github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-07 20:31:06 -05:00
Code Issues Projects Releases Packages Wiki Activity

Filter "comments" if restricted user.

Browse source
This commit is contained in:
Shane Kilkelly 2019-10-30 10:15:20 +00:00
parent 403caa65e8
commit 6df88ebc49
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
services/real-time/app/coffee/WebsocketController.coffee
View file

@ -85,7 +85,7 @@ module.exports = WebsocketController =
joinDoc: (client, doc_id, fromVersion = -1, options, callback = (error, doclines, version, ops, ranges) ->) ->
metrics.inc "editor.join-doc"
Utils.getClientAttributes client, ["project_id", "user_id"], (error, {project_id, user_id}) ->
Utils.getClientAttributes client, ["project_id", "user_id", "is_restricted_user"], (error, {project_id, user_id, is_restricted_user}) ->
return callback(error) if error?
return callback(new Error("no project_id found on client")) if !project_id?
logger.log {user_id, project_id, doc_id, fromVersion, client_id: client.id}, "client joining doc"
@ -99,6 +99,9 @@ module.exports = WebsocketController =
DocumentUpdaterManager.getDocument project_id, doc_id, fromVersion, (error, lines, version, ranges, ops) ->
return callback(error) if error?
if is_restricted_user and ranges?.comments?
ranges.comments = []
# Encode any binary bits of data so it can go via WebSockets
# See http://ecmanaut.blogspot.co.uk/2006/07/encoding-decoding-utf8-in-javascript.html
encodeForWebsockets = (text) -> unescape(encodeURIComponent(text))

11
services/real-time/test/unit/coffee/WebsocketControllerTests.coffee
View file

@ -238,6 +238,7 @@ describe 'WebsocketController', ->
@options = {}
@client.params.project_id = @project_id
@client.params.is_restricted_user = false
@AuthorizationManager.addAccessToDoc = sinon.stub()
@AuthorizationManager.assertClientCanViewProject = sinon.stub().callsArgWith(1, null)
@DocumentUpdaterManager.getDocument = sinon.stub().callsArgWith(3, null, @doc_lines, @version, @ranges, @ops)
@ -338,6 +339,16 @@ describe 'WebsocketController', ->
it "should not call the DocumentUpdaterManager", ->
@DocumentUpdaterManager.getDocument.called.should.equal false
describe "with a restricted client", ->
beforeEach ->
@ranges.comments = [{op: {a: 1}}, {op: {a: 2}}]
@client.params.is_restricted_user = true
@WebsocketController.joinDoc @client, @doc_id, -1, @options, @callback
it "should overwrite ranges.comments with an empty list", ->
ranges = @callback.args[0][4]
expect(ranges.comments).to.deep.equal []
describe "leaveDoc", ->
beforeEach ->
@doc_id = "doc-id-123"