Merge pull request #2331 from overleaf/sk-fix-restricted-users-none

Restricted users: fix case when privilege level is false GitOrigin-RevId: efc2f80ab326ab07abef303e1db98e3586d3759b
2024-09-16 02:52:31 -04:00 · 2019-11-07 10:28:09 +00:00 · 2019-11-07 10:28:09 +00:00 · 2da14bcc77
commit 2da14bcc77
parent 2c0c21554a
2 changed files with 10 additions and 3 deletions
--- a/services/web/app/src/Features/Authorization/AuthorizationManager.js
+++ b/services/web/app/src/Features/Authorization/AuthorizationManager.js
@ -11,16 +11,19 @@ const TokenAccessHandler = require('../TokenAccess/TokenAccessHandler')

 module.exports = AuthorizationManager = {
  isRestrictedUser(userId, privilegeLevel, isTokenMember) {
+    if (privilegeLevel === PrivilegeLevels.NONE) {
+      return true
+    }
    return (
      privilegeLevel === PrivilegeLevels.READ_ONLY && (isTokenMember || !userId)
    )
  },

-  isRestrictedUserForProject(userId, projectId, callback) {
+  isRestrictedUserForProject(userId, projectId, token, callback) {
    this.getPrivilegeLevelForProject(
      userId,
      projectId,
-      null,
+      token,
      (err, privilegeLevel) => {
        if (err) {
          return callback(err)
--- a/services/web/test/unit/src/Authorization/AuthorizationManagerTests.js
+++ b/services/web/test/unit/src/Authorization/AuthorizationManagerTests.js
@ -55,7 +55,11 @@ describe('AuthorizationManager', function() {
      ]
      const restrictedScenarios = [
        [null, 'readOnly', false],
-        ['id', 'readOnly', true]
+        ['id', 'readOnly', true],
+        [null, false, true],
+        [null, false, false],
+        ['id', false, true],
+        ['id', false, false]
      ]
      for (var notRestrictedArgs of notRestrictedScenarios) {
        expect(