Remove obsolete auth check

services/web/app/coffee/Features/Project/ProjectController.coffee

@@ -154,20 +154,17 @@ module.exports = ProjectController =
 	projectEntitiesJson: (req, res, next) ->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		project_id = req.params.Project_id
-		AuthorizationManager.canUserReadProject user_id, project_id, null, (err, canRead) ->
+		ProjectGetter.getProject project_id, (err, project) ->
 			return next(err) if err?
-			return res.sendStatus(403) if !canRead
+			ProjectEntityHandler.getAllEntitiesFromProject project, (err, docs, files) ->
-			ProjectGetter.getProject project_id, (err, project) ->
 				return next(err) if err?
-				ProjectEntityHandler.getAllEntitiesFromProject project, (err, docs, files) ->
+				entities = docs.concat(files)
-					return next(err) if err?
+					.sort (a, b) -> a.path > b.path  # Sort by path ascending
-					entities = docs.concat(files)
+					.map (e) -> {
-						.sort (a, b) -> a.path > b.path  # Sort by path ascending
+						path: e.path,
-						.map (e) -> {
+						type: if e.doc? then 'doc' else 'file'
-							path: e.path,
+					}
-							type: if e.doc? then 'doc' else 'file'
+				res.json({project_id: project_id, entities: entities})
-						}
-					res.json({project_id: project_id, entities: entities})
 
 	projectListPage: (req, res, next)->
 		timer = new metrics.Timer("project-list")

services/web/test/unit/coffee/Project/ProjectControllerTests.coffee

@@ -562,38 +562,20 @@ describe "ProjectController", ->
 			@ProjectGetter.getProject = sinon.stub().callsArgWith(1, null, @project)
 			@ProjectEntityHandler.getAllEntitiesFromProject = sinon.stub().callsArgWith(1, null, @docs, @files)
 
-		describe 'when the user can access the project', ->
+		it 'should produce a list of entities', (done) ->
-			beforeEach () ->
+			@res.json = (data) =>
-				@AuthorizationManager.canUserReadProject = sinon.stub().callsArgWith(3, null, true)
+				expect(data).to.deep.equal {
-
+					project_id: 'abcd',
-			it 'should produce a list of entities', (done) ->
+					entities: [
-				@res.json = (data) =>
+						{path: '/main.tex',     type: 'doc'},
-					expect(data).to.deep.equal {
+						{path: '/things/a.txt', type: 'file'},
-						project_id: 'abcd',
+						{path: '/things/b.txt', type: 'doc'}
-						entities: [
+					]
-							{path: '/main.tex',     type: 'doc'},
+				}
-							{path: '/things/a.txt', type: 'file'},
+				expect(@ProjectGetter.getProject.callCount).to.equal 1
-							{path: '/things/b.txt', type: 'doc'}
+				expect(@ProjectEntityHandler.getAllEntitiesFromProject.callCount).to.equal 1
-						]
+				done()
-					}
+			@ProjectController.projectEntitiesJson @req, @res, @next
-					expect(@ProjectGetter.getProject.callCount).to.equal 1
-					expect(@ProjectEntityHandler.getAllEntitiesFromProject.callCount).to.equal 1
-					done()
-				@ProjectController.projectEntitiesJson @req, @res, @next
-
-		describe 'when the user cannot access the project', ->
-			beforeEach () ->
-				@AuthorizationManager.canUserReadProject = sinon.stub().callsArgWith(3, null, false)
-
-			it 'should send a 403 response', (done) ->
-				@res.json = sinon.stub()
-				@res.sendStatus = (code) =>
-					expect(code).to.equal 403
-					expect(@ProjectGetter.getProject.callCount).to.equal 0
-					expect(@ProjectEntityHandler.getAllEntitiesFromProject.callCount).to.equal 0
-					expect(@res.json.callCount).to.equal 0
-					done()
-				@ProjectController.projectEntitiesJson @req, @res, @next
 
 	describe '_isInPercentageRollout', ->
 		before ->