feat: Add read-only collections (#1991)

closes #1017

server/api/collections.test.js

@@ -42,7 +42,7 @@ describe("#collections.list", () => {
   it("should not return private collections actor is not a member of", async () => {
     const { user, collection } = await seed();
     await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
     const res = await server.post("/api/collections.list", {
@@ -58,12 +58,12 @@ describe("#collections.list", () => {
   it("should return private collections actor is a member of", async () => {
     const user = await buildUser();
     await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
       userId: user.id,
     });
     await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
       userId: user.id,
     });
@@ -82,13 +82,13 @@ describe("#collections.list", () => {
   it("should return private collections actor is a group-member of", async () => {
     const user = await buildUser();
     await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
       userId: user.id,
     });
 
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -256,7 +256,7 @@ describe("#collections.export", () => {
   it("should now allow export of private collection not a member", async () => {
     const { user } = await seed();
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
     const res = await server.post("/api/collections.export", {
@@ -268,7 +268,7 @@ describe("#collections.export", () => {
 
   it("should allow export of private collection when the actor is a member", async () => {
     const { user, collection } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -288,7 +288,7 @@ describe("#collections.export", () => {
   it("should allow export of private collection when the actor is a group member", async () => {
     const user = await buildUser();
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -369,7 +369,7 @@ describe("#collections.add_user", () => {
     const collection = await buildCollection({
       teamId: user.teamId,
       userId: user.id,
-      private: true,
+      permission: null,
     });
     const anotherUser = await buildUser({ teamId: user.teamId });
     const res = await server.post("/api/collections.add_user", {
@@ -389,7 +389,7 @@ describe("#collections.add_user", () => {
     const user = await buildUser();
     const collection = await buildCollection({
       teamId: user.teamId,
-      private: true,
+      permission: null,
     });
     const anotherUser = await buildUser();
     const res = await server.post("/api/collections.add_user", {
@@ -433,7 +433,7 @@ describe("#collections.add_group", () => {
     const collection = await buildCollection({
       teamId: user.teamId,
       userId: user.id,
-      private: true,
+      permission: null,
     });
     const group = await buildGroup({ teamId: user.teamId });
     const res = await server.post("/api/collections.add_group", {
@@ -454,7 +454,7 @@ describe("#collections.add_group", () => {
     const collection = await buildCollection({
       teamId: user.teamId,
       userId: user.id,
-      private: true,
+      permission: null,
     });
     const group = await buildGroup();
     const res = await server.post("/api/collections.add_group", {
@@ -496,7 +496,7 @@ describe("#collections.remove_group", () => {
     const collection = await buildCollection({
       teamId: user.teamId,
       userId: user.id,
-      private: true,
+      permission: null,
     });
     const group = await buildGroup({ teamId: user.teamId });
 
@@ -528,7 +528,7 @@ describe("#collections.remove_group", () => {
     const user = await buildUser();
     const collection = await buildCollection({
       teamId: user.teamId,
-      private: true,
+      permission: null,
     });
     const group = await buildGroup();
     const res = await server.post("/api/collections.remove_group", {
@@ -572,7 +572,7 @@ describe("#collections.remove_user", () => {
     const collection = await buildCollection({
       teamId: user.teamId,
       userId: user.id,
-      private: true,
+      permission: null,
     });
     const anotherUser = await buildUser({ teamId: user.teamId });
 
@@ -601,7 +601,7 @@ describe("#collections.remove_user", () => {
     const user = await buildUser();
     const collection = await buildCollection({
       teamId: user.teamId,
-      private: true,
+      permission: null,
     });
     const anotherUser = await buildUser();
     const res = await server.post("/api/collections.remove_user", {
@@ -642,7 +642,7 @@ describe("#collections.remove_user", () => {
 describe("#collections.users", () => {
   it("should return users in private collection", async () => {
     const { collection, user } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -684,7 +684,7 @@ describe("#collections.group_memberships", () => {
     const user = await buildUser();
     const group = await buildGroup({ teamId: user.teamId });
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -721,7 +721,7 @@ describe("#collections.group_memberships", () => {
     const group = await buildGroup({ name: "will find", teamId: user.teamId });
     const group2 = await buildGroup({ name: "wont find", teamId: user.teamId });
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -766,7 +766,7 @@ describe("#collections.group_memberships", () => {
     const group = await buildGroup({ teamId: user.teamId });
     const group2 = await buildGroup({ teamId: user.teamId });
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -817,7 +817,7 @@ describe("#collections.group_memberships", () => {
   it("should require authorization", async () => {
     const user = await buildUser();
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -831,7 +831,7 @@ describe("#collections.group_memberships", () => {
 describe("#collections.memberships", () => {
   it("should return members in private collection", async () => {
     const { collection, user } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -945,7 +945,7 @@ describe("#collections.info", () => {
 
   it("should require user member of collection", async () => {
     const { user, collection } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     const res = await server.post("/api/collections.info", {
@@ -956,7 +956,7 @@ describe("#collections.info", () => {
 
   it("should allow user member of collection", async () => {
     const { user, collection } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -1034,12 +1034,12 @@ describe("#collections.create", () => {
   it("should return correct policies with private collection", async () => {
     const { user } = await seed();
     const res = await server.post("/api/collections.create", {
-      body: { token: user.getJwtToken(), name: "Test", private: true },
+      body: { token: user.getJwtToken(), name: "Test", permission: null },
     });
     const body = await res.json();
 
     expect(res.status).toEqual(200);
-    expect(body.data.private).toBeTruthy();
+    expect(body.data.permission).toEqual(null);
     expect(body.policies.length).toBe(1);
     expect(body.policies[0].abilities.read).toBeTruthy();
     expect(body.policies[0].abilities.export).toBeTruthy();
@@ -1176,11 +1176,11 @@ describe("#collections.update", () => {
   it("allows editing individual fields", async () => {
     const { user, collection } = await seed();
     const res = await server.post("/api/collections.update", {
-      body: { token: user.getJwtToken(), id: collection.id, private: true },
+      body: { token: user.getJwtToken(), id: collection.id, permission: null },
     });
     const body = await res.json();
     expect(res.status).toEqual(200);
-    expect(body.data.private).toBe(true);
+    expect(body.data.permission).toBe(null);
     expect(body.data.name).toBe(collection.name);
   });
 
@@ -1190,14 +1190,14 @@ describe("#collections.update", () => {
       body: {
         token: user.getJwtToken(),
         id: collection.id,
-        private: true,
+        permission: null,
         name: "Test",
       },
     });
     const body = await res.json();
     expect(res.status).toEqual(200);
     expect(body.data.name).toBe("Test");
-    expect(body.data.private).toBe(true);
+    expect(body.data.permission).toBe(null);
 
     // ensure we return with a write level policy
     expect(body.policies.length).toBe(1);
@@ -1206,7 +1206,7 @@ describe("#collections.update", () => {
 
   it("allows editing from private to non-private collection", async () => {
     const { user, collection } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -1220,14 +1220,14 @@ describe("#collections.update", () => {
       body: {
         token: user.getJwtToken(),
         id: collection.id,
-        private: false,
+        permission: "read_write",
         name: "Test",
       },
     });
     const body = await res.json();
     expect(res.status).toEqual(200);
     expect(body.data.name).toBe("Test");
-    expect(body.data.private).toBe(false);
+    expect(body.data.permission).toBe("read_write");
 
     // ensure we return with a write level policy
     expect(body.policies.length).toBe(1);
@@ -1236,7 +1236,7 @@ describe("#collections.update", () => {
 
   it("allows editing by read-write collection user", async () => {
     const { user, collection } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -1258,7 +1258,7 @@ describe("#collections.update", () => {
   it("allows editing by read-write collection group user", async () => {
     const user = await buildUser();
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
 
@@ -1280,7 +1280,7 @@ describe("#collections.update", () => {
 
   it("does not allow editing by read-only collection user", async () => {
     const { user, collection } = await seed();
-    collection.private = true;
+    collection.permission = null;
     await collection.save();
 
     await CollectionUser.create({
@@ -1393,7 +1393,7 @@ describe("#collections.delete", () => {
   it("allows deleting by read-write collection group user", async () => {
     const user = await buildUser();
     const collection = await buildCollection({
-      private: true,
+      permission: null,
       teamId: user.teamId,
     });
     await buildCollection({