fix: visible groups (#2729)

* updated readme to give some light testing instructions
* updated tests to accept new behavior for group memberships
* use test factories in more places
* add debug logs for mailer events in development
This commit is contained in:
Nan Yu 2021-11-15 16:05:58 -08:00 committed by GitHub
parent 8a76dd49a0
commit ec5e3120d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 30 additions and 19 deletions

View File

@ -101,6 +101,13 @@ For contributing features and fixes you can quickly get an environment running u
1. Ensure that the bot token scope contains at least `users:read`
1. Run `make up`. This will download dependencies, build and launch a development version of Outline
### Testing
The `Makefile` has other useful scripts, including some test automation.
1. To run the entire test suite, run `make test`
1. During development, it's often useful, to re-run some tests every time a file is changed. Use `make watch` to start the test daemon and follow the instructions in the console
# Contributing
Outline is built and maintained by a small team we'd love your help to fix bugs and add features!

View File

@ -204,12 +204,18 @@ export class Mailer {
};
signin = async (opts: { to: string, token: string, teamUrl: string }) => {
const signInLink = signinEmailText(opts);
if (process.env.NODE_ENV === "development") {
Logger.debug("email", `Sign-In link: ${signInLink}`);
}
this.sendMail({
to: opts.to,
title: "Magic signin link",
previewText: "Heres your link to signin to Outline.",
html: <SigninEmail {...opts} />,
text: signinEmailText(opts),
text: signInLink,
});
};

View File

@ -12,12 +12,10 @@ allow(User, "createGroup", Team, (actor, team) => {
});
allow(User, "read", Group, (actor, group) => {
// for the time being, we're going to let everyone on the team see every group
// we may need to make this more granular in the future
if (!group || actor.teamId !== group.teamId) return false;
if (actor.isAdmin) return true;
if (group.groupMemberships.filter((gm) => gm.userId === actor.id).length) {
return true;
}
return false;
return true;
});
allow(User, ["update", "delete"], Group, (actor, group) => {

View File

@ -1059,7 +1059,7 @@ describe("#documents.search", () => {
});
it("should strip junk from search term", async () => {
const { user } = await seed();
const user = await buildUser();
const firstResult = await buildDocument({
title: "search term",
text: "this is some random text of the document body",
@ -1137,7 +1137,7 @@ describe("#documents.search", () => {
});
it("should not return draft documents created by other users", async () => {
const { user } = await seed();
const user = await buildUser();
await buildDocument({
title: "search term",
text: "search term",
@ -1176,7 +1176,7 @@ describe("#documents.search", () => {
});
it("should return archived documents if chosen", async () => {
const { user } = await seed();
const user = await buildUser();
const document = await buildDocument({
title: "search term",
text: "search term",
@ -1230,7 +1230,11 @@ describe("#documents.search", () => {
});
it("should return documents for a specific private collection", async () => {
const { user, collection } = await seed();
const user = await buildUser();
const collection = await buildCollection({
teamId: user.teamId,
});
collection.permission = null;
await collection.save();

View File

@ -33,13 +33,6 @@ router.post("groups.list", auth(), pagination(), async (ctx) => {
limit: ctx.state.pagination.limit,
});
if (!user.isAdmin) {
groups = groups.filter(
(group) =>
group.groupMemberships.filter((gm) => gm.userId === user.id).length
);
}
ctx.body = {
pagination: ctx.state.pagination,
data: {

View File

@ -203,7 +203,7 @@ describe("#groups.info", () => {
expect(body.data.id).toEqual(group.id);
});
it("should not return group if non-member, non-admin", async () => {
it("should still return group if non-member, non-admin", async () => {
const user = await buildUser();
const group = await buildGroup({ teamId: user.teamId });
@ -211,7 +211,10 @@ describe("#groups.info", () => {
body: { token: user.getJwtToken(), id: group.id },
});
expect(res.status).toEqual(403);
const body = await res.json();
expect(res.status).toEqual(200);
expect(body.data.id).toEqual(group.id);
});
it("should require authentication", async () => {