fix: Remove export permission for read-only users (#2220)

This commit is contained in:
Tom Moor
2021-06-13 14:41:29 -07:00
committed by GitHub
parent 756ec92cdb
commit 89f8df619c
3 changed files with 5 additions and 5 deletions

View File

@ -284,7 +284,7 @@ describe("#collections.export", () => {
createdById: user.id,
collectionId: collection.id,
userId: user.id,
permission: "read",
permission: "read_write",
});
const res = await server.post("/api/collections.export", {
@ -305,7 +305,7 @@ describe("#collections.export", () => {
await group.addUser(user, { through: { createdById: user.id } });
await collection.addGroup(group, {
through: { permission: "read", createdById: user.id },
through: { permission: "read_write", createdById: user.id },
});
const res = await server.post("/api/collections.export", {

View File

@ -25,7 +25,7 @@ allow(User, "move", Collection, (user, collection) => {
throw new AdminRequiredError();
});
allow(User, ["read", "export"], Collection, (user, collection) => {
allow(User, "read", Collection, (user, collection) => {
if (!collection || user.teamId !== collection.teamId) return false;
if (!collection.permission) {
@ -47,7 +47,7 @@ allow(User, ["read", "export"], Collection, (user, collection) => {
return true;
});
allow(User, "share", Collection, (user, collection) => {
allow(User, ["share", "export"], Collection, (user, collection) => {
if (user.isViewer) return false;
if (!collection || user.teamId !== collection.teamId) return false;
if (!collection.sharing) return false;

View File

@ -59,7 +59,7 @@ describe("read permission", () => {
});
const abilities = serialize(user, collection);
expect(abilities.read).toEqual(true);
expect(abilities.export).toEqual(true);
expect(abilities.export).toEqual(false);
expect(abilities.update).toEqual(false);
expect(abilities.share).toEqual(false);
});