coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixes: Cannot load document in private collection from share link when signed in with user that cannot access

Browse Source
This commit is contained in:
Tom Moor
2019-01-05 23:04:09 -08:00
parent 18859bec3d
commit 70287de6d7
2 changed files with 22 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
server/api/documents.test.js
View File

@ -86,7 +86,7 @@ describe('#documents.info', async () => {
expect(res.status).toEqual(400);
});
it('should return documents from shareId with token', async () => {
it('should return document from shareId with token', async () => {
const { user, document, collection } = await seed();
const share = await buildShare({
documentId: document.id,
@ -105,6 +105,25 @@ describe('#documents.info', async () => {
expect(body.data.updatedBy.id).toEqual(user.id);
});
it('should return document from shareId in collection not a member of', async () => {
const { user, document, collection } = await seed();
const share = await buildShare({
documentId: document.id,
teamId: document.teamId,
});
collection.private = true;
await collection.save();
const res = await server.post('/api/documents.info', {
body: { token: user.getJwtToken(), shareId: share.id },
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.id).toEqual(document.id);
});
it('should require authorization without token', async () => {
const { document } = await seed();
const res = await server.post('/api/documents.info', {