230,11 @@ describe("#documents.search", () => {
   });
 
   it("should return documents for a specific private collection", async () => {
-    const { user, collection } = await seed();
+    const user = await buildUser();
+    const collection = await buildCollection({
+      teamId: user.teamId,
+    });
+
     collection.permission = null;
     await collection.save();
 

server/routes/api/groups.js

@@ -33,13 +33,6 @@ router.post("groups.list", auth(), pagination(), async (ctx) => {
     limit: ctx.state.pagination.limit,
   });
 
-  if (!user.isAdmin) {
-    groups = groups.filter(
-      (group) =>
-        group.groupMemberships.filter((gm) => gm.userId === user.id).length
-    );
-  }
-
   ctx.body = {
     pagination: ctx.state.pagination,
     data: {

server/routes/api/groups.test.js

@@ -203,7 +203,7 @@ describe("#groups.info", () => {
     expect(body.data.id).toEqual(group.id);
   });
 
-  it("should not return group if non-member, non-admin", async () => {
+  it("should still return group if non-member, non-admin", async () => {
     const user = await buildUser();
     const group = await buildGroup({ teamId: user.teamId });
 
@@ -211,7 +211,10 @@ describe("#groups.info", () => {
       body: { token: user.getJwtToken(), id: group.id },
     });
 
-    expect(res.status).toEqual(403);
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.id).toEqual(group.id);
   });
 
   it("should require authentication", async () => {