From 82ddeab2bd20ff2dccd8daaf2efed3ae1bee8f29 Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Mon, 16 Jan 2017 13:45:01 +0000 Subject: [PATCH] If user tries to invite themselves to project, don't. --- .../CollaboratorsInviteController.coffee | 3 ++ .../web/app/views/project/editor/share.jade | 2 ++ .../CollaboratorsInviteControllerTests.coffee | 31 +++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee b/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee index 9d9f4d2a5e..460b62da1d 100644 --- a/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee +++ b/services/web/app/coffee/Features/Collaborators/CollaboratorsInviteController.coffee @@ -37,6 +37,9 @@ module.exports = CollaboratorsInviteController = email = req.body.email sendingUser = AuthenticationController.getSessionUser(req) sendingUserId = sendingUser._id + if email == sendingUser.email + logger.log {projectId, email, sendingUserId}, "cannot invite yourself to project" + return res.json {invite: null, error: 'cannot_invite_self'} logger.log {projectId, email, sendingUserId}, "inviting to project" LimitationsManager.canAddXCollaborators projectId, 1, (error, allowed) => return next(error) if error? diff --git a/services/web/app/views/project/editor/share.jade b/services/web/app/views/project/editor/share.jade index 62de414064..78fb69c333 100644 --- a/services/web/app/views/project/editor/share.jade +++ b/services/web/app/views/project/editor/share.jade @@ -144,6 +144,8 @@ script(type='text/ng-template', id='shareProjectModalTemplate') span(ng-switch="state.errorReason") span(ng-switch-when="cannot_invite_non_user") | #{translate("cannot_invite_non_user")} + span(ng-switch-when="cannot_invite_self") + | #{translate("cannot_invite_self")} span(ng-switch-default) | #{translate("generic_something_went_wrong")} button.btn.btn-default( diff --git a/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee b/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee index 28bf1ab6a2..cf398e69da 100644 --- a/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee +++ b/services/web/test/UnitTests/coffee/Collaborators/CollaboratorsInviteControllerTests.coffee @@ -255,6 +255,37 @@ describe "CollaboratorsInviteController", -> it 'should not have called inviteToProject', -> @CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0 + describe 'when the user invites themselves to the project', -> + + beforeEach -> + @req.session.user = {_id: 'abc', email: 'me@example.com'} + @req.body.email = 'me@example.com' + @_checkShouldInviteEmail = sinon.stub( + @CollaboratorsInviteController, '_checkShouldInviteEmail' + ).callsArgWith(1, null, true) + @LimitationsManager.canAddXCollaborators = sinon.stub().callsArgWith(2, null, true) + @CollaboratorsInviteController.inviteToProject @req, @res, @next + + afterEach -> + @_checkShouldInviteEmail.restore() + + it 'should reject action, return json response with error code', -> + @res.json.callCount.should.equal 1 + ({invite: null, error: 'cannot_invite_self'}).should.deep.equal(@res.json.firstCall.args[0]) + + it 'should not have called canAddXCollaborators', -> + @LimitationsManager.canAddXCollaborators.callCount.should.equal 0 + + it 'should not have called _checkShouldInviteEmail', -> + @_checkShouldInviteEmail.callCount.should.equal 0 + + it 'should not have called inviteToProject', -> + @CollaboratorsInviteHandler.inviteToProject.callCount.should.equal 0 + + it 'should not have called emitToRoom', -> + @EditorRealTimeController.emitToRoom.callCount.should.equal 0 + + describe "viewInvite", -> beforeEach ->