coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: Add read-only collections (#1991)

Browse Source 
closes #1017
This commit is contained in:
Tom Moor
2021-03-30 21:02:08 -07:00
committed by GitHub
parent d7acf616cf
commit 7e1b07ef98
50 changed files with 940 additions and 558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
server/api/documents.test.js
View File

@ -50,7 +50,7 @@ describe("#documents.info", () => {
it("should not return published document in collection not a member of", async () => {
const user = await buildUser();
const collection = await buildCollection({
private: true,
permission: null,
teamId: user.teamId,
});
const document = await buildDocument({ collectionId: collection.id });
@ -209,7 +209,7 @@ describe("#documents.info", () => {
userId: user.id,
});
collection.private = true;
collection.permission = null;
await collection.save();
const res = await server.post("/api/documents.info", {
@ -282,7 +282,7 @@ describe("#documents.export", () => {
it("should not return published document in collection not a member of", async () => {
const user = await buildUser();
const collection = await buildCollection({
private: true,
permission: null,
teamId: user.teamId,
});
const document = await buildDocument({ collectionId: collection.id });
@ -400,7 +400,7 @@ describe("#documents.export", () => {
userId: user.id,
});
collection.private = true;
collection.permission = null;
await collection.save();
const res = await server.post("/api/documents.export", {
@ -501,7 +501,7 @@ describe("#documents.list", () => {
it("should not return documents in private collections not a member of", async () => {
const { user, collection } = await seed();
collection.private = true;
collection.permission = null;
await collection.save();
const res = await server.post("/api/documents.list", {
@ -573,7 +573,7 @@ describe("#documents.list", () => {
it("should allow filtering to private collection", async () => {
const { user, collection } = await seed();
collection.private = true;
collection.permission = null;
await collection.save();
await CollectionUser.create({
@ -647,7 +647,7 @@ describe("#documents.pinned", () => {
it("should return pinned documents in private collections member of", async () => {
const { user, collection, document } = await seed();
collection.private = true;
collection.permission = null;
await collection.save();
document.pinnedById = user.id;
@ -672,7 +672,7 @@ describe("#documents.pinned", () => {
it("should not return pinned documents in private collections not a member of", async () => {
const collection = await buildCollection({
private: true,
permission: null,
});
const user = await buildUser({ teamId: collection.teamId });
@ -710,7 +710,7 @@ describe("#documents.drafts", () => {
document.publishedAt = null;
await document.save();
collection.private = true;
collection.permission = null;
await collection.save();
const res = await server.post("/api/documents.drafts", {
@ -996,7 +996,7 @@ describe("#documents.search", () => {
it("should return documents for a specific private collection", async () => {
const { user, collection } = await seed();
collection.private = true;
collection.permission = null;
await collection.save();
await CollectionUser.create({
@ -1061,7 +1061,7 @@ describe("#documents.search", () => {
it("should not return documents in private collections not a member of", async () => {
const { user } = await seed();
const collection = await buildCollection({ private: true });
const collection = await buildCollection({ permission: null });
await buildDocument({
title: "search term",
@ -1158,7 +1158,7 @@ describe("#documents.archived", () => {
it("should not return documents in private collections not a member of", async () => {
const { user } = await seed();
const collection = await buildCollection({ private: true });
const collection = await buildCollection({ permission: null });
const document = await buildDocument({
teamId: user.teamId,
@ -1224,7 +1224,7 @@ describe("#documents.viewed", () => {
it("should not return recently viewed documents in collection not a member of", async () => {
const { user, document, collection } = await seed();
await View.increment({ documentId: document.id, userId: user.id });
collection.private = true;
collection.permission = null;
await collection.save();
const res = await server.post("/api/documents.viewed", {
@ -1808,7 +1808,7 @@ describe("#documents.update", () => {
document.publishedAt = null;
await document.save();
collection.private = true;
collection.permission = null;
await collection.save();
await CollectionUser.create({
@ -1903,7 +1903,7 @@ describe("#documents.update", () => {
it("allows editing by read-write collection user", async () => {
const { admin, document, collection } = await seed();
collection.private = true;
collection.permission = null;
await collection.save();
await CollectionUser.create({
@ -1931,7 +1931,7 @@ describe("#documents.update", () => {
it("does not allow editing by read-only collection user", async () => {
const { user, document, collection } = await seed();
collection.private = true;
collection.permission = null;
await collection.save();
await CollectionUser.create({
@ -1953,6 +1953,23 @@ describe("#documents.update", () => {
expect(res.status).toEqual(403);
});
it("does not allow editing in read-only collection", async () => {
const { user, document, collection } = await seed();
collection.permission = "read";
await collection.save();
const res = await server.post("/api/documents.update", {
body: {
token: user.getJwtToken(),
id: document.id,
text: "Changed text",
lastRevision: document.revision,
},
});
expect(res.status).toEqual(403);
});
it("should append document with text", async () => {
const { user, document } = await seed();