fix: Remove export permission for read-only users (#2220)
This commit is contained in:
@ -284,7 +284,7 @@ describe("#collections.export", () => {
|
||||
createdById: user.id,
|
||||
collectionId: collection.id,
|
||||
userId: user.id,
|
||||
permission: "read",
|
||||
permission: "read_write",
|
||||
});
|
||||
|
||||
const res = await server.post("/api/collections.export", {
|
||||
@ -305,7 +305,7 @@ describe("#collections.export", () => {
|
||||
await group.addUser(user, { through: { createdById: user.id } });
|
||||
|
||||
await collection.addGroup(group, {
|
||||
through: { permission: "read", createdById: user.id },
|
||||
through: { permission: "read_write", createdById: user.id },
|
||||
});
|
||||
|
||||
const res = await server.post("/api/collections.export", {
|
||||
|
@ -25,7 +25,7 @@ allow(User, "move", Collection, (user, collection) => {
|
||||
throw new AdminRequiredError();
|
||||
});
|
||||
|
||||
allow(User, ["read", "export"], Collection, (user, collection) => {
|
||||
allow(User, "read", Collection, (user, collection) => {
|
||||
if (!collection || user.teamId !== collection.teamId) return false;
|
||||
|
||||
if (!collection.permission) {
|
||||
@ -47,7 +47,7 @@ allow(User, ["read", "export"], Collection, (user, collection) => {
|
||||
return true;
|
||||
});
|
||||
|
||||
allow(User, "share", Collection, (user, collection) => {
|
||||
allow(User, ["share", "export"], Collection, (user, collection) => {
|
||||
if (user.isViewer) return false;
|
||||
if (!collection || user.teamId !== collection.teamId) return false;
|
||||
if (!collection.sharing) return false;
|
||||
|
@ -59,7 +59,7 @@ describe("read permission", () => {
|
||||
});
|
||||
const abilities = serialize(user, collection);
|
||||
expect(abilities.read).toEqual(true);
|
||||
expect(abilities.export).toEqual(true);
|
||||
expect(abilities.export).toEqual(false);
|
||||
expect(abilities.update).toEqual(false);
|
||||
expect(abilities.share).toEqual(false);
|
||||
});
|
||||
|
Reference in New Issue
Block a user