coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Filter shares.list endpoint by admin

Browse Source
This commit is contained in:
Tom Moor
2018-05-23 22:55:01 -07:00
parent 47fb968009
commit aeb97ddcae
2 changed files with 30 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/api/shares.js
View File

@ -5,6 +5,7 @@ import pagination from './middlewares/pagination';
import { presentShare } from '../presenters'; import { presentShare } from '../presenters';
import { Document, User, Share } from '../models'; import { Document, User, Share } from '../models';
import policy from '../policies'; import policy from '../policies';
import { constants } from 'os';
const { authorize } = policy; const { authorize } = policy;
const router = new Router(); const router = new Router();
@ -14,8 +15,12 @@ router.post('shares.list', auth(), pagination(), async ctx => {
if (direction !== 'ASC') direction = 'DESC'; if (direction !== 'ASC') direction = 'DESC';
const user = ctx.state.user; const user = ctx.state.user;
const where = { teamId: user.teamId, userId: user.id };
if (user.isAdmin) delete where.userId;
const shares = await Share.findAll({ const shares = await Share.findAll({
where: { teamId: user.teamId }, where,
order: [[sort, direction]], order: [[sort, direction]],
include: [ include: [
{ {

26
server/api/shares.test.js
View File

@ -10,12 +10,17 @@ beforeEach(flushdb);
afterAll(server.close); afterAll(server.close);
describe('#shares.list', async () => { describe('#shares.list', async () => {
it('should return a list of shares', async () => { it('should only return shares created by user', async () => {
const { user, document } = await seed(); const { user, document } = await seed();
const share = await buildShare({ await buildShare({
documentId: document.id, documentId: document.id,
teamId: user.teamId, teamId: user.teamId,
}); });
const share = await buildShare({
documentId: document.id,
teamId: user.teamId,
userId: user.id,
});
const res = await server.post('/api/shares.list', { const res = await server.post('/api/shares.list', {
body: { token: user.getJwtToken() }, body: { token: user.getJwtToken() },
}); });
@ -27,6 +32,23 @@ describe('#shares.list', async () => {
expect(body.data[0].documentTitle).toBe(document.title); expect(body.data[0].documentTitle).toBe(document.title);
}); });
it('admins should only return shares created by all users', async () => {
const { admin, document } = await seed();
const share = await buildShare({
documentId: document.id,
teamId: admin.teamId,
});
const res = await server.post('/api/shares.list', {
body: { token: admin.getJwtToken() },
});
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.length).toEqual(1);
expect(body.data[0].id).toEqual(share.id);
expect(body.data[0].documentTitle).toBe(document.title);
});
it('should require authentication', async () => { it('should require authentication', async () => {
const res = await server.post('/api/shares.list'); const res = await server.post('/api/shares.list');
const body = await res.json(); const body = await res.json();