agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-01 13:21:37 +02:00
Code Issues Packages Projects Releases Wiki Activity

[web] skip fetching members and invites for restricted users (#25673)

Browse Source 
* [web] hide sensitive data from joinProject when building project view

* [web] skip fetching members and invites for restricted users

* [web] fix owner features in joinProject view

* [web] separate invited members from owner

* [web] skip fetching users with empty members  list

* [web] split await chain

Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>

* [web] remove spurious parentheses

* [web] remove dead code

Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>

---------

Co-authored-by: Antoine Clausse <antoine.clausse@overleaf.com>
GitOrigin-RevId: 5b4d874f974971e9c14d7412620805f8ebf63541
This commit is contained in:
Jakob Ackermann
2025-06-02 13:38:40 +02:00
committed by Copybot
parent 93c221775e
commit b45ffbf055
6 changed files with 268 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

199
services/web/test/unit/src/Project/ProjectEditorHandlerTests.js
View File

@@ -8,6 +8,7 @@ describe('ProjectEditorHandler', function () {
beforeEach(function () {
this.project = {
_id: 'project-id',
owner_ref: 'owner-id',
name: 'Project Name',
rootDoc_id: 'file-id',
publicAccesLevel: 'private',
@@ -43,16 +44,19 @@ describe('ProjectEditorHandler', function () {
},
],
}
this.ownerMember = {
user: (this.owner = {
_id: 'owner-id',
first_name: 'Owner',
last_name: 'Overleaf',
email: 'owner@overleaf.com',
features: {
compileTimeout: 240,
},
}),
privilegeLevel: 'owner',
}
this.members = [
{
user: (this.owner = {
_id: 'owner-id',
first_name: 'Owner',
last_name: 'Overleaf',
email: 'owner@overleaf.com',
}),
privilegeLevel: 'owner',
},
{
user: {
_id: 'read-only-id',
@@ -96,8 +100,10 @@ describe('ProjectEditorHandler', function () {
beforeEach(function () {
this.result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
this.invites
this.invites,
false
)
})
@@ -206,6 +212,93 @@ describe('ProjectEditorHandler', function () {
expect(invite.token).not.to.exist
}
})
it('should have the correct features', function () {
expect(this.result.features.compileTimeout).to.equal(240)
})
})
describe('with a restricted user', function () {
beforeEach(function () {
this.result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
[],
[],
true
)
})
it('should include the id', function () {
expect(this.result._id).to.exist
this.result._id.should.equal('project-id')
})
it('should include the name', function () {
expect(this.result.name).to.exist
this.result.name.should.equal('Project Name')
})
it('should include the root doc id', function () {
expect(this.result.rootDoc_id).to.exist
this.result.rootDoc_id.should.equal('file-id')
})
it('should include the public access level', function () {
expect(this.result.publicAccesLevel).to.exist
this.result.publicAccesLevel.should.equal('private')
})
it('should hide the owner', function () {
expect(this.result.owner).to.deep.equal({ _id: 'owner-id' })
})
it('should hide members', function () {
this.result.members.length.should.equal(0)
})
it('should include folders in the project', function () {
this.result.rootFolder[0]._id.should.equal('root-folder-id')
this.result.rootFolder[0].name.should.equal('')
this.result.rootFolder[0].folders[0]._id.should.equal('sub-folder-id')
this.result.rootFolder[0].folders[0].name.should.equal('folder')
})
it('should not duplicate folder contents', function () {
this.result.rootFolder[0].docs.length.should.equal(0)
this.result.rootFolder[0].fileRefs.length.should.equal(0)
})
it('should include files in the project', function () {
this.result.rootFolder[0].folders[0].fileRefs[0]._id.should.equal(
'file-id'
)
this.result.rootFolder[0].folders[0].fileRefs[0].name.should.equal(
'image.png'
)
this.result.rootFolder[0].folders[0].fileRefs[0].created.should.equal(
this.created
)
expect(this.result.rootFolder[0].folders[0].fileRefs[0].size).not.to
.exist
})
it('should include docs in the project but not the lines', function () {
this.result.rootFolder[0].folders[0].docs[0]._id.should.equal('doc-id')
this.result.rootFolder[0].folders[0].docs[0].name.should.equal(
'main.tex'
)
expect(this.result.rootFolder[0].folders[0].docs[0].lines).not.to.exist
})
it('should hide invites', function () {
expect(this.result.invites).to.have.length(0)
})
it('should have the correct features', function () {
expect(this.result.features.compileTimeout).to.equal(240)
})
})
describe('deletedByExternalDataSource', function () {
@@ -213,8 +306,10 @@ describe('ProjectEditorHandler', function () {
delete this.project.deletedByExternalDataSource
const result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
[]
[],
false
)
result.deletedByExternalDataSource.should.equal(false)
})
@@ -222,8 +317,10 @@ describe('ProjectEditorHandler', function () {
it('should set the deletedByExternalDataSource flag to false when it is false', function () {
const result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
[]
[],
false
)
result.deletedByExternalDataSource.should.equal(false)
})
@@ -232,8 +329,10 @@ describe('ProjectEditorHandler', function () {
this.project.deletedByExternalDataSource = true
const result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
[]
[],
false
)
result.deletedByExternalDataSource.should.equal(true)
})
@@ -249,8 +348,10 @@ describe('ProjectEditorHandler', function () {
}
this.result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
[]
[],
false
)
})
@@ -278,8 +379,10 @@ describe('ProjectEditorHandler', function () {
}
this.result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
[]
[],
false
)
})
it('should not emit trackChangesState', function () {
@@ -302,8 +405,10 @@ describe('ProjectEditorHandler', function () {
this.project.track_changes = dbEntry
this.result = this.handler.buildProjectModelView(
this.project,
this.ownerMember,
this.members,
[]
[],
false
)
})
it(`should set trackChangesState=${expected}`, function () {
@@ -322,66 +427,4 @@ describe('ProjectEditorHandler', function () {
})
})
})
describe('buildOwnerAndMembersViews', function () {
beforeEach(function () {
this.owner.features = {
versioning: true,
collaborators: 3,
compileGroup: 'priority',
compileTimeout: 22,
}
this.result = this.handler.buildOwnerAndMembersViews(this.members)
})
it('should produce an object with the right keys', function () {
expect(this.result).to.have.all.keys([
'owner',
'ownerFeatures',
'members',
])
})
it('should separate the owner from the members', function () {
this.result.members.length.should.equal(this.members.length - 1)
expect(this.result.owner._id).to.equal(this.owner._id)
expect(this.result.owner.email).to.equal(this.owner.email)
expect(
this.result.members.filter(m => m._id === this.owner._id).length
).to.equal(0)
})
it('should extract the ownerFeatures from the owner object', function () {
expect(this.result.ownerFeatures).to.deep.equal(this.owner.features)
})
describe('when there is no owner', function () {
beforeEach(function () {
// remove the owner from members list
this.membersWithoutOwner = this.members.filter(
m => m.user._id !== this.owner._id
)
this.result = this.handler.buildOwnerAndMembersViews(
this.membersWithoutOwner
)
})
it('should produce an object with the right keys', function () {
expect(this.result).to.have.all.keys([
'owner',
'ownerFeatures',
'members',
])
})
it('should not separate out an owner', function () {
this.result.members.length.should.equal(this.membersWithoutOwner.length)
expect(this.result.owner).to.equal(null)
})
it('should not extract the ownerFeatures from the owner object', function () {
expect(this.result.ownerFeatures).to.equal(null)
})
})
})
})