Remove obsolete auth check

2024-11-21 20:47:08 -05:00 · 2018-05-24 10:22:17 +01:00 · 2018-05-24 10:22:17 +01:00 · 3181f624a7
commit 3181f624a7
parent 78f87c0ecf
2 changed files with 23 additions and 44 deletions
--- a/services/web/app/coffee/Features/Project/ProjectController.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectController.coffee
@ -154,20 +154,17 @@ module.exports = ProjectController =
 	projectEntitiesJson: (req, res, next) ->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		project_id = req.params.Project_id
-		AuthorizationManager.canUserReadProject user_id, project_id, null, (err, canRead) ->
+		ProjectGetter.getProject project_id, (err, project) ->
 			return next(err) if err?
-			return res.sendStatus(403) if !canRead
-			ProjectGetter.getProject project_id, (err, project) ->
+			ProjectEntityHandler.getAllEntitiesFromProject project, (err, docs, files) ->
 				return next(err) if err?
-				ProjectEntityHandler.getAllEntitiesFromProject project, (err, docs, files) ->
-					return next(err) if err?
-					entities = docs.concat(files)
-						.sort (a, b) -> a.path > b.path  # Sort by path ascending
-						.map (e) -> {
-							path: e.path,
-							type: if e.doc? then 'doc' else 'file'
-						}
-					res.json({project_id: project_id, entities: entities})
+				entities = docs.concat(files)
+					.sort (a, b) -> a.path > b.path  # Sort by path ascending
+					.map (e) -> {
+						path: e.path,
+						type: if e.doc? then 'doc' else 'file'
+					}
+				res.json({project_id: project_id, entities: entities})

 	projectListPage: (req, res, next)->
 		timer = new metrics.Timer("project-list")
--- a/services/web/test/unit/coffee/Project/ProjectControllerTests.coffee
+++ b/services/web/test/unit/coffee/Project/ProjectControllerTests.coffee
@ -562,38 +562,20 @@ describe "ProjectController", ->
 			@ProjectGetter.getProject = sinon.stub().callsArgWith(1, null, @project)
 			@ProjectEntityHandler.getAllEntitiesFromProject = sinon.stub().callsArgWith(1, null, @docs, @files)

-		describe 'when the user can access the project', ->
-			beforeEach () ->
-				@AuthorizationManager.canUserReadProject = sinon.stub().callsArgWith(3, null, true)
-
-			it 'should produce a list of entities', (done) ->
-				@res.json = (data) =>
-					expect(data).to.deep.equal {
-						project_id: 'abcd',
-						entities: [
-							{path: '/main.tex',     type: 'doc'},
-							{path: '/things/a.txt', type: 'file'},
-							{path: '/things/b.txt', type: 'doc'}
-						]
-					}
-					expect(@ProjectGetter.getProject.callCount).to.equal 1
-					expect(@ProjectEntityHandler.getAllEntitiesFromProject.callCount).to.equal 1
-					done()
-				@ProjectController.projectEntitiesJson @req, @res, @next
-
-		describe 'when the user cannot access the project', ->
-			beforeEach () ->
-				@AuthorizationManager.canUserReadProject = sinon.stub().callsArgWith(3, null, false)
-
-			it 'should send a 403 response', (done) ->
-				@res.json = sinon.stub()
-				@res.sendStatus = (code) =>
-					expect(code).to.equal 403
-					expect(@ProjectGetter.getProject.callCount).to.equal 0
-					expect(@ProjectEntityHandler.getAllEntitiesFromProject.callCount).to.equal 0
-					expect(@res.json.callCount).to.equal 0
-					done()
-				@ProjectController.projectEntitiesJson @req, @res, @next
+		it 'should produce a list of entities', (done) ->
+			@res.json = (data) =>
+				expect(data).to.deep.equal {
+					project_id: 'abcd',
+					entities: [
+						{path: '/main.tex',     type: 'doc'},
+						{path: '/things/a.txt', type: 'file'},
+						{path: '/things/b.txt', type: 'doc'}
+					]
+				}
+				expect(@ProjectGetter.getProject.callCount).to.equal 1
+				expect(@ProjectEntityHandler.getAllEntitiesFromProject.callCount).to.equal 1
+				done()
+			@ProjectController.projectEntitiesJson @req, @res, @next

 	describe '_isInPercentageRollout', ->
 		before ->