Merge pull request #17830 from overleaf/rh-reduce-staff-access-session

[web] Reduce size of staffAccess field in session GitOrigin-RevId: 7745dc595e8096caef04fd140b47532f0775f165
2024-11-21 20:47:08 -05:00 · 2024-04-12 08:39:51 +01:00 · 2024-04-12 08:39:51 +01:00 · 754609f379
commit 754609f379
parent f5ac5b0ed3
2 changed files with 100 additions and 2 deletions
--- a/services/web/app/src/Features/Authentication/AuthenticationController.js
+++ b/services/web/app/src/Features/Authentication/AuthenticationController.js
@ -50,6 +50,20 @@ function checkCredentials(userDetailsMap, user, password) {
  return isValid
 }

+function reduceStaffAccess(staffAccess) {
+  const reducedStaffAccess = {}
+  for (const field in staffAccess) {
+    if (staffAccess[field]) {
+      reducedStaffAccess[field] = true
+    }
+  }
+  return reducedStaffAccess
+}
+
+function userHasStaffAccess(user) {
+  return user.staffAccess && Object.values(user.staffAccess).includes(true)
+}
+
 const AuthenticationController = {
  serializeUser(user, callback) {
    if (!user._id || !user.email) {
@ -61,8 +75,6 @@ const AuthenticationController = {
      _id: user._id,
      first_name: user.first_name,
      last_name: user.last_name,
-      isAdmin: user.isAdmin,
-      staffAccess: user.staffAccess,
      email: user.email,
      referal_id: user.referal_id,
      session_created: new Date().toISOString(),
@ -73,6 +85,13 @@ const AuthenticationController = {
      alphaProgram: user.alphaProgram || undefined, // only store if set
      betaProgram: user.betaProgram || undefined, // only store if set
    }
+    if (user.isAdmin) {
+      lightUser.isAdmin = true
+    }
+    if (userHasStaffAccess(user)) {
+      lightUser.staffAccess = reduceStaffAccess(user.staffAccess)
+    }
+
    callback(null, lightUser)
  },

--- a/services/web/test/unit/src/Authentication/AuthenticationControllerTests.js
+++ b/services/web/test/unit/src/Authentication/AuthenticationControllerTests.js
@ -24,6 +24,34 @@ describe('AuthenticationController', function () {
      referal_id: 1234,
      isAdmin: false,
    }
+    this.staffUser = {
+      ...this.user,
+      staffAccess: {
+        publisherMetrics: true,
+        publisherManagement: false,
+        institutionMetrics: true,
+        institutionManagement: false,
+        groupMetrics: true,
+        groupManagement: false,
+        adminMetrics: true,
+        splitTestMetrics: false,
+        splitTestManagement: true,
+      },
+    }
+    this.noStaffAccessUser = {
+      ...this.user,
+      staffAccess: {
+        publisherMetrics: false,
+        publisherManagement: false,
+        institutionMetrics: false,
+        institutionManagement: false,
+        groupMetrics: false,
+        groupManagement: false,
+        adminMetrics: false,
+        splitTestMetrics: false,
+        splitTestManagement: false,
+      },
+    }
    this.password = 'banana'
    this.req = new MockRequest()
    this.res = new MockResponse()
@ -181,6 +209,57 @@ describe('AuthenticationController', function () {
    })
  })

+  describe('serializeUser', function () {
+    describe('when isAdmin is false', function () {
+      it('does not return an isAdmin field', function () {
+        const isAdminMatcher = sinon.match(value => {
+          return !('isAdmin' in value)
+        })
+
+        this.AuthenticationController.serializeUser(this.user, this.callback)
+        expect(this.callback).to.have.been.calledWith(null, isAdminMatcher)
+      })
+    })
+
+    describe('when staffAccess fields are provided', function () {
+      it('only returns the fields set to true', function () {
+        const expectedStaffAccess = {
+          publisherMetrics: true,
+          institutionMetrics: true,
+          groupMetrics: true,
+          adminMetrics: true,
+          splitTestManagement: true,
+        }
+        const staffAccessMatcher = sinon.match(value => {
+          return (
+            Object.keys(value.staffAccess).length ===
+            Object.keys(expectedStaffAccess).length
+          )
+        })
+
+        this.AuthenticationController.serializeUser(
+          this.staffUser,
+          this.callback
+        )
+        expect(this.callback).to.have.been.calledWith(null, staffAccessMatcher)
+      })
+    })
+
+    describe('when all staffAccess fields are false', function () {
+      it('no staffAccess attribute is set', function () {
+        const staffAccessMatcher = sinon.match(value => {
+          return !('staffAccess' in value)
+        })
+
+        this.AuthenticationController.serializeUser(
+          this.noStaffAccessUser,
+          this.callback
+        )
+        expect(this.callback).to.have.been.calledWith(null, staffAccessMatcher)
+      })
+    })
+  })
+
  describe('passportLogin', function () {
    beforeEach(function () {
      this.info = null