fix: Improvements in share feat (#2502)
* Make request only when popover is visible * Update policies required for shares.create shares.update * Create withCollection scope * Remove team share check from shares.create * Update tests
This commit is contained in:
Saumya Pandey
GitHub
@@ -3,7 +3,7 @@ import Router from "koa-router";
|
||||
import Sequelize from "sequelize";
|
||||
import { NotFoundError } from "../errors";
|
||||
import auth from "../middlewares/authentication";
|
||||
import { Document, User, Event, Share, Team } from "../models";
|
||||
import { Document, User, Event, Share, Team, Collection } from "../models";
|
||||
import policy from "../policies";
|
||||
import { presentShare, presentPolicies } from "../presenters";
|
||||
import pagination from "./middlewares/pagination";
|
||||
@@ -18,7 +18,9 @@ router.post("shares.info", auth(), async (ctx) => {
|
||||
|
||||
const user = ctx.state.user;
|
||||
let shares = [];
|
||||
let share = await Share.findOne({
|
||||
let share = await Share.scope({
|
||||
method: ["withCollection", user.id],
|
||||
}).findOne({
|
||||
where: id
|
||||
? {
|
||||
id,
|
||||
@@ -119,6 +121,14 @@ router.post("shares.list", auth(), pagination(), async (ctx) => {
|
||||
where: {
|
||||
collectionId: collectionIds,
|
||||
},
|
||||
include: [
|
||||
{
|
||||
model: Collection.scope({
|
||||
method: ["withMembership", user.id],
|
||||
}),
|
||||
as: "collection",
|
||||
},
|
||||
],
|
||||
},
|
||||
{
|
||||
model: User,
|
||||
@@ -147,7 +157,14 @@ router.post("shares.update", auth(), async (ctx) => {
|
||||
ctx.assertUuid(id, "id is required");
|
||||
|
||||
const { user } = ctx.state;
|
||||
const share = await Share.findByPk(id);
|
||||
const team = await Team.findByPk(user.teamId);
|
||||
authorize(user, "share", team);
|
||||
|
||||
// fetch the share with document and collection.
|
||||
const share = await Share.scope({
|
||||
method: ["withCollection", user.id],
|
||||
}).findByPk(id);
|
||||
|
||||
authorize(user, "update", share);
|
||||
|
||||
if (published !== undefined) {
|
||||
@@ -190,8 +207,8 @@ router.post("shares.create", auth(), async (ctx) => {
|
||||
const user = ctx.state.user;
|
||||
const document = await Document.findByPk(documentId, { userId: user.id });
|
||||
const team = await Team.findByPk(user.teamId);
|
||||
authorize(user, "share", document);
|
||||
authorize(user, "share", team);
|
||||
// user could be creating the share link to share with team members
|
||||
authorize(user, "read", document);
|
||||
|
||||
const [share, isCreated] = await Share.findOrCreate({
|
||||
where: {
|
||||
|
||||
@@ -150,7 +150,7 @@ describe("#shares.create", () => {
|
||||
expect(body.data.documentTitle).toBe(document.title);
|
||||
});
|
||||
|
||||
it("should not allow creating a share record with read-only permissions", async () => {
|
||||
it("should allow creating a share record with read-only permissions but no publishing", async () => {
|
||||
const { user, document, collection } = await seed();
|
||||
collection.permission = null;
|
||||
|
||||
@@ -166,7 +166,14 @@ describe("#shares.create", () => {
|
||||
const res = await server.post("/api/shares.create", {
|
||||
body: { token: user.getJwtToken(), documentId: document.id },
|
||||
});
|
||||
expect(res.status).toEqual(403);
|
||||
const body = await res.json();
|
||||
expect(res.status).toEqual(200);
|
||||
|
||||
const response = await server.post("/api/shares.update", {
|
||||
body: { token: user.getJwtToken(), id: body.data.id, published: true },
|
||||
});
|
||||
|
||||
expect(response.status).toEqual(403);
|
||||
});
|
||||
|
||||
it("should allow creating a share record if link previously revoked", async () => {
|
||||
@@ -203,22 +210,36 @@ describe("#shares.create", () => {
|
||||
expect(body.data.id).toBe(share.id);
|
||||
});
|
||||
|
||||
it("should not allow creating a share record if team sharing disabled", async () => {
|
||||
it("should allow creating a share record if team sharing disabled but not publishing", async () => {
|
||||
const { user, document, team } = await seed();
|
||||
await team.update({ sharing: false });
|
||||
const res = await server.post("/api/shares.create", {
|
||||
body: { token: user.getJwtToken(), documentId: document.id },
|
||||
});
|
||||
expect(res.status).toEqual(403);
|
||||
const body = await res.json();
|
||||
expect(res.status).toEqual(200);
|
||||
|
||||
const response = await server.post("/api/shares.update", {
|
||||
body: { token: user.getJwtToken(), id: body.data.id, published: true },
|
||||
});
|
||||
|
||||
expect(response.status).toEqual(403);
|
||||
});
|
||||
|
||||
it("should not allow creating a share record if collection sharing disabled", async () => {
|
||||
it("should allow creating a share record if collection sharing disabled but not publishing", async () => {
|
||||
const { user, collection, document } = await seed();
|
||||
await collection.update({ sharing: false });
|
||||
const res = await server.post("/api/shares.create", {
|
||||
body: { token: user.getJwtToken(), documentId: document.id },
|
||||
});
|
||||
expect(res.status).toEqual(403);
|
||||
const body = await res.json();
|
||||
expect(res.status).toEqual(200);
|
||||
|
||||
const response = await server.post("/api/shares.update", {
|
||||
body: { token: user.getJwtToken(), id: body.data.id, published: true },
|
||||
});
|
||||
|
||||
expect(response.status).toEqual(403);
|
||||
});
|
||||
|
||||
it("should require authentication", async () => {
|
||||
|
||||
Reference in New Issue
Block a user