From acd926e2e0c906aac5893ccf463d6329ff8ad570 Mon Sep 17 00:00:00 2001
From: Eric Mc Sween <eric.mcsween@overleaf.com>
Date: Mon, 30 Sep 2019 09:26:27 -0400
Subject: [PATCH] Merge pull request #2178 from
 overleaf/sk-hide-ui-anon-read-only-token

Handle anonymous users when deciding to restrict view of the editor

GitOrigin-RevId: 617f7ef2c8cc34142a6b8187c467fadb90745863
---
 .../src/Features/Project/ProjectController.js   |  2 +-
 .../unit/src/Project/ProjectControllerTests.js  | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/services/web/app/src/Features/Project/ProjectController.js b/services/web/app/src/Features/Project/ProjectController.js
index ea0959a63d..7819844f1c 100644
--- a/services/web/app/src/Features/Project/ProjectController.js
+++ b/services/web/app/src/Features/Project/ProjectController.js
@@ -742,7 +742,7 @@ module.exports = ProjectController = {
               anonymousAccessToken: req._anonymousAccessToken,
               isTokenMember,
               isRestrictedTokenMember:
-                isTokenMember === true && privilegeLevel === 'readOnly',
+                privilegeLevel === 'readOnly' && (anonymous || isTokenMember),
               languages: Settings.languages,
               editorThemes: THEME_LIST,
               maxDocLength: Settings.max_doc_length,
diff --git a/services/web/test/unit/src/Project/ProjectControllerTests.js b/services/web/test/unit/src/Project/ProjectControllerTests.js
index 1268eb9ba7..6c0d069f70 100644
--- a/services/web/test/unit/src/Project/ProjectControllerTests.js
+++ b/services/web/test/unit/src/Project/ProjectControllerTests.js
@@ -814,7 +814,7 @@ describe('ProjectController', function() {
       return this.ProjectController.loadEditor(this.req, this.res)
     })
 
-    it('should set isRestrictedTokenMember to true under the right conditions', function(done) {
+    it('should set isRestrictedTokenMember to true when the user is accessing project via read-only token', function(done) {
       this.CollaboratorsHandler.userIsTokenMember.callsArgWith(2, null, true)
       this.AuthorizationManager.getPrivilegeLevelForProject.callsArgWith(
         3,
@@ -829,6 +829,21 @@ describe('ProjectController', function() {
       return this.ProjectController.loadEditor(this.req, this.res)
     })
 
+    it('should set isRestrictedTokenMember to true when anonymous read-only token access', function(done) {
+      this.CollaboratorsHandler.userIsTokenMember.callsArgWith(2, null, null)
+      this.AuthenticationController.isUserLoggedIn = sinon.stub().returns(false)
+      this.AuthorizationManager.getPrivilegeLevelForProject.callsArgWith(
+        3,
+        null,
+        'readOnly'
+      )
+      this.res.render = (pageName, opts) => {
+        opts.isRestrictedTokenMember.should.exist
+        opts.isRestrictedTokenMember.should.equal(true)
+        return done()
+      }
+      return this.ProjectController.loadEditor(this.req, this.res)
+    })
     it('should render the closed page if the editor is closed', function(done) {
       this.settings.editorIsOpen = false
       this.res.render = (pageName, opts) => {