github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2025-04-21 03:13:42 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1234 from sharelatex/ta-teamplate-without-brand-metrics

Browse source 
Handle Access for Template Without Brands

GitOrigin-RevId: f1127298fcede8075b31f6b1bc7161f474817a7e
This commit is contained in:
Shane Kilkelly 2018-12-06 13:52:41 +00:00 committed by sharelatex
parent f3a10ac221
commit 231d89477b
2 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/web/app/coffee/Features/UserMembership/UserMembershipAuthorization.coffee
View file

@ -50,7 +50,10 @@ module.exports = UserMembershipAuthorization =
req.template =
id: body.id
title: body.title
requireAccessToEntity('publisher', body.brand.slug, req, res, next)
if body?.brand?.slug
requireAccessToEntity('publisher', body.brand.slug, req, res, next)
else
AuthorizationMiddlewear.ensureUserIsSiteAdmin(req, res, next)
requireGraphAccess: (req, res, next) ->
if req.query.resource_type == 'template'

15
services/web/test/unit/coffee/UserMembership/UserMembershipAuthorizationTests.coffee
View file

@ -21,6 +21,7 @@ describe "UserMembershipAuthorization", ->
getEntityWithoutAuthorizationCheck: sinon.stub().yields(null, @subscription)
@AuthorizationMiddlewear =
redirectToRestricted: sinon.stub().yields()
ensureUserIsSiteAdmin: sinon.stub().yields()
@UserMembershipAuthorization = SandboxedModule.require modulePath, requires:
'../Authentication/AuthenticationController': @AuthenticationController
'../Authorization/AuthorizationMiddlewear': @AuthorizationMiddlewear
@ -132,7 +133,7 @@ describe "UserMembershipAuthorization", ->
)
done()
it 'handle template access', (done) ->
it 'handle template with brand access', (done) ->
templateData =
id: 123
title: 'Template Title'
@ -147,6 +148,18 @@ describe "UserMembershipAuthorization", ->
)
done()
it 'handle template without brand access', (done) ->
templateData =
id: 123
title: 'Template Title'
brand: null
@request.yields(null, { statusCode: 200 }, JSON.stringify(templateData))
@UserMembershipAuthorization.requireTemplateAccess @req, null, (error) =>
expect(error).to.not.extist
sinon.assert.notCalled(@UserMembershipHandler.getEntity)
sinon.assert.calledOnce(@AuthorizationMiddlewear.ensureUserIsSiteAdmin)
done()
it 'handle graph access', (done) ->
@req.query.resource_id = 'mock-resource-id'
@req.query.resource_type = 'institution'