gristlabs_grist-core/test/gen-server/lib/everyone.ts

import {Workspace} from 'app/common/UserAPI';
import {assert} from 'chai';
import {TestServer} from 'test/gen-server/apiUtils';
import * as testUtils from 'test/server/testUtils';

describe('everyone', function() {
  let home: TestServer;
  testUtils.setTmpLogLevel('error');

  before(async function() {
    home = new TestServer(this);
    await home.start();
  });

  after(async function() {
    await home.stop();
  });

  /**
   * Assert that the specified workspaces and their material are public,
   * and that all other workspaces are not.
   */
  async function assertPublic(wss: Workspace[], publicWorkspaces: string[]) {
    for (const ws of wss) {
      const expectedPublic = publicWorkspaces.includes(ws.name) || undefined;
      assert.equal(ws.public, expectedPublic);
      for (const doc of ws.docs) {
        assert.equal(doc.public, expectedPublic);
      }
    }
  }

  it('support account can share a listed workspace with all users', async function() {

    // Share a workspace in support's personal org with everyone
    let api = await home.createHomeApi('Support', 'docs');
    await home.upgradePersonalOrg('Support');
    const wsId = await api.newWorkspace({name: 'Samples'}, 'current');
    const docId = await api.newDoc({name: 'an example'}, wsId);
    await api.updateWorkspacePermissions(wsId, {
      users: {'everyone@getgrist.com': 'viewers',
              'anon@getgrist.com': 'viewers'}
    });

    // Check a fresh user can see that workspace
    const altApi = await home.createHomeApi('testuser', 'docs');
    let wss = await altApi.getOrgWorkspaces('current');
    assert.deepEqual(wss.map(ws => ws.name), ['Home', 'Samples']);
    assert.deepEqual(wss[1].docs.map(doc => doc.id), [docId]);

    // Check that public flag is set in everything the fresh user can see outside its Home.
    await assertPublic(wss, ['Samples']);

    // Check existing users can see that workspace
    const chimpyApi = await home.createHomeApi('Chimpy', 'docs');
    wss = await chimpyApi.getOrgWorkspaces('current');
    assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public', 'Samples']);
    assert.deepEqual(wss.map(ws => ws.isSupportWorkspace), [false, false, true]);
    // Public and Private could be in either order, but Samples should be last
    // (api returns workspaces in chronological order).
    assert.equal(wss[2].name, 'Samples');
    assert.deepEqual(wss[2].docs.map(doc => doc.id), [docId]);
    await assertPublic(wss, ['Samples']);

    // Check that workspace also shows up in regular orgs
    const nasaApi = await home.createHomeApi('Chimpy', 'nasa');
    wss = await nasaApi.getOrgWorkspaces('current');
    assert.deepEqual(wss.map(ws => ws.name), ['Horizon', 'Rovers', 'Samples']);
    assert.deepEqual(wss.map(ws => ws.isSupportWorkspace), [false, false, true]);
    await assertPublic(wss, ['Samples']);

    // Need to recreate api because of cookies
    api = await home.createHomeApi('Support', 'docs');
    await api.deleteWorkspace(wsId);
  });

  it('can share unlisted docs in personal org with all users', async function() {
    const api = await home.createHomeApi('Supportish', 'docs');
    await home.upgradePersonalOrg('Supportish');
    const wsId = await api.newWorkspace({name: 'Samples2'}, 'current');
    const docId = await api.newDoc({name: 'an example'}, wsId);
    // Check other users cannot access the doc yet
    const chimpyApi = await home.createHomeApi('Chimpy', 'docs', true);
    await assert.isRejected(chimpyApi.getDoc(docId), /access denied/);
    // Share doc with everyone
    await api.updateDocPermissions(docId, {
      users: {'everyone@getgrist.com': 'viewers'}
    });
    // Check other users can access the doc now
    assert.equal((await chimpyApi.getDoc(docId)).access, 'viewers');
    // Check that doc is marked as public
    assert.equal((await chimpyApi.getDoc(docId)).public, true);
    // Check they don't see doc listed
    let wss = await chimpyApi.getOrgWorkspaces('current');
    assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public']);

    // Share every way possible via api
    await api.updateWorkspacePermissions(wsId, {
      users: {'everyone@getgrist.com': 'viewers'}
    });
    await assert.isRejected(api.updateOrgPermissions(0, {
      users: {'everyone@getgrist.com': 'viewers'}
    }), /cannot share with everyone at top level/);
    // Check existing users still don't see doc listed
    wss = await chimpyApi.getOrgWorkspaces('current');
    assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public']);
  });

  it('can share unlisted docs in team sites with all users', async function() {
    const chimpyApi = await home.createHomeApi('Chimpy', 'nasa', true);
    const wsId = await chimpyApi.newWorkspace({name: 'Samples'}, 'current');
    const docId = await chimpyApi.newDoc({name: 'an example'}, wsId);

    // Check a fresh user cannot see that doc
    const altApi = await home.createHomeApi('testuser', 'nasa', false, false);
    await assert.isRejected(altApi.getDoc(docId), /access denied/i);

    // Share doc with everyone
    await chimpyApi.updateDocPermissions(docId, {
      users: {'everyone@getgrist.com': 'viewers'}
    });

    // Check a fresh user can now see that doc
    await assert.isFulfilled(altApi.getDoc(docId));

    // Check that doc is marked as public
    assert.equal((await altApi.getDoc(docId)).public, true);

    // But can't list that doc in team site
    await assert.isRejected(altApi.getOrgWorkspaces('current'), /access denied/);

    // Also can't list the doc in workspace
    await assert.isRejected(altApi.getWorkspace(wsId), /access denied/);
  });

  it('can share public docs without them being listed indirectly', async function() {
    const chimpyApi = await home.createHomeApi('Chimpy', 'nasa', true);
    const wsId = await chimpyApi.newWorkspace({name: 'Samples'}, 'current');
    const docId = await chimpyApi.newDoc({name: 'an example'}, wsId);
    const docId2 = await chimpyApi.newDoc({name: 'another example'}, wsId);

    // Share one doc with everyone
    await chimpyApi.updateDocPermissions(docId, {
      users: {'everyone@getgrist.com': 'viewers'}
    });

    // Share one doc with everyone, the other with a specific test user at the doc level
    const altApi = await home.createHomeApi('testuser', 'nasa', false, false);
    await chimpyApi.updateDocPermissions(docId, {
      users: {'everyone@getgrist.com': 'viewers'}
    });
    await chimpyApi.updateDocPermissions(docId2, {
      users: {'testuser@getgrist.com': 'viewers'}
    });

    // Check test user can access both docs
    await assert.isFulfilled(altApi.getDoc(docId));
    await assert.isFulfilled(altApi.getDoc(docId2));

    // Check test user can only list the documents shared with them
    // through a route other than public sharing
    assert.deepEqual((await altApi.getOrgWorkspaces('current'))[0].docs.map(doc => doc.name),
                     ['another example']);
    assert.deepEqual((await altApi.getWorkspace(wsId)).docs.map(doc => doc.name),
                     ['another example']);

    // Check that a viewer at org level can see all docs listed, and access them
    // (there was a bug where a doc shared with everyone@ as viewer would get hidden
    // from top-level viewers)
    await chimpyApi.updateOrgPermissions('current', {
      users: {'testuser2@getgrist.com': 'viewers'}
    });
    const altApi2 = await home.createHomeApi('testuser2', 'nasa', false, false);
    await assert.isFulfilled(altApi2.getDoc(docId));
    await assert.isFulfilled(altApi2.getDoc(docId2));
    assert.sameMembers((await altApi2.getWorkspace(wsId)).docs.map(doc => doc.name),
                       ['an example', 'another example']);
  });
});
(core) test: move gen-server tests into core Summary: These are tests that we just never moved into the public repo. It's just a small chore to make them public. Test Plan: Make sure the tests still pass Reviewers: jarek Reviewed By: jarek Differential Revision: https://phab.getgrist.com/D4311 2024-08-07 17:20:20 +00:00			`import {Workspace} from 'app/common/UserAPI';`
			`import {assert} from 'chai';`
			`import {TestServer} from 'test/gen-server/apiUtils';`
			`import * as testUtils from 'test/server/testUtils';`

			`describe('everyone', function() {`
			`let home: TestServer;`
			`testUtils.setTmpLogLevel('error');`

			`before(async function() {`
			`home = new TestServer(this);`
			`await home.start();`
			`});`

			`after(async function() {`
			`await home.stop();`
			`});`

			`/**`
			`* Assert that the specified workspaces and their material are public,`
			`* and that all other workspaces are not.`
			`*/`
			`async function assertPublic(wss: Workspace[], publicWorkspaces: string[]) {`
			`for (const ws of wss) {`
			`const expectedPublic = publicWorkspaces.includes(ws.name) \|\| undefined;`
			`assert.equal(ws.public, expectedPublic);`
			`for (const doc of ws.docs) {`
			`assert.equal(doc.public, expectedPublic);`
			`}`
			`}`
			`}`

			`it('support account can share a listed workspace with all users', async function() {`

			`// Share a workspace in support's personal org with everyone`
			`let api = await home.createHomeApi('Support', 'docs');`
			`await home.upgradePersonalOrg('Support');`
			`const wsId = await api.newWorkspace({name: 'Samples'}, 'current');`
			`const docId = await api.newDoc({name: 'an example'}, wsId);`
			`await api.updateWorkspacePermissions(wsId, {`
			`users: {'everyone@getgrist.com': 'viewers',`
			`'anon@getgrist.com': 'viewers'}`
			`});`

			`// Check a fresh user can see that workspace`
			`const altApi = await home.createHomeApi('testuser', 'docs');`
			`let wss = await altApi.getOrgWorkspaces('current');`
			`assert.deepEqual(wss.map(ws => ws.name), ['Home', 'Samples']);`
			`assert.deepEqual(wss[1].docs.map(doc => doc.id), [docId]);`

			`// Check that public flag is set in everything the fresh user can see outside its Home.`
			`await assertPublic(wss, ['Samples']);`

			`// Check existing users can see that workspace`
			`const chimpyApi = await home.createHomeApi('Chimpy', 'docs');`
			`wss = await chimpyApi.getOrgWorkspaces('current');`
			`assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public', 'Samples']);`
			`assert.deepEqual(wss.map(ws => ws.isSupportWorkspace), [false, false, true]);`
			`// Public and Private could be in either order, but Samples should be last`
			`// (api returns workspaces in chronological order).`
			`assert.equal(wss[2].name, 'Samples');`
			`assert.deepEqual(wss[2].docs.map(doc => doc.id), [docId]);`
			`await assertPublic(wss, ['Samples']);`

			`// Check that workspace also shows up in regular orgs`
			`const nasaApi = await home.createHomeApi('Chimpy', 'nasa');`
			`wss = await nasaApi.getOrgWorkspaces('current');`
			`assert.deepEqual(wss.map(ws => ws.name), ['Horizon', 'Rovers', 'Samples']);`
			`assert.deepEqual(wss.map(ws => ws.isSupportWorkspace), [false, false, true]);`
			`await assertPublic(wss, ['Samples']);`

			`// Need to recreate api because of cookies`
			`api = await home.createHomeApi('Support', 'docs');`
			`await api.deleteWorkspace(wsId);`
			`});`

			`it('can share unlisted docs in personal org with all users', async function() {`
			`const api = await home.createHomeApi('Supportish', 'docs');`
			`await home.upgradePersonalOrg('Supportish');`
			`const wsId = await api.newWorkspace({name: 'Samples2'}, 'current');`
			`const docId = await api.newDoc({name: 'an example'}, wsId);`
			`// Check other users cannot access the doc yet`
			`const chimpyApi = await home.createHomeApi('Chimpy', 'docs', true);`
			`await assert.isRejected(chimpyApi.getDoc(docId), /access denied/);`
			`// Share doc with everyone`
			`await api.updateDocPermissions(docId, {`
			`users: {'everyone@getgrist.com': 'viewers'}`
			`});`
			`// Check other users can access the doc now`
			`assert.equal((await chimpyApi.getDoc(docId)).access, 'viewers');`
			`// Check that doc is marked as public`
			`assert.equal((await chimpyApi.getDoc(docId)).public, true);`
			`// Check they don't see doc listed`
			`let wss = await chimpyApi.getOrgWorkspaces('current');`
			`assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public']);`

			`// Share every way possible via api`
			`await api.updateWorkspacePermissions(wsId, {`
			`users: {'everyone@getgrist.com': 'viewers'}`
			`});`
			`await assert.isRejected(api.updateOrgPermissions(0, {`
			`users: {'everyone@getgrist.com': 'viewers'}`
			`}), /cannot share with everyone at top level/);`
			`// Check existing users still don't see doc listed`
			`wss = await chimpyApi.getOrgWorkspaces('current');`
			`assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public']);`
			`});`

			`it('can share unlisted docs in team sites with all users', async function() {`
			`const chimpyApi = await home.createHomeApi('Chimpy', 'nasa', true);`
			`const wsId = await chimpyApi.newWorkspace({name: 'Samples'}, 'current');`
			`const docId = await chimpyApi.newDoc({name: 'an example'}, wsId);`

			`// Check a fresh user cannot see that doc`
			`const altApi = await home.createHomeApi('testuser', 'nasa', false, false);`
			`await assert.isRejected(altApi.getDoc(docId), /access denied/i);`

			`// Share doc with everyone`
			`await chimpyApi.updateDocPermissions(docId, {`
			`users: {'everyone@getgrist.com': 'viewers'}`
			`});`

			`// Check a fresh user can now see that doc`
			`await assert.isFulfilled(altApi.getDoc(docId));`

			`// Check that doc is marked as public`
			`assert.equal((await altApi.getDoc(docId)).public, true);`

			`// But can't list that doc in team site`
			`await assert.isRejected(altApi.getOrgWorkspaces('current'), /access denied/);`

			`// Also can't list the doc in workspace`
			`await assert.isRejected(altApi.getWorkspace(wsId), /access denied/);`
			`});`

			`it('can share public docs without them being listed indirectly', async function() {`
			`const chimpyApi = await home.createHomeApi('Chimpy', 'nasa', true);`
			`const wsId = await chimpyApi.newWorkspace({name: 'Samples'}, 'current');`
			`const docId = await chimpyApi.newDoc({name: 'an example'}, wsId);`
			`const docId2 = await chimpyApi.newDoc({name: 'another example'}, wsId);`

			`// Share one doc with everyone`
			`await chimpyApi.updateDocPermissions(docId, {`
			`users: {'everyone@getgrist.com': 'viewers'}`
			`});`

			`// Share one doc with everyone, the other with a specific test user at the doc level`
			`const altApi = await home.createHomeApi('testuser', 'nasa', false, false);`
			`await chimpyApi.updateDocPermissions(docId, {`
			`users: {'everyone@getgrist.com': 'viewers'}`
			`});`
			`await chimpyApi.updateDocPermissions(docId2, {`
			`users: {'testuser@getgrist.com': 'viewers'}`
			`});`

			`// Check test user can access both docs`
			`await assert.isFulfilled(altApi.getDoc(docId));`
			`await assert.isFulfilled(altApi.getDoc(docId2));`

			`// Check test user can only list the documents shared with them`
			`// through a route other than public sharing`
			`assert.deepEqual((await altApi.getOrgWorkspaces('current'))[0].docs.map(doc => doc.name),`
			`['another example']);`
			`assert.deepEqual((await altApi.getWorkspace(wsId)).docs.map(doc => doc.name),`
			`['another example']);`

			`// Check that a viewer at org level can see all docs listed, and access them`
			`// (there was a bug where a doc shared with everyone@ as viewer would get hidden`
			`// from top-level viewers)`
			`await chimpyApi.updateOrgPermissions('current', {`
			`users: {'testuser2@getgrist.com': 'viewers'}`
			`});`
			`const altApi2 = await home.createHomeApi('testuser2', 'nasa', false, false);`
			`await assert.isFulfilled(altApi2.getDoc(docId));`
			`await assert.isFulfilled(altApi2.getDoc(docId2));`
			`assert.sameMembers((await altApi2.getWorkspace(wsId)).docs.map(doc => doc.name),`
			`['an example', 'another example']);`
			`});`
			`});`