If user tries to invite themselves to project, don't.

2025-03-22 02:04:31 +00:00 · 2017-01-16 13:45:01 +00:00 · 2017-01-16 13:45:01 +00:00 · 82ddeab2bd
commit 82ddeab2bd
parent 962a4d5039
3 changed files with 36 additions and 0 deletions
--- a/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee
+++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee
@ -37,6 +37,9 @@ module.exports = CollaboratorsInviteController =
 		email = req.body.email
 		sendingUser = AuthenticationController.getSessionUser(req)
 		sendingUserId = sendingUser._id
+		if email == sendingUser.email
+			logger.log {projectId, email, sendingUserId}, "cannot invite yourself to project"
+			return res.json {invite: null, error: 'cannot_invite_self'}
 		logger.log {projectId, email, sendingUserId}, "inviting to project"
 		LimitationsManager.canAddXCollaborators projectId, 1, (error, allowed) =>
 			return next(error) if error?
--- a/services/web/app/views/project/editor/share.jade
+++ b/services/web/app/views/project/editor/share.jade
@ -144,6 +144,8 @@ script(type='text/ng-template', id='shareProjectModalTemplate')
 				span(ng-switch="state.errorReason")
 					span(ng-switch-when="cannot_invite_non_user")
 						| #{translate("cannot_invite_non_user")}
+					span(ng-switch-when="cannot_invite_self")
+						| #{translate("cannot_invite_self")}
 					span(ng-switch-default)
 						| #{translate("generic_something_went_wrong")}
 		button.btn.btn-default(
--- a/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee
@ -255,6 +255,37 @@ describe "CollaboratorsInviteController", ->
 			it 'should not have called inviteToProject', ->
 				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0

+		describe 'when the user invites themselves to the project', ->
+
+			beforeEach ->
+				@req.session.user = {_id: 'abc', email: 'me@example.com'}
+				@req.body.email = 'me@example.com'
+				@_checkShouldInviteEmail = sinon.stub(
+					@CollaboratorsInviteController, '_checkShouldInviteEmail'
+				).callsArgWith(1, null, true)
+				@LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, true)
+				@CollaboratorsInviteController.inviteToProject @req, @res, @next
+
+			afterEach ->
+				@_checkShouldInviteEmail.restore()
+
+			it 'should reject action, return json response with error code', ->
+				@res.json.callCount.should.equal 1
+				({invite: null, error: 'cannot_invite_self'}).should.deep.equal(@res.json.firstCall.args[0])
+
+			it 'should not have called canAddXCollaborators', ->
+				@LimitationsManager.canAddXCollaborators.callCount.should.equal 0
+
+			it 'should not have called _checkShouldInviteEmail', ->
+				@_checkShouldInviteEmail.callCount.should.equal 0
+
+			it 'should not have called inviteToProject', ->
+				@CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0
+
+			it 'should not have called emitToRoom', ->
+				@EditorRealTimeController.emitToRoom.callCount.should.equal 0
+
+
 	describe "viewInvite", ->

 		beforeEach ->