From 780acfdeb4cccda3c3967b2adf48bdd4c44f8034 Mon Sep 17 00:00:00 2001 From: Domagoj Kriskovic Date: Mon, 9 Dec 2024 17:42:55 +0100 Subject: [PATCH] [real-time] make sure reviewer has permissions to read a project (#22317) * added "review" in assertClientCanViewProject * test if reviewer can read project GitOrigin-RevId: 92a30f8b456bec9f0fc81a1361e454eecff838bd --- services/real-time/app/js/AuthorizationManager.js | 2 +- .../test/unit/js/AuthorizationManagerTests.js | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/services/real-time/app/js/AuthorizationManager.js b/services/real-time/app/js/AuthorizationManager.js index 01e99810bb..261e2e91ee 100644 --- a/services/real-time/app/js/AuthorizationManager.js +++ b/services/real-time/app/js/AuthorizationManager.js @@ -5,7 +5,7 @@ module.exports = AuthorizationManager = { assertClientCanViewProject(client, callback) { AuthorizationManager._assertClientHasPrivilegeLevel( client, - ['readOnly', 'readAndWrite', 'owner'], + ['readOnly', 'readAndWrite', 'review', 'owner'], callback ) }, diff --git a/services/real-time/test/unit/js/AuthorizationManagerTests.js b/services/real-time/test/unit/js/AuthorizationManagerTests.js index e2d296624a..57882eaacc 100644 --- a/services/real-time/test/unit/js/AuthorizationManagerTests.js +++ b/services/real-time/test/unit/js/AuthorizationManagerTests.js @@ -47,6 +47,17 @@ describe('AuthorizationManager', function () { ) }) + it('should allow the review privilegeLevel', function (done) { + this.client.ol_context.privilege_level = 'review' + return this.AuthorizationManager.assertClientCanViewProject( + this.client, + error => { + expect(error).to.be.null + return done() + } + ) + }) + it('should allow the owner privilegeLevel', function (done) { this.client.ol_context.privilege_level = 'owner' return this.AuthorizationManager.assertClientCanViewProject(