You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
180 lines
7.6 KiB
180 lines
7.6 KiB
import {Workspace} from 'app/common/UserAPI';
|
|
import {assert} from 'chai';
|
|
import {TestServer} from 'test/gen-server/apiUtils';
|
|
import * as testUtils from 'test/server/testUtils';
|
|
|
|
describe('everyone', function() {
|
|
let home: TestServer;
|
|
testUtils.setTmpLogLevel('error');
|
|
|
|
before(async function() {
|
|
home = new TestServer(this);
|
|
await home.start();
|
|
});
|
|
|
|
after(async function() {
|
|
await home.stop();
|
|
});
|
|
|
|
/**
|
|
* Assert that the specified workspaces and their material are public,
|
|
* and that all other workspaces are not.
|
|
*/
|
|
async function assertPublic(wss: Workspace[], publicWorkspaces: string[]) {
|
|
for (const ws of wss) {
|
|
const expectedPublic = publicWorkspaces.includes(ws.name) || undefined;
|
|
assert.equal(ws.public, expectedPublic);
|
|
for (const doc of ws.docs) {
|
|
assert.equal(doc.public, expectedPublic);
|
|
}
|
|
}
|
|
}
|
|
|
|
it('support account can share a listed workspace with all users', async function() {
|
|
|
|
// Share a workspace in support's personal org with everyone
|
|
let api = await home.createHomeApi('Support', 'docs');
|
|
await home.upgradePersonalOrg('Support');
|
|
const wsId = await api.newWorkspace({name: 'Samples'}, 'current');
|
|
const docId = await api.newDoc({name: 'an example'}, wsId);
|
|
await api.updateWorkspacePermissions(wsId, {
|
|
users: {'everyone@getgrist.com': 'viewers',
|
|
'anon@getgrist.com': 'viewers'}
|
|
});
|
|
|
|
// Check a fresh user can see that workspace
|
|
const altApi = await home.createHomeApi('testuser', 'docs');
|
|
let wss = await altApi.getOrgWorkspaces('current');
|
|
assert.deepEqual(wss.map(ws => ws.name), ['Home', 'Samples']);
|
|
assert.deepEqual(wss[1].docs.map(doc => doc.id), [docId]);
|
|
|
|
// Check that public flag is set in everything the fresh user can see outside its Home.
|
|
await assertPublic(wss, ['Samples']);
|
|
|
|
// Check existing users can see that workspace
|
|
const chimpyApi = await home.createHomeApi('Chimpy', 'docs');
|
|
wss = await chimpyApi.getOrgWorkspaces('current');
|
|
assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public', 'Samples']);
|
|
assert.deepEqual(wss.map(ws => ws.isSupportWorkspace), [false, false, true]);
|
|
// Public and Private could be in either order, but Samples should be last
|
|
// (api returns workspaces in chronological order).
|
|
assert.equal(wss[2].name, 'Samples');
|
|
assert.deepEqual(wss[2].docs.map(doc => doc.id), [docId]);
|
|
await assertPublic(wss, ['Samples']);
|
|
|
|
// Check that workspace also shows up in regular orgs
|
|
const nasaApi = await home.createHomeApi('Chimpy', 'nasa');
|
|
wss = await nasaApi.getOrgWorkspaces('current');
|
|
assert.deepEqual(wss.map(ws => ws.name), ['Horizon', 'Rovers', 'Samples']);
|
|
assert.deepEqual(wss.map(ws => ws.isSupportWorkspace), [false, false, true]);
|
|
await assertPublic(wss, ['Samples']);
|
|
|
|
// Need to recreate api because of cookies
|
|
api = await home.createHomeApi('Support', 'docs');
|
|
await api.deleteWorkspace(wsId);
|
|
});
|
|
|
|
it('can share unlisted docs in personal org with all users', async function() {
|
|
const api = await home.createHomeApi('Supportish', 'docs');
|
|
await home.upgradePersonalOrg('Supportish');
|
|
const wsId = await api.newWorkspace({name: 'Samples2'}, 'current');
|
|
const docId = await api.newDoc({name: 'an example'}, wsId);
|
|
// Check other users cannot access the doc yet
|
|
const chimpyApi = await home.createHomeApi('Chimpy', 'docs', true);
|
|
await assert.isRejected(chimpyApi.getDoc(docId), /access denied/);
|
|
// Share doc with everyone
|
|
await api.updateDocPermissions(docId, {
|
|
users: {'everyone@getgrist.com': 'viewers'}
|
|
});
|
|
// Check other users can access the doc now
|
|
assert.equal((await chimpyApi.getDoc(docId)).access, 'viewers');
|
|
// Check that doc is marked as public
|
|
assert.equal((await chimpyApi.getDoc(docId)).public, true);
|
|
// Check they don't see doc listed
|
|
let wss = await chimpyApi.getOrgWorkspaces('current');
|
|
assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public']);
|
|
|
|
// Share every way possible via api
|
|
await api.updateWorkspacePermissions(wsId, {
|
|
users: {'everyone@getgrist.com': 'viewers'}
|
|
});
|
|
await assert.isRejected(api.updateOrgPermissions(0, {
|
|
users: {'everyone@getgrist.com': 'viewers'}
|
|
}), /cannot share with everyone at top level/);
|
|
// Check existing users still don't see doc listed
|
|
wss = await chimpyApi.getOrgWorkspaces('current');
|
|
assert.deepEqual(wss.map(ws => ws.name), ['Private', 'Public']);
|
|
});
|
|
|
|
it('can share unlisted docs in team sites with all users', async function() {
|
|
const chimpyApi = await home.createHomeApi('Chimpy', 'nasa', true);
|
|
const wsId = await chimpyApi.newWorkspace({name: 'Samples'}, 'current');
|
|
const docId = await chimpyApi.newDoc({name: 'an example'}, wsId);
|
|
|
|
// Check a fresh user cannot see that doc
|
|
const altApi = await home.createHomeApi('testuser', 'nasa', false, false);
|
|
await assert.isRejected(altApi.getDoc(docId), /access denied/i);
|
|
|
|
// Share doc with everyone
|
|
await chimpyApi.updateDocPermissions(docId, {
|
|
users: {'everyone@getgrist.com': 'viewers'}
|
|
});
|
|
|
|
// Check a fresh user can now see that doc
|
|
await assert.isFulfilled(altApi.getDoc(docId));
|
|
|
|
// Check that doc is marked as public
|
|
assert.equal((await altApi.getDoc(docId)).public, true);
|
|
|
|
// But can't list that doc in team site
|
|
await assert.isRejected(altApi.getOrgWorkspaces('current'), /access denied/);
|
|
|
|
// Also can't list the doc in workspace
|
|
await assert.isRejected(altApi.getWorkspace(wsId), /access denied/);
|
|
});
|
|
|
|
it('can share public docs without them being listed indirectly', async function() {
|
|
const chimpyApi = await home.createHomeApi('Chimpy', 'nasa', true);
|
|
const wsId = await chimpyApi.newWorkspace({name: 'Samples'}, 'current');
|
|
const docId = await chimpyApi.newDoc({name: 'an example'}, wsId);
|
|
const docId2 = await chimpyApi.newDoc({name: 'another example'}, wsId);
|
|
|
|
// Share one doc with everyone
|
|
await chimpyApi.updateDocPermissions(docId, {
|
|
users: {'everyone@getgrist.com': 'viewers'}
|
|
});
|
|
|
|
// Share one doc with everyone, the other with a specific test user at the doc level
|
|
const altApi = await home.createHomeApi('testuser', 'nasa', false, false);
|
|
await chimpyApi.updateDocPermissions(docId, {
|
|
users: {'everyone@getgrist.com': 'viewers'}
|
|
});
|
|
await chimpyApi.updateDocPermissions(docId2, {
|
|
users: {'testuser@getgrist.com': 'viewers'}
|
|
});
|
|
|
|
// Check test user can access both docs
|
|
await assert.isFulfilled(altApi.getDoc(docId));
|
|
await assert.isFulfilled(altApi.getDoc(docId2));
|
|
|
|
// Check test user can only list the documents shared with them
|
|
// through a route other than public sharing
|
|
assert.deepEqual((await altApi.getOrgWorkspaces('current'))[0].docs.map(doc => doc.name),
|
|
['another example']);
|
|
assert.deepEqual((await altApi.getWorkspace(wsId)).docs.map(doc => doc.name),
|
|
['another example']);
|
|
|
|
// Check that a viewer at org level can see all docs listed, and access them
|
|
// (there was a bug where a doc shared with everyone@ as viewer would get hidden
|
|
// from top-level viewers)
|
|
await chimpyApi.updateOrgPermissions('current', {
|
|
users: {'testuser2@getgrist.com': 'viewers'}
|
|
});
|
|
const altApi2 = await home.createHomeApi('testuser2', 'nasa', false, false);
|
|
await assert.isFulfilled(altApi2.getDoc(docId));
|
|
await assert.isFulfilled(altApi2.getDoc(docId2));
|
|
assert.sameMembers((await altApi2.getWorkspace(wsId)).docs.map(doc => doc.name),
|
|
['an example', 'another example']);
|
|
});
|
|
});
|