fix: Server error when loading documents.info with shareId and user token and child documents shared
closes #2527
This commit is contained in:
Tom Moor
parent
476b5e03f9
commit
a3df9e868f
|
|
@ -541,8 +541,7 @@ async function loadDocument({
|
|||
const canReadDocument = can(user, "read", document);
|
||||
if (canReadDocument) {
|
||||
await share.update({ lastAccessedAt: new Date() });
|
||||
|
||||
return { document, share, collection };
|
||||
return { document, share, collection: document.collection };
|
||||
}
|
||||
|
||||
// "published" === on the public internet.
|
||||
|
|
|
|||
|
|
@ -267,23 +267,45 @@ describe("#documents.info", () => {
|
|||
});
|
||||
expect(res.status).toEqual(403);
|
||||
});
|
||||
});
|
||||
|
||||
it("should not return document from shareId if sharing is disabled for team", async () => {
|
||||
const { document, team, user } = await seed();
|
||||
const share = await buildShare({
|
||||
documentId: document.id,
|
||||
teamId: document.teamId,
|
||||
userId: user.id,
|
||||
it("should not return document from shareId if sharing is disabled for team", async () => {
|
||||
const { document, team, user } = await seed();
|
||||
const share = await buildShare({
|
||||
documentId: document.id,
|
||||
teamId: document.teamId,
|
||||
userId: user.id,
|
||||
});
|
||||
|
||||
team.sharing = false;
|
||||
await team.save();
|
||||
|
||||
const res = await server.post("/api/documents.info", {
|
||||
body: { shareId: share.id, apiVersion: 2 },
|
||||
});
|
||||
expect(res.status).toEqual(403);
|
||||
});
|
||||
|
||||
team.sharing = false;
|
||||
await team.save();
|
||||
it("should return document from shareId if public sharing is disabled but the user has permission to read", async () => {
|
||||
const { document, collection, team, user } = await seed();
|
||||
const share = await buildShare({
|
||||
includeChildDocuments: true,
|
||||
documentId: document.id,
|
||||
teamId: document.teamId,
|
||||
userId: user.id,
|
||||
});
|
||||
|
||||
const res = await server.post("/api/documents.info", {
|
||||
body: { shareId: share.id },
|
||||
team.sharing = false;
|
||||
await team.save();
|
||||
|
||||
collection.sharing = false;
|
||||
await collection.save();
|
||||
|
||||
const res = await server.post("/api/documents.info", {
|
||||
body: { token: user.getJwtToken(), shareId: share.id, apiVersion: 2 },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
expect(res.status).toEqual(403);
|
||||
});
|
||||
|
||||
it("should not return document from shareId if sharing is disabled for collection", async () => {
|
||||
|
|
@ -303,27 +325,6 @@ describe("#documents.info", () => {
|
|||
expect(res.status).toEqual(403);
|
||||
});
|
||||
|
||||
it("should return document from shareId if public sharing is disabled but the user has permission to read", async () => {
|
||||
const { document, collection, team, user } = await seed();
|
||||
const share = await buildShare({
|
||||
documentId: document.id,
|
||||
teamId: document.teamId,
|
||||
userId: user.id,
|
||||
});
|
||||
|
||||
team.sharing = false;
|
||||
await team.save();
|
||||
|
||||
collection.sharing = false;
|
||||
await collection.save();
|
||||
|
||||
const res = await server.post("/api/documents.info", {
|
||||
body: { token: user.getJwtToken(), shareId: share.id },
|
||||
});
|
||||
|
||||
expect(res.status).toEqual(200);
|
||||
});
|
||||
|
||||
it("should not return document from revoked shareId", async () => {
|
||||
const { document, user } = await seed();
|
||||
const share = await buildShare({
|
||||
|
|
|
|||
Reference in New Issue