Merge pull request #2959 from overleaf/em-admin-only-texlive-images

Admin only TeX Live images

GitOrigin-RevId: 428896c4e5512053bd7fa6c618ff64efd1a6141a

services/web/app/src/Features/Project/ProjectController.js

@@ -1,7 +1,3 @@
-/* eslint-disable
-   camelcase
-*/
-
 const Path = require('path')
 const fs = require('fs')
 const crypto = require('crypto')
@@ -253,7 +249,7 @@ const ProjectController = {
       return res.send({ redir: '/register' })
     }
     const currentUser = AuthenticationController.getSessionUser(req)
-    const { first_name, last_name, email } = currentUser
+    const { first_name: firstName, last_name: lastName, email } = currentUser
     ProjectDuplicator.duplicate(
       currentUser,
       projectId,
@@ -270,7 +266,12 @@ const ProjectController = {
           name: project.name,
           project_id: project._id,
           owner_ref: project.owner_ref,
-          owner: { first_name, last_name, email, _id: currentUser._id }
+          owner: {
+            first_name: firstName,
+            last_name: lastName,
+            email,
+            _id: currentUser._id
+          }
         })
       }
     )
@@ -585,16 +586,18 @@ const ProjectController = {
   },
 
   loadEditor(req, res, next) {
-    let anonymous, userId
     const timer = new metrics.Timer('load-editor')
     if (!Settings.editorIsOpen) {
       return res.render('general/closed', { title: 'updating_site' })
     }
 
+    let anonymous, userId, sessionUser
     if (AuthenticationController.isUserLoggedIn(req)) {
+      sessionUser = AuthenticationController.getSessionUser(req)
       userId = AuthenticationController.getLoggedInUserId(req)
       anonymous = false
     } else {
+      sessionUser = null
       anonymous = true
       userId = null
     }
@@ -694,6 +697,9 @@ const ProjectController = {
           projectId
         )
         const { isTokenMember } = results
+        const allowedImageNames = ProjectHelper.getAllowedImagesForUser(
+          sessionUser
+        )
         AuthorizationManager.getPrivilegeLevelForProject(
           userId,
           projectId,
@@ -797,7 +803,7 @@ const ProjectController = {
                 project.overleaf.history &&
                 Boolean(project.overleaf.history.display),
               brandVariation,
-              allowedImageNames: Settings.allowedImageNames || [],
+              allowedImageNames,
               gitBridgePublicBaseUrl: Settings.gitBridgePublicBaseUrl,
               wsUrl,
               showSupport: Features.hasFeature('support')

services/web/app/src/Features/Project/ProjectHelper.js

@@ -1,176 +1,162 @@
-/* eslint-disable
-    handle-callback-err,
-    max-len,
-*/
-// TODO: This file was created by bulk-decaffeinate.
-// Fix any style issues and re-enable lint.
-/*
- * decaffeinate suggestions:
- * DS101: Remove unnecessary use of Array.from
- * DS102: Remove unnecessary code created because of implicit returns
- * DS207: Consider shorter variations of null checks
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
- */
+const { ObjectId } = require('../../infrastructure/mongojs')
+const _ = require('lodash')
+const { promisify } = require('util')
+const Settings = require('settings-sharelatex')
+
 const ENGINE_TO_COMPILER_MAP = {
   latex_dvipdf: 'latex',
   pdflatex: 'pdflatex',
   xelatex: 'xelatex',
   lualatex: 'lualatex'
 }
-const { ObjectId } = require('../../infrastructure/mongojs')
-const _ = require('lodash')
-const { promisify } = require('util')
 
-const ProjectHelper = {
-  compilerFromV1Engine(engine) {
-    return ENGINE_TO_COMPILER_MAP[engine]
-  },
-
-  isArchived(project, userId) {
-    userId = ObjectId(userId)
-
-    if (Array.isArray(project.archived)) {
-      return project.archived.find(id => id.equals(userId)) !== undefined
-    } else {
-      return !!project.archived
-    }
-  },
-
-  isTrashed(project, userId) {
-    userId = ObjectId(userId)
-
-    if (project.trashed) {
-      return project.trashed.find(id => id.equals(userId)) !== undefined
-    } else {
-      return false
-    }
-  },
-
-  isArchivedOrTrashed(project, userId) {
-    return (
-      ProjectHelper.isArchived(project, userId) ||
-      ProjectHelper.isTrashed(project, userId)
-    )
-  },
-
-  allCollaborators(project) {
-    return _.unionWith(
-      [project.owner_ref],
-      project.collaberator_refs,
-      project.readOnly_refs,
-      project.tokenAccessReadAndWrite_refs,
-      project.tokenAccessReadOnly_refs,
-      ProjectHelper._objectIdEquals
-    )
-  },
-
-  calculateArchivedArray(project, userId, action) {
-    let archived = project.archived
-    userId = ObjectId(userId)
-
-    if (archived === true) {
-      archived = ProjectHelper.allCollaborators(project)
-    } else if (!archived) {
-      archived = []
-    }
-
-    if (action === 'ARCHIVE') {
-      archived = _.unionWith(archived, [userId], ProjectHelper._objectIdEquals)
-    } else if (action === 'UNARCHIVE') {
-      archived = archived.filter(
-        id => !ProjectHelper._objectIdEquals(id, userId)
-      )
-    } else {
-      throw new Error('Unrecognised action')
-    }
-
-    return archived
-  },
-
-  ensureNameIsUnique(nameList, name, suffixes, maxLength, callback) {
-    // create a set of all project names
-    if (suffixes == null) {
-      suffixes = []
-    }
-    if (callback == null) {
-      callback = function(error, name) {}
-    }
-    const allNames = new Set(nameList)
-    const isUnique = x => !allNames.has(x)
-    // check if the supplied name is already unique
-    if (isUnique(name)) {
-      return callback(null, name)
-    }
-    // the name already exists, try adding the user-supplied suffixes to generate a unique name
-    for (let suffix of Array.from(suffixes)) {
-      const candidateName = ProjectHelper._addSuffixToProjectName(
-        name,
-        suffix,
-        maxLength
-      )
-      if (isUnique(candidateName)) {
-        return callback(null, candidateName)
-      }
-    }
-    // if there are no (more) suffixes, use a numeric one
-    const uniqueName = ProjectHelper._addNumericSuffixToProjectName(
-      name,
-      allNames,
-      maxLength
-    )
-    if (uniqueName != null) {
-      return callback(null, uniqueName)
-    } else {
-      return callback(
-        new Error(`Failed to generate a unique name for: ${name}`)
-      )
-    }
-  },
-
-  _objectIdEquals(firstVal, secondVal) {
-    // For use as a comparator for unionWith
-    return firstVal.toString() === secondVal.toString()
-  },
-
-  _addSuffixToProjectName(name, suffix, maxLength) {
-    // append the suffix and truncate the project title if needed
-    if (suffix == null) {
-      suffix = ''
-    }
-    const truncatedLength = maxLength - suffix.length
-    return name.substr(0, truncatedLength) + suffix
-  },
-
-  _addNumericSuffixToProjectName(name, allProjectNames, maxLength) {
-    const NUMERIC_SUFFIX_MATCH = / \((\d+)\)$/
-    const suffixedName = function(basename, number) {
-      const suffix = ` (${number})`
-      return basename.substr(0, maxLength - suffix.length) + suffix
-    }
-
-    const match = name.match(NUMERIC_SUFFIX_MATCH)
-    let basename = name
-    let n = 1
-    const last = allProjectNames.size + n
-
-    if (match != null) {
-      basename = name.replace(NUMERIC_SUFFIX_MATCH, '')
-      n = parseInt(match[1])
-    }
-
-    while (n <= last) {
-      const candidate = suffixedName(basename, n)
-      if (!allProjectNames.has(candidate)) {
-        return candidate
-      }
-      n += 1
-    }
-
-    return null
+module.exports = {
+  compilerFromV1Engine,
+  isArchived,
+  isTrashed,
+  isArchivedOrTrashed,
+  calculateArchivedArray,
+  ensureNameIsUnique,
+  getAllowedImagesForUser,
+  promises: {
+    ensureNameIsUnique: promisify(ensureNameIsUnique)
   }
 }
 
-ProjectHelper.promises = {
-  ensureNameIsUnique: promisify(ProjectHelper.ensureNameIsUnique)
+function compilerFromV1Engine(engine) {
+  return ENGINE_TO_COMPILER_MAP[engine]
+}
+
+function isArchived(project, userId) {
+  userId = ObjectId(userId)
+
+  if (Array.isArray(project.archived)) {
+    return project.archived.some(id => id.equals(userId))
+  } else {
+    return !!project.archived
+  }
+}
+
+function isTrashed(project, userId) {
+  userId = ObjectId(userId)
+
+  if (project.trashed) {
+    return project.trashed.some(id => id.equals(userId))
+  } else {
+    return false
+  }
+}
+
+function isArchivedOrTrashed(project, userId) {
+  return isArchived(project, userId) || isTrashed(project, userId)
+}
+
+function _allCollaborators(project) {
+  return _.unionWith(
+    [project.owner_ref],
+    project.collaberator_refs,
+    project.readOnly_refs,
+    project.tokenAccessReadAndWrite_refs,
+    project.tokenAccessReadOnly_refs,
+    _objectIdEquals
+  )
+}
+
+function calculateArchivedArray(project, userId, action) {
+  let archived = project.archived
+  userId = ObjectId(userId)
+
+  if (archived === true) {
+    archived = _allCollaborators(project)
+  } else if (!archived) {
+    archived = []
+  }
+
+  if (action === 'ARCHIVE') {
+    archived = _.unionWith(archived, [userId], _objectIdEquals)
+  } else if (action === 'UNARCHIVE') {
+    archived = archived.filter(id => !_objectIdEquals(id, userId))
+  } else {
+    throw new Error('Unrecognised action')
+  }
+
+  return archived
+}
+
+function ensureNameIsUnique(nameList, name, suffixes, maxLength, callback) {
+  // create a set of all project names
+  if (suffixes == null) {
+    suffixes = []
+  }
+  const allNames = new Set(nameList)
+  const isUnique = x => !allNames.has(x)
+  // check if the supplied name is already unique
+  if (isUnique(name)) {
+    return callback(null, name)
+  }
+  // the name already exists, try adding the user-supplied suffixes to generate a unique name
+  for (const suffix of suffixes) {
+    const candidateName = _addSuffixToProjectName(name, suffix, maxLength)
+    if (isUnique(candidateName)) {
+      return callback(null, candidateName)
+    }
+  }
+  // if there are no (more) suffixes, use a numeric one
+  const uniqueName = _addNumericSuffixToProjectName(name, allNames, maxLength)
+  if (uniqueName != null) {
+    callback(null, uniqueName)
+  } else {
+    callback(new Error(`Failed to generate a unique name for: ${name}`))
+  }
+}
+
+function _objectIdEquals(firstVal, secondVal) {
+  // For use as a comparator for unionWith
+  return firstVal.toString() === secondVal.toString()
+}
+
+function _addSuffixToProjectName(name, suffix, maxLength) {
+  // append the suffix and truncate the project title if needed
+  if (suffix == null) {
+    suffix = ''
+  }
+  const truncatedLength = maxLength - suffix.length
+  return name.substr(0, truncatedLength) + suffix
+}
+
+function _addNumericSuffixToProjectName(name, allProjectNames, maxLength) {
+  const NUMERIC_SUFFIX_MATCH = / \((\d+)\)$/
+  const suffixedName = function(basename, number) {
+    const suffix = ` (${number})`
+    return basename.substr(0, maxLength - suffix.length) + suffix
+  }
+
+  const match = name.match(NUMERIC_SUFFIX_MATCH)
+  let basename = name
+  let n = 1
+  const last = allProjectNames.size + n
+
+  if (match != null) {
+    basename = name.replace(NUMERIC_SUFFIX_MATCH, '')
+    n = parseInt(match[1])
+  }
+
+  while (n <= last) {
+    const candidate = suffixedName(basename, n)
+    if (!allProjectNames.has(candidate)) {
+      return candidate
+    }
+    n += 1
+  }
+
+  return null
+}
+
+function getAllowedImagesForUser(sessionUser) {
+  const images = Settings.allowedImageNames || []
+  if (sessionUser && sessionUser.isAdmin) {
+    return images
+  } else {
+    return images.filter(image => !image.adminOnly)
+  }
 }
-module.exports = ProjectHelper

services/web/test/unit/src/Project/ProjectControllerTests.js

@@ -75,7 +75,8 @@ describe('ProjectController', function() {
     this.ProjectHelper = {
       isArchived: sinon.stub(),
       isTrashed: sinon.stub(),
-      isArchivedOrTrashed: sinon.stub()
+      isArchivedOrTrashed: sinon.stub(),
+      getAllowedImagesForUser: sinon.stub().returns([])
     }
     this.AuthenticationController = {
       getLoggedInUser: sinon.stub().callsArgWith(1, null, this.user),

services/web/test/unit/src/Project/ProjectHelperTests.js

@@ -1,23 +1,10 @@
-/* eslint-disable
-    max-len,
-    no-return-assign,
-    no-unused-vars,
-*/
-// TODO: This file was created by bulk-decaffeinate.
-// Fix any style issues and re-enable lint.
-/*
- * decaffeinate suggestions:
- * DS102: Remove unnecessary code created because of implicit returns
- * Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
- */
-const sinon = require('sinon')
 const chai = require('chai')
-const should = chai.should()
 const { expect } = chai
-const modulePath = '../../../../app/src/Features/Project/ProjectHelper.js'
 const SandboxedModule = require('sandboxed-module')
 const { ObjectId } = require('mongojs')
 
+const MODULE_PATH = '../../../../app/src/Features/Project/ProjectHelper.js'
+
 describe('ProjectHelper', function() {
   beforeEach(function() {
     this.project = {
@@ -30,7 +17,28 @@ describe('ProjectHelper', function() {
       features: {}
     }
 
-    return (this.ProjectHelper = SandboxedModule.require(modulePath))
+    this.adminUser = {
+      _id: 'admin-user-id',
+      isAdmin: true
+    }
+
+    this.Settings = {
+      allowedImageNames: [
+        { imageName: 'texlive-full:2018.1', imageDesc: 'TeX Live 2018' },
+        { imageName: 'texlive-full:2019.1', imageDesc: 'TeX Live 2019' },
+        {
+          imageName: 'texlive-full:2020.1',
+          imageDesc: 'TeX Live 2020',
+          adminOnly: true
+        }
+      ]
+    }
+
+    this.ProjectHelper = SandboxedModule.require(MODULE_PATH, {
+      requires: {
+        'settings-sharelatex': this.Settings
+      }
+    })
   })
 
   describe('isArchived', function() {
@@ -233,30 +241,57 @@ describe('ProjectHelper', function() {
 
   describe('compilerFromV1Engine', function() {
     it('returns the correct engine for latex_dvipdf', function() {
-      return expect(
-        this.ProjectHelper.compilerFromV1Engine('latex_dvipdf')
-      ).to.equal('latex')
+      expect(this.ProjectHelper.compilerFromV1Engine('latex_dvipdf')).to.equal(
+        'latex'
+      )
     })
 
     it('returns the correct engine for pdflatex', function() {
-      return expect(
-        this.ProjectHelper.compilerFromV1Engine('pdflatex')
-      ).to.equal('pdflatex')
+      expect(this.ProjectHelper.compilerFromV1Engine('pdflatex')).to.equal(
+        'pdflatex'
+      )
     })
 
     it('returns the correct engine for xelatex', function() {
-      return expect(
-        this.ProjectHelper.compilerFromV1Engine('xelatex')
-      ).to.equal('xelatex')
+      expect(this.ProjectHelper.compilerFromV1Engine('xelatex')).to.equal(
+        'xelatex'
+      )
     })
 
     it('returns the correct engine for lualatex', function() {
-      return expect(
-        this.ProjectHelper.compilerFromV1Engine('lualatex')
-      ).to.equal('lualatex')
+      expect(this.ProjectHelper.compilerFromV1Engine('lualatex')).to.equal(
+        'lualatex'
+      )
+    })
+  })
+
+  describe('getAllowedImagesForUser', function() {
+    it('filters out admin-only images when the user is anonymous', function() {
+      const images = this.ProjectHelper.getAllowedImagesForUser(null)
+      const imageNames = images.map(image => image.imageName)
+      expect(imageNames).to.deep.equal([
+        'texlive-full:2018.1',
+        'texlive-full:2019.1'
+      ])
+    })
+
+    it('filters out admin-only images when the user is not admin', function() {
+      const images = this.ProjectHelper.getAllowedImagesForUser(this.user)
+      const imageNames = images.map(image => image.imageName)
+      expect(imageNames).to.deep.equal([
+        'texlive-full:2018.1',
+        'texlive-full:2019.1'
+      ])
+    })
+
+    it('returns all images when the user is admin', function() {
+      const images = this.ProjectHelper.getAllowedImagesForUser(this.adminUser)
+      const imageNames = images.map(image => image.imageName)
+      expect(imageNames).to.deep.equal([
+        'texlive-full:2018.1',
+        'texlive-full:2019.1',
+        'texlive-full:2020.1'
+      ])
     })
   })
 })
-
-// describe "ensureNameIsUnique", ->
-// see tests for: ProjectDetailsHandler.generateUniqueName, which calls here.