Skip to content

Commit

Permalink
fix: Policies on archived documents disallow unarchive (#6862)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tommoor
tommoor committed May 2, 2024
1 parent 3298a1c commit 8dc530a
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 15 deletions.
4 changes: 2 additions & 2 deletions app/actions/definitions/documents.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -616,7 +616,7 @@ export const searchInDocument = createAction({
return false;
}
const document = stores.documents.get(activeDocumentId);
return !document?.isDeleted;
return !!document?.isActive;
},
perform: ({ activeDocumentId }) => {
history.push(searchPath(undefined, { documentId: activeDocumentId }));
Expand Down Expand Up @@ -692,7 +692,7 @@ export const createTemplate = createAction({
!!activeCollectionId &&
stores.policies.abilities(activeCollectionId).update &&
!document?.isTemplate &&
!document?.isDeleted
!!document?.isActive
);
},
perform: ({ activeDocumentId, stores, t, event }) => {
Expand Down
26 changes: 26 additions & 0 deletions server/policies/document.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,3 +277,29 @@ describe("no collection", () => {
expect(abilities.comment).toEqual(true);
});
});

describe("archived document", () => {
it("should have correct permissions", async () => {
const team = await buildTeam();
const user = await buildUser({ teamId: team.id });
const doc = await buildDocument({
teamId: team.id,
userId: user.id,
archivedAt: new Date(),
});
// reload to get membership
const document = await Document.findByPk(doc.id, { userId: user.id });
const abilities = serialize(user, document);
expect(abilities.read).toEqual(true);
expect(abilities.download).toEqual(true);
expect(abilities.delete).toEqual(true);
expect(abilities.unsubscribe).toEqual(true);
expect(abilities.unarchive).toEqual(true);
expect(abilities.update).toEqual(false);
expect(abilities.createChildDocument).toEqual(false);
expect(abilities.archive).toEqual(false);
expect(abilities.share).toEqual(false);
expect(abilities.move).toEqual(false);
expect(abilities.comment).toEqual(false);
});
});
8 changes: 6 additions & 2 deletions server/policies/document.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ allow(User, "pinToHome", Document, (actor, document) =>
isTeamMutable(actor),
!document?.isDraft,
!document?.template,
!document?.isDeleted
!!document?.isActive
)
);

Expand All @@ -157,7 +157,11 @@ allow(User, "delete", Document, (actor, document) =>
isTeamMutable(actor),
!actor.isGuest,
!document?.isDeleted,
or(can(actor, "update", document), !document?.collection)
or(
can(actor, "unarchive", document),
can(actor, "update", document),
!document?.collection
)
)
);

Expand Down
12 changes: 1 addition & 11 deletions server/routes/api/documents/documents.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,17 +210,7 @@ router.post(
const { sort, direction } = ctx.input.body;
const { user } = ctx.state.auth;
const collectionIds = await user.collectionIds();
const collectionScope: Readonly<ScopeOptions> = {
method: ["withCollectionPermissions", user.id],
};
const viewScope: Readonly<ScopeOptions> = {
method: ["withViews", user.id],
};
const documents = await Document.scope([
"defaultScope",
collectionScope,
viewScope,
]).findAll({
const documents = await Document.defaultScopeWithUser(user.id).findAll({
where: {
teamId: user.teamId,
collectionId: collectionIds,
Expand Down

0 comments on commit 8dc530a

Please sign in to comment.