2019-05-29 05:21:06 -04:00
|
|
|
const { expect } = require('chai')
|
|
|
|
|
const async = require('async')
|
|
|
|
|
const User = require('./helpers/User')
|
|
|
|
|
const request = require('./helpers/request')
|
2021-07-07 05:38:56 -04:00
|
|
|
const settings = require('@overleaf/settings')
|
2022-03-31 06:37:15 -04:00
|
|
|
const Features = require('../../../app/src/infrastructure/Features')
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2020-07-27 06:46:27 -04:00
|
|
|
const expectErrorResponse = require('./helpers/expectErrorResponse')
|
|
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function tryReadAccess(user, projectId, test, callback) {
|
2019-05-29 05:21:06 -04:00
|
|
|
async.series(
|
|
|
|
|
[
|
|
|
|
|
cb =>
|
2019-09-30 09:21:49 -04:00
|
|
|
user.request.get(`/project/${projectId}`, (error, response, body) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
2019-09-30 09:21:49 -04:00
|
|
|
cb()
|
2019-05-29 05:21:06 -04:00
|
|
|
}),
|
|
|
|
|
cb =>
|
2019-08-07 10:04:04 -04:00
|
|
|
user.request.get(
|
2019-09-30 09:21:49 -04:00
|
|
|
`/project/${projectId}/download/zip`,
|
2019-08-07 10:04:04 -04:00
|
|
|
(error, response, body) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
2019-09-30 09:21:49 -04:00
|
|
|
cb()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2021-04-27 03:52:58 -04:00
|
|
|
),
|
2019-05-29 05:21:06 -04:00
|
|
|
],
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
function tryRenameProjectAccess(user, projectId, test, callback) {
|
|
|
|
|
user.request.post(
|
|
|
|
|
{
|
|
|
|
|
uri: `/project/${projectId}/settings`,
|
|
|
|
|
json: {
|
|
|
|
|
name: 'new name',
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
(error, response, body) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return callback(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
|
|
|
|
callback()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function trySettingsWriteAccess(user, projectId, test, callback) {
|
2019-05-29 05:21:06 -04:00
|
|
|
async.series(
|
|
|
|
|
[
|
|
|
|
|
cb =>
|
|
|
|
|
user.request.post(
|
|
|
|
|
{
|
2019-09-30 09:21:49 -04:00
|
|
|
uri: `/project/${projectId}/settings`,
|
2019-05-29 05:21:06 -04:00
|
|
|
json: {
|
2021-04-27 03:52:58 -04:00
|
|
|
compiler: 'latex',
|
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
2019-08-07 10:04:04 -04:00
|
|
|
(error, response, body) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
2019-09-30 09:21:49 -04:00
|
|
|
cb()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2021-04-27 03:52:58 -04:00
|
|
|
),
|
2019-05-29 05:21:06 -04:00
|
|
|
],
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
function tryProjectAdminAccess(user, projectId, test, callback) {
|
2019-05-29 05:21:06 -04:00
|
|
|
async.series(
|
|
|
|
|
[
|
|
|
|
|
cb =>
|
|
|
|
|
user.request.post(
|
|
|
|
|
{
|
2019-09-30 09:21:49 -04:00
|
|
|
uri: `/project/${projectId}/rename`,
|
2019-05-29 05:21:06 -04:00
|
|
|
json: {
|
2021-04-27 03:52:58 -04:00
|
|
|
newProjectName: 'new-name',
|
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
2019-08-07 10:04:04 -04:00
|
|
|
(error, response, body) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
2019-09-30 09:21:49 -04:00
|
|
|
cb()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
),
|
|
|
|
|
cb =>
|
|
|
|
|
user.request.post(
|
|
|
|
|
{
|
2019-09-30 09:21:49 -04:00
|
|
|
uri: `/project/${projectId}/settings/admin`,
|
2019-05-29 05:21:06 -04:00
|
|
|
json: {
|
2021-04-27 03:52:58 -04:00
|
|
|
publicAccessLevel: 'private',
|
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
2019-08-07 10:04:04 -04:00
|
|
|
(error, response, body) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
2019-09-30 09:21:49 -04:00
|
|
|
cb()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2021-04-27 03:52:58 -04:00
|
|
|
),
|
2019-05-29 05:21:06 -04:00
|
|
|
],
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
function tryAdminAccess(user, test, callback) {
|
|
|
|
|
async.series(
|
|
|
|
|
[
|
|
|
|
|
cb =>
|
|
|
|
|
user.request.get(
|
|
|
|
|
{
|
|
|
|
|
uri: '/admin',
|
|
|
|
|
},
|
|
|
|
|
(error, response, body) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
|
|
|
|
cb()
|
|
|
|
|
}
|
|
|
|
|
),
|
|
|
|
|
cb => {
|
|
|
|
|
if (!Features.hasFeature('saas')) {
|
|
|
|
|
return cb()
|
|
|
|
|
}
|
|
|
|
|
user.request.get(
|
|
|
|
|
{
|
|
|
|
|
uri: `/admin/user/${user._id}`,
|
|
|
|
|
},
|
|
|
|
|
(error, response, body) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return cb(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
|
|
|
|
cb()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
callback
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function tryContentAccess(user, projectId, test, callback) {
|
2019-05-29 05:21:06 -04:00
|
|
|
// The real-time service calls this end point to determine the user's
|
|
|
|
|
// permissions.
|
2019-09-30 09:21:49 -04:00
|
|
|
let userId
|
2019-05-29 05:21:06 -04:00
|
|
|
if (user.id != null) {
|
2019-09-30 09:21:49 -04:00
|
|
|
userId = user.id
|
2019-05-29 05:21:06 -04:00
|
|
|
} else {
|
2019-09-30 09:21:49 -04:00
|
|
|
userId = 'anonymous-user'
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-30 09:21:49 -04:00
|
|
|
request.post(
|
2019-05-29 05:21:06 -04:00
|
|
|
{
|
2019-09-30 09:21:49 -04:00
|
|
|
url: `/project/${projectId}/join`,
|
|
|
|
|
qs: { user_id: userId },
|
2019-05-29 05:21:06 -04:00
|
|
|
auth: {
|
|
|
|
|
user: settings.apis.web.user,
|
|
|
|
|
pass: settings.apis.web.pass,
|
2021-04-27 03:52:58 -04:00
|
|
|
sendImmediately: true,
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
json: true,
|
2021-04-27 03:52:58 -04:00
|
|
|
jar: false,
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
2019-08-07 10:04:04 -04:00
|
|
|
(error, response, body) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
if (error != null) {
|
|
|
|
|
return callback(error)
|
|
|
|
|
}
|
|
|
|
|
test(response, body)
|
2019-09-30 09:21:49 -04:00
|
|
|
callback()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
function expectAdminAccess(user, callback) {
|
|
|
|
|
tryAdminAccess(
|
|
|
|
|
user,
|
|
|
|
|
response => expect(response.statusCode).to.be.oneOf([200, 204]),
|
|
|
|
|
callback
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function expectRedirectedAdminAccess(user, callback) {
|
|
|
|
|
tryAdminAccess(
|
|
|
|
|
user,
|
|
|
|
|
response => {
|
|
|
|
|
expect(response.statusCode).to.equal(302)
|
|
|
|
|
expect(response.headers.location).to.equal(
|
|
|
|
|
settings.adminUrl + response.request.uri.pathname
|
|
|
|
|
)
|
|
|
|
|
},
|
|
|
|
|
callback
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function expectReadAccess(user, projectId, callback) {
|
2019-05-29 05:21:06 -04:00
|
|
|
async.series(
|
|
|
|
|
[
|
|
|
|
|
cb =>
|
2019-09-30 09:21:49 -04:00
|
|
|
tryReadAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-05-29 05:21:06 -04:00
|
|
|
(response, body) =>
|
|
|
|
|
expect(response.statusCode).to.be.oneOf([200, 204]),
|
|
|
|
|
cb
|
|
|
|
|
),
|
|
|
|
|
cb =>
|
2019-09-30 09:21:49 -04:00
|
|
|
tryContentAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-05-29 05:21:06 -04:00
|
|
|
(response, body) =>
|
|
|
|
|
expect(body.privilegeLevel).to.be.oneOf([
|
|
|
|
|
'owner',
|
|
|
|
|
'readAndWrite',
|
2021-04-27 03:52:58 -04:00
|
|
|
'readOnly',
|
2019-05-29 05:21:06 -04:00
|
|
|
]),
|
|
|
|
|
cb
|
2021-04-27 03:52:58 -04:00
|
|
|
),
|
2019-05-29 05:21:06 -04:00
|
|
|
],
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function expectContentWriteAccess(user, projectId, callback) {
|
|
|
|
|
tryContentAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-05-29 05:21:06 -04:00
|
|
|
(response, body) =>
|
|
|
|
|
expect(body.privilegeLevel).to.be.oneOf(['owner', 'readAndWrite']),
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
function expectRenameProjectAccess(user, projectId, callback) {
|
|
|
|
|
tryRenameProjectAccess(
|
|
|
|
|
user,
|
|
|
|
|
projectId,
|
|
|
|
|
(response, body) => {
|
|
|
|
|
expect(response.statusCode).to.be.oneOf([200, 204])
|
|
|
|
|
},
|
|
|
|
|
callback
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function expectSettingsWriteAccess(user, projectId, callback) {
|
|
|
|
|
trySettingsWriteAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-05-29 05:21:06 -04:00
|
|
|
(response, body) => expect(response.statusCode).to.be.oneOf([200, 204]),
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
function expectProjectAdminAccess(user, projectId, callback) {
|
|
|
|
|
tryProjectAdminAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-05-29 05:21:06 -04:00
|
|
|
(response, body) => expect(response.statusCode).to.be.oneOf([200, 204]),
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
function expectNoReadAccess(user, projectId, callback) {
|
2019-05-29 05:21:06 -04:00
|
|
|
async.series(
|
|
|
|
|
[
|
|
|
|
|
cb =>
|
2020-07-27 06:46:27 -04:00
|
|
|
tryReadAccess(user, projectId, expectErrorResponse.restricted.html, cb),
|
2019-05-29 05:21:06 -04:00
|
|
|
cb =>
|
2019-09-30 09:21:49 -04:00
|
|
|
tryContentAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-11-07 05:28:34 -05:00
|
|
|
(response, body) => {
|
|
|
|
|
expect(response.statusCode).to.equal(403)
|
|
|
|
|
expect(body).to.equal('Forbidden')
|
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
cb
|
2021-04-27 03:52:58 -04:00
|
|
|
),
|
2019-05-29 05:21:06 -04:00
|
|
|
],
|
|
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2019-09-30 09:21:49 -04:00
|
|
|
function expectNoContentWriteAccess(user, projectId, callback) {
|
|
|
|
|
tryContentAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2019-05-29 05:21:06 -04:00
|
|
|
(response, body) =>
|
2019-11-07 05:28:34 -05:00
|
|
|
expect(body.privilegeLevel).to.be.oneOf([undefined, null, 'readOnly']),
|
2019-05-29 05:21:06 -04:00
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
function expectNoSettingsWriteAccess(user, projectId, callback) {
|
2019-09-30 09:21:49 -04:00
|
|
|
trySettingsWriteAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
2020-07-27 06:46:27 -04:00
|
|
|
expectErrorResponse.restricted.json,
|
2019-05-29 05:21:06 -04:00
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
function expectNoRenameProjectAccess(user, projectId, callback) {
|
|
|
|
|
tryRenameProjectAccess(
|
|
|
|
|
user,
|
|
|
|
|
projectId,
|
|
|
|
|
expectErrorResponse.restricted.json,
|
|
|
|
|
callback
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
function expectNoProjectAdminAccess(user, projectId, callback) {
|
|
|
|
|
tryProjectAdminAccess(
|
2019-05-29 05:21:06 -04:00
|
|
|
user,
|
2019-09-30 09:21:49 -04:00
|
|
|
projectId,
|
|
|
|
|
(response, body) => {
|
|
|
|
|
expect(response.statusCode).to.equal(403)
|
|
|
|
|
},
|
|
|
|
|
callback
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
function expectNoAnonymousProjectAdminAccess(user, projectId, callback) {
|
|
|
|
|
tryProjectAdminAccess(
|
2019-09-30 09:21:49 -04:00
|
|
|
user,
|
|
|
|
|
projectId,
|
2020-07-27 06:46:27 -04:00
|
|
|
expectErrorResponse.requireLogin.json,
|
2019-05-29 05:21:06 -04:00
|
|
|
callback
|
|
|
|
|
)
|
2019-09-30 09:21:49 -04:00
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2020-06-04 04:47:12 -04:00
|
|
|
function expectChatAccess(user, projectId, callback) {
|
|
|
|
|
user.request.get(
|
|
|
|
|
{
|
|
|
|
|
url: `/project/${projectId}/messages`,
|
2021-04-27 03:52:58 -04:00
|
|
|
json: true,
|
2020-06-04 04:47:12 -04:00
|
|
|
},
|
|
|
|
|
(error, response) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return callback(error)
|
|
|
|
|
}
|
|
|
|
|
expect(response.statusCode).to.equal(200)
|
|
|
|
|
callback()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function expectNoChatAccess(user, projectId, callback) {
|
|
|
|
|
user.request.get(
|
|
|
|
|
{
|
|
|
|
|
url: `/project/${projectId}/messages`,
|
2021-04-27 03:52:58 -04:00
|
|
|
json: true,
|
2020-06-04 04:47:12 -04:00
|
|
|
},
|
|
|
|
|
(error, response) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return callback(error)
|
|
|
|
|
}
|
|
|
|
|
expect(response.statusCode).to.equal(403)
|
|
|
|
|
callback()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('Authorization', function () {
|
|
|
|
|
beforeEach(function (done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.timeout(90000)
|
|
|
|
|
this.owner = new User()
|
|
|
|
|
this.other1 = new User()
|
|
|
|
|
this.other2 = new User()
|
|
|
|
|
this.anon = new User()
|
|
|
|
|
this.site_admin = new User({ email: 'admin@example.com' })
|
2019-09-30 09:21:49 -04:00
|
|
|
async.parallel(
|
2019-05-29 05:21:06 -04:00
|
|
|
[
|
|
|
|
|
cb => this.owner.login(cb),
|
|
|
|
|
cb => this.other1.login(cb),
|
|
|
|
|
cb => this.other2.login(cb),
|
|
|
|
|
cb => this.anon.getCsrfToken(cb),
|
|
|
|
|
cb => {
|
2022-03-31 06:37:15 -04:00
|
|
|
this.site_admin.ensureUserExists(err => {
|
|
|
|
|
if (err) return cb(err)
|
|
|
|
|
this.site_admin.ensureAdmin(err => {
|
|
|
|
|
if (err != null) {
|
|
|
|
|
return cb(err)
|
|
|
|
|
}
|
|
|
|
|
return this.site_admin.login(cb)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
2021-04-27 03:52:58 -04:00
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
],
|
|
|
|
|
done
|
|
|
|
|
)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('private project', function () {
|
|
|
|
|
beforeEach(function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
this.owner.createProject('private-project', (error, projectId) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return done(error)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-30 09:21:49 -04:00
|
|
|
this.projectId = projectId
|
|
|
|
|
done()
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the owner read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.owner, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the owner write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectContentWriteAccess(this.owner, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the owner write access to its settings', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectSettingsWriteAccess(this.owner, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
it('should allow the owner to rename the project', function (done) {
|
|
|
|
|
expectRenameProjectAccess(this.owner, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should allow the owner project admin access to it', function (done) {
|
|
|
|
|
expectProjectAdminAccess(this.owner, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the owner user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectChatAccess(this.owner, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow another user read access to the project', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoReadAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow another user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectNoContentWriteAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow another user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.other1, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow another user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow another user project admin access to it', function (done) {
|
|
|
|
|
expectNoProjectAdminAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow another user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectNoChatAccess(this.other1, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow anonymous user read access to it', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoReadAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow anonymous user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectNoContentWriteAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow anonymous user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.anon, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow anonymous user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow anonymous user project admin access to it', function (done) {
|
|
|
|
|
expectNoAnonymousProjectAdminAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow anonymous user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectNoChatAccess(this.anon, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
describe('with admin privilege available', function () {
|
|
|
|
|
beforeEach(function () {
|
|
|
|
|
settings.adminPrivilegeAvailable = true
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should allow site admin users read access to it', function (done) {
|
|
|
|
|
expectReadAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should allow site admin users write access to its content', function (done) {
|
|
|
|
|
expectContentWriteAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should allow site admin users write access to its settings', function (done) {
|
|
|
|
|
expectSettingsWriteAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should allow site admin users to rename the project', function (done) {
|
|
|
|
|
expectRenameProjectAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should allow site admin users project admin access to it', function (done) {
|
|
|
|
|
expectProjectAdminAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should allow site admin users site admin access to site admin endpoints', function (done) {
|
|
|
|
|
expectAdminAccess(this.site_admin, done)
|
|
|
|
|
})
|
2021-09-13 09:43:46 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
describe('with admin privilege unavailable', function () {
|
|
|
|
|
beforeEach(function () {
|
|
|
|
|
settings.adminPrivilegeAvailable = false
|
|
|
|
|
})
|
|
|
|
|
afterEach(function () {
|
|
|
|
|
settings.adminPrivilegeAvailable = true
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow site admin users read access to it', function (done) {
|
|
|
|
|
expectNoReadAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow site admin users write access to its content', function (done) {
|
|
|
|
|
expectNoContentWriteAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow site admin users write access to its settings', function (done) {
|
|
|
|
|
expectNoSettingsWriteAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow site admin users to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow site admin users project admin access to it', function (done) {
|
|
|
|
|
expectNoProjectAdminAccess(this.site_admin, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should redirect site admin users when accessing site admin endpoints', function (done) {
|
|
|
|
|
expectRedirectedAdminAccess(this.site_admin, done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('shared project', function () {
|
|
|
|
|
beforeEach(function (done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.rw_user = this.other1
|
|
|
|
|
this.ro_user = this.other2
|
2019-09-30 09:21:49 -04:00
|
|
|
this.owner.createProject('private-project', (error, projectId) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return done(error)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-30 09:21:49 -04:00
|
|
|
this.projectId = projectId
|
|
|
|
|
this.owner.addUserToProject(
|
|
|
|
|
this.projectId,
|
|
|
|
|
this.ro_user,
|
|
|
|
|
'readOnly',
|
|
|
|
|
error => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return done(error)
|
|
|
|
|
}
|
|
|
|
|
this.owner.addUserToProject(
|
|
|
|
|
this.projectId,
|
|
|
|
|
this.rw_user,
|
|
|
|
|
'readAndWrite',
|
|
|
|
|
error => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return done(error)
|
|
|
|
|
}
|
|
|
|
|
done()
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the read-only user read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.ro_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the read-only user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectChatAccess(this.ro_user, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow the read-only user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectNoContentWriteAccess(this.ro_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow the read-only user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.ro_user, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow the read-only user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.ro_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow the read-only user project admin access to it', function (done) {
|
|
|
|
|
expectNoProjectAdminAccess(this.ro_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the read-write user read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.rw_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the read-write user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectContentWriteAccess(this.rw_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the read-write user write access to its settings', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectSettingsWriteAccess(this.rw_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-09-13 09:43:46 -04:00
|
|
|
it('should not allow the read-write user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.rw_user, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow the read-write user project admin access to it', function (done) {
|
|
|
|
|
expectNoProjectAdminAccess(this.rw_user, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
2020-06-04 04:47:12 -04:00
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow the read-write user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectChatAccess(this.rw_user, this.projectId, done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('public read-write project', function () {
|
|
|
|
|
beforeEach(function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
this.owner.createProject('public-rw-project', (error, projectId) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return done(error)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-30 09:21:49 -04:00
|
|
|
this.projectId = projectId
|
|
|
|
|
this.owner.makePublic(this.projectId, 'readAndWrite', done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow a user read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow a user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectContentWriteAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow a user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectChatAccess(this.other1, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow a user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.other1, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow a user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow a user project admin access to it', function (done) {
|
|
|
|
|
expectNoProjectAdminAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow an anonymous user read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow an anonymous user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectContentWriteAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow an anonymous user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectChatAccess(this.anon, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow an anonymous user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.anon, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow an anonymous user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow an anonymous user project admin access to it', function (done) {
|
|
|
|
|
expectNoAnonymousProjectAdminAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('public read-only project', function () {
|
|
|
|
|
beforeEach(function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
this.owner.createProject('public-ro-project', (error, projectId) => {
|
|
|
|
|
if (error != null) {
|
|
|
|
|
return done(error)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-09-30 09:21:49 -04:00
|
|
|
this.projectId = projectId
|
|
|
|
|
this.owner.makePublic(this.projectId, 'readOnly', done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow a user read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow a user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectNoContentWriteAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow a user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.other1, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow a user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow a user project admin access to it', function (done) {
|
|
|
|
|
expectNoProjectAdminAccess(this.other1, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2020-06-04 04:47:12 -04:00
|
|
|
// NOTE: legacy readOnly access does not count as 'restricted' in the new model
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow a user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectChatAccess(this.other1, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should allow an anonymous user read access to it', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectReadAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow an anonymous user write access to its content', function (done) {
|
2019-09-30 09:21:49 -04:00
|
|
|
expectNoContentWriteAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow an anonymous user write access to its settings', function (done) {
|
2021-09-13 09:43:46 -04:00
|
|
|
expectNoSettingsWriteAccess(this.anon, this.projectId, done)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should not allow an anonymous user to rename the project', function (done) {
|
|
|
|
|
expectNoRenameProjectAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2022-03-31 06:37:15 -04:00
|
|
|
it('should not allow an anonymous user project admin access to it', function (done) {
|
|
|
|
|
expectNoAnonymousProjectAdminAccess(this.anon, this.projectId, done)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
2020-06-04 04:47:12 -04:00
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('should not allow an anonymous user chat messages access', function (done) {
|
2020-06-04 04:47:12 -04:00
|
|
|
expectNoChatAccess(this.anon, this.projectId, done)
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
