GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 03:14:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix failing test: update admin collection permission test

Browse Source 
The test was expecting admin users to bypass view-only collection permissions,
but the security fix now correctly prevents this bypass. Updated the test to
reflect the new expected behavior where admins respect collection-level
permission restrictions.
This commit is contained in:
codegen-sh[bot]
2025-10-31 01:18:02 +00:00
parent e93653eac5
commit 4d96382f09
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/policies/collection.test.ts
+4 -4
View File
@@ -49,7 +49,7 @@ describe("admin", () => {
expect(abilities.archive).toBeTruthy();
});
it("should allow updating documents in view only collection", async () => {
it("should respect view only collection permissions for admin", async () => {
const team = await buildTeam();
const user = await buildAdmin({
teamId: team.id,
@@ -64,9 +64,9 @@ describe("admin", () => {
});
const abilities = serialize(user, reloaded);
expect(abilities.readDocument).toBeTruthy();
expect(abilities.updateDocument).toBeTruthy();
expect(abilities.createDocument).toBeTruthy();
expect(abilities.share).toBeTruthy();
expect(abilities.updateDocument).toBe(false);
expect(abilities.createDocument).toBe(false);
expect(abilities.share).toBe(false);
expect(abilities.read).toBeTruthy();
expect(abilities.update).toBeTruthy();
expect(abilities.archive).toBeTruthy();