fix: Server error when loading documents.info with shareId and user token and child documents shared
closes #2527
This commit is contained in:
parent
476b5e03f9
commit
a3df9e868f
|
@ -541,8 +541,7 @@ async function loadDocument({
|
||||||
const canReadDocument = can(user, "read", document);
|
const canReadDocument = can(user, "read", document);
|
||||||
if (canReadDocument) {
|
if (canReadDocument) {
|
||||||
await share.update({ lastAccessedAt: new Date() });
|
await share.update({ lastAccessedAt: new Date() });
|
||||||
|
return { document, share, collection: document.collection };
|
||||||
return { document, share, collection };
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// "published" === on the public internet.
|
// "published" === on the public internet.
|
||||||
|
|
|
@ -267,23 +267,45 @@ describe("#documents.info", () => {
|
||||||
});
|
});
|
||||||
expect(res.status).toEqual(403);
|
expect(res.status).toEqual(403);
|
||||||
});
|
});
|
||||||
});
|
|
||||||
|
|
||||||
it("should not return document from shareId if sharing is disabled for team", async () => {
|
it("should not return document from shareId if sharing is disabled for team", async () => {
|
||||||
const { document, team, user } = await seed();
|
const { document, team, user } = await seed();
|
||||||
const share = await buildShare({
|
const share = await buildShare({
|
||||||
documentId: document.id,
|
documentId: document.id,
|
||||||
teamId: document.teamId,
|
teamId: document.teamId,
|
||||||
userId: user.id,
|
userId: user.id,
|
||||||
|
});
|
||||||
|
|
||||||
|
team.sharing = false;
|
||||||
|
await team.save();
|
||||||
|
|
||||||
|
const res = await server.post("/api/documents.info", {
|
||||||
|
body: { shareId: share.id, apiVersion: 2 },
|
||||||
|
});
|
||||||
|
expect(res.status).toEqual(403);
|
||||||
});
|
});
|
||||||
|
|
||||||
team.sharing = false;
|
it("should return document from shareId if public sharing is disabled but the user has permission to read", async () => {
|
||||||
await team.save();
|
const { document, collection, team, user } = await seed();
|
||||||
|
const share = await buildShare({
|
||||||
|
includeChildDocuments: true,
|
||||||
|
documentId: document.id,
|
||||||
|
teamId: document.teamId,
|
||||||
|
userId: user.id,
|
||||||
|
});
|
||||||
|
|
||||||
const res = await server.post("/api/documents.info", {
|
team.sharing = false;
|
||||||
body: { shareId: share.id },
|
await team.save();
|
||||||
|
|
||||||
|
collection.sharing = false;
|
||||||
|
await collection.save();
|
||||||
|
|
||||||
|
const res = await server.post("/api/documents.info", {
|
||||||
|
body: { token: user.getJwtToken(), shareId: share.id, apiVersion: 2 },
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(res.status).toEqual(200);
|
||||||
});
|
});
|
||||||
expect(res.status).toEqual(403);
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should not return document from shareId if sharing is disabled for collection", async () => {
|
it("should not return document from shareId if sharing is disabled for collection", async () => {
|
||||||
|
@ -303,27 +325,6 @@ describe("#documents.info", () => {
|
||||||
expect(res.status).toEqual(403);
|
expect(res.status).toEqual(403);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should return document from shareId if public sharing is disabled but the user has permission to read", async () => {
|
|
||||||
const { document, collection, team, user } = await seed();
|
|
||||||
const share = await buildShare({
|
|
||||||
documentId: document.id,
|
|
||||||
teamId: document.teamId,
|
|
||||||
userId: user.id,
|
|
||||||
});
|
|
||||||
|
|
||||||
team.sharing = false;
|
|
||||||
await team.save();
|
|
||||||
|
|
||||||
collection.sharing = false;
|
|
||||||
await collection.save();
|
|
||||||
|
|
||||||
const res = await server.post("/api/documents.info", {
|
|
||||||
body: { token: user.getJwtToken(), shareId: share.id },
|
|
||||||
});
|
|
||||||
|
|
||||||
expect(res.status).toEqual(200);
|
|
||||||
});
|
|
||||||
|
|
||||||
it("should not return document from revoked shareId", async () => {
|
it("should not return document from revoked shareId", async () => {
|
||||||
const { document, user } = await seed();
|
const { document, user } = await seed();
|
||||||
const share = await buildShare({
|
const share = await buildShare({
|
||||||
|
|
Reference in New Issue