If project is not tokenBased, don't count members of token arrays

2024-11-21 20:47:08 -05:00 · 2017-10-06 15:57:22 +01:00 · 2017-10-06 15:57:22 +01:00 · 91abb6eed6
commit 91abb6eed6
parent 387854db7a
3 changed files with 10 additions and 6 deletions
--- a/services/web/app/coffee/Features/Collaborators/CollaboratorsHandler.coffee
+++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsHandler.coffee
@ -6,6 +6,7 @@ ContactManager = require "../Contacts/ContactManager"
 CollaboratorsEmailHandler = require "./CollaboratorsEmailHandler"
 async = require "async"
 PrivilegeLevels = require "../Authorization/PrivilegeLevels"
+PublicAccessLevels = require "../Authorization/PublicAccessLevels"
 Errors = require "../Errors/Errors"
 EmailHelper = require "../Helpers/EmailHelper"
 ProjectEditorHandler = require "../Project/ProjectEditorHandler"
@ -24,6 +25,7 @@ module.exports = CollaboratorsHandler =
 			readOnly_refs: 1,
 			tokenAccessReadOnly_refs: 1,
 			tokenAccessReadAndWrite_refs: 1
+			publicAccesLevel: 1
 		Project.findOne { _id: project_id }, projection, (error, project) ->
 			return callback(error) if error?
 			return callback new Errors.NotFoundError("no project found with id #{project_id}") if !project?
@ -32,13 +34,15 @@ module.exports = CollaboratorsHandler =
 			# read-and-write
 			for member_id in project.collaberator_refs or []
 				members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_AND_WRITE, source: Sources.INVITE }
-			for member_id in project.tokenAccessReadAndWrite_refs or []
-				members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_AND_WRITE, source: Sources.TOKEN }
+			if project.publicAccesLevel == PublicAccessLevels.TOKEN_BASED
+				for member_id in project.tokenAccessReadAndWrite_refs or []
+					members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_AND_WRITE, source: Sources.TOKEN }
 			# read-only
 			for member_id in project.readOnly_refs or []
 				members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_ONLY, source: Sources.INVITE }
-			for member_id in project.tokenAccessReadOnly_refs or []
-				members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_ONLY, source: Sources.TOKEN }
+			if project.publicAccesLevel == PublicAccessLevels.TOKEN_BASED
+				for member_id in project.tokenAccessReadOnly_refs or []
+					members.push { id: member_id.toString(), privilegeLevel: PrivilegeLevels.READ_ONLY, source: Sources.TOKEN }
 			return callback null, members

 	getMemberIds: (project_id, callback = (error, member_ids) ->) ->
--- a/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee
+++ b/services/web/app/coffee/Features/Project/ProjectTokenGenerator.coffee
@ -1,6 +1,5 @@
 module.exports = ProjectTokenGenerator =

-
 	readOnlyToken: () ->
 		length = 12
 		tokenAlpha = 'bcdfghjkmnpqrstvwxyz'
--- a/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsHandlerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsHandlerTests.coffee
@ -32,7 +32,8 @@ describe "CollaboratorsHandler", ->
 				@Project.findOne = sinon.stub()
 				@Project.findOne.withArgs(
 					{_id: @project_id},
-					{owner_ref: 1, collaberator_refs: 1, readOnly_refs: 1, tokenAccessReadOnly_refs: 1, tokenAccessReadAndWrite_refs: 1}
+					{owner_ref: 1, collaberator_refs: 1, readOnly_refs: 1,
+					tokenAccessReadOnly_refs: 1, tokenAccessReadAndWrite_refs: 1, publicAccesLevel: 1}
 				).yields(null, @project = {
 					owner_ref: [ "owner-ref" ]
 					readOnly_refs: [ "read-only-ref-1", "read-only-ref-2" ]